Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Wie entferne ich den Trojaner PUP.LoadTubes? (https://www.trojaner-board.de/125377-entferne-trojaner-pup-loadtubes.html)

Nadine47077 08.10.2012 19:41
Wie entferne ich den Trojaner PUP.LoadTubes?
 
Hallo, :-)

ich habe nach einem Scan mit Malewarebytes festgestellt, dass mein System mit dem o.g. Trojaner infiziert ist. Ich bin Forenneuling und Laie in PC-Dingen und hoffe, dass Ihr mir weiterhelfen könnt. Habe den Trojaner über Malewarebytes in Quarantäne gestellt. Kann ich die Datei ohne Schaden einfach löschen?

Logfile Malewarebytes:

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Naddel :: NADDEL-PC [Administrator]

Schutz: Aktiviert

07.10.2012 20:33:24
mbam-log-2012-10-07 (20-33-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426836
Laufzeit: 1 Stunde(n), 14 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

--------------------------------------------------------------------------

Logfile ESET:

C:\Users\Naddel\Downloads\registrybooster(1).exe Win32/RegistryBooster application

--------------------------------------------------------------------------

OLT.Text

OTL logfile created on: 08.10.2012 20:05:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Naddel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,85% Memory free
7,99 Gb Paging File | 6,23 Gb Available in Paging File | 77,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 360,51 Gb Total Space | 283,94 Gb Free Space | 78,76% Space Free | Partition Type: NTFS

Computer Name: NADDEL-PC | User Name: Naddel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.08 20:02:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Naddel\Downloads\OTL.exe
PRC - [2012.09.15 22:40:57 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.08 21:10:23 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:59:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 22:59:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2012.01.23 06:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.08.18 11:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.08.06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.31 18:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.03.26 14:14:32 | 000,910,896 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.03.26 14:14:02 | 000,149,040 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.03.26 13:41:32 | 001,185,328 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
PRC - [2001.11.20 12:51:28 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe


========== Modules (No Company Name) ==========

MOD - [2012.09.15 22:40:56 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.09.29 21:08:41 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2001.12.26 03:28:26 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.1\MOUDL32A.DLL
MOD - [2001.11.20 12:51:28 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe


========== Services (SafeList) ==========

SRV:64bit: - [2009.08.04 17:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.09.15 22:40:57 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 22:59:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:59:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.08.29 05:05:26 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.07.31 12:42:48 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd)
DRV:64bit: - [2012.07.31 12:42:48 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.07.31 12:42:48 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.05.08 22:59:13 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:59:13 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.25 08:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.05.25 08:45:38 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.04.27 04:25:22 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010.04.27 04:25:22 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus)
DRV:64bit: - [2010.04.27 04:25:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2009.09.21 05:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.08.21 11:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.08.04 18:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.27 09:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.18 14:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.01.14 18:55:38 | 000,092,672 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV - [2010.05.25 08:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.26 05:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110l325l0324z1m5t48k2c885
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110l325l0324z1m5t48k2c885
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110l325l0324z1m5t48k2c885
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110l325l0324z1m5t48k2c885
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110l325l0324z1m5t48k2c885
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE363
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.89
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..extensions.enabledItems: {d2f11d8b-3eb5-4b42-9511-370dbec707fb}:3.8.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.15 22:40:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.07 21:48:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.15 22:40:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.07 21:48:39 | 000,000,000 | ---D | M]

[2012.07.16 20:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naddel\AppData\Roaming\mozilla\Extensions
[2012.07.16 20:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naddel\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.10.06 23:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naddel\AppData\Roaming\mozilla\Firefox\Profiles\qhuddm4j.default\extensions
[2012.10.02 22:42:20 | 000,000,000 | ---D | M] (ChatZilla [de]) -- C:\Users\Naddel\AppData\Roaming\mozilla\Firefox\Profiles\qhuddm4j.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.07.29 20:52:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Naddel\AppData\Roaming\mozilla\Firefox\Profiles\qhuddm4j.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.10.06 23:19:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Naddel\AppData\Roaming\mozilla\Firefox\Profiles\qhuddm4j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.25 00:27:23 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Naddel\AppData\Roaming\mozilla\firefox\profiles\qhuddm4j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.20 00:11:20 | 000,000,933 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\mozilla\firefox\profiles\qhuddm4j.default\searchplugins\11-suche.xml
[2011.12.20 00:11:20 | 000,002,419 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\mozilla\firefox\profiles\qhuddm4j.default\searchplugins\englische-ergebnisse.xml
[2011.12.20 00:11:20 | 000,010,525 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\mozilla\firefox\profiles\qhuddm4j.default\searchplugins\gmx-suche.xml
[2012.10.02 22:44:22 | 000,001,056 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\mozilla\firefox\profiles\qhuddm4j.default\searchplugins\icqplugin.xml
[2011.12.20 00:11:20 | 000,002,457 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\mozilla\firefox\profiles\qhuddm4j.default\searchplugins\lastminute.xml
[2011.12.20 00:11:20 | 000,005,508 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\mozilla\firefox\profiles\qhuddm4j.default\searchplugins\webde-suche.xml
[2012.09.02 21:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.09.02 21:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.15 22:40:57 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.15 22:40:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.03 21:59:10 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Naddel\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Naddel\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Naddel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Naddel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.225 83.169.186.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C1DE6B8-A0F0-4B54-B96D-AA459B6F142B}: DhcpNameServer = 83.169.186.225 83.169.186.161
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{28640b58-da0c-11df-beb3-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{28640b58-da0c-11df-beb3-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{28640b60-da0c-11df-beb3-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{28640b60-da0c-11df-beb3-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{28640b84-da0c-11df-beb3-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{28640b84-da0c-11df-beb3-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{28640b89-da0c-11df-beb3-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{28640b89-da0c-11df-beb3-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{41b6c2f4-dc6b-11df-8655-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{41b6c2f4-dc6b-11df-8655-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{41b6c2fa-dc6b-11df-8655-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{41b6c2fa-dc6b-11df-8655-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{63ab1c56-da96-11df-8e87-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{63ab1c56-da96-11df-8e87-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{63ab1c5e-da96-11df-8e87-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{63ab1c5e-da96-11df-8e87-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c2d433ba-da14-11df-a822-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{c2d433ba-da14-11df-a822-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c2d433ca-da14-11df-a822-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{c2d433ca-da14-11df-a822-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autoch)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.07 22:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.07 20:32:11 | 000,000,000 | ---D | C] -- C:\Users\Naddel\AppData\Roaming\Malwarebytes
[2012.10.07 20:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.07 20:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.07 20:31:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.07 20:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.06 23:20:36 | 000,000,000 | ---D | C] -- C:\Users\Naddel\06.10.2012
[2012.09.12 21:24:40 | 000,000,000 | ---D | C] -- C:\Download
[2012.09.12 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\Naddel\Documents\My Videos
[2012.09.12 21:24:24 | 000,000,000 | ---D | C] -- C:\AllShare
[2012.09.12 20:47:01 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudserd.sys
[2012.09.12 20:47:01 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012.09.12 20:47:01 | 000,102,240 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012.09.12 20:39:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2009.10.03 04:24:40 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Users\Naddel\AppData\Local\*.tmp files -> C:\Users\Naddel\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.08 20:03:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.08 19:40:33 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.08 19:40:33 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.08 19:33:45 | 000,000,437 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.10.08 19:32:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.08 19:32:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.08 19:32:25 | 3219,632,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.07 20:31:52 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.25 22:07:49 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.25 22:07:49 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.25 22:07:49 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.25 22:07:49 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.25 22:07:49 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.21 00:39:49 | 000,004,727 | ---- | M] () -- C:\Users\Naddel\.recently-used.xbel
[2012.09.12 21:24:28 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[1 C:\Users\Naddel\AppData\Local\*.tmp files -> C:\Users\Naddel\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.07 20:31:52 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.21 00:39:49 | 000,004,727 | ---- | C] () -- C:\Users\Naddel\.recently-used.xbel
[2012.09.12 21:24:28 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2012.03.14 22:47:54 | 000,001,103 | ---- | C] () -- C:\Users\Naddel\Dokumente - Verknüpfung.lnk
[2011.08.02 21:43:36 | 000,000,000 | ---- | C] () -- C:\Users\Naddel\AppData\Local\{CC4B87DD-523E-4580-BBE1-02EB58B71CFF}
[2011.07.07 20:56:36 | 000,000,000 | ---- | C] () -- C:\Users\Naddel\AppData\Local\{E701835A-FC8C-429A-ACE0-534131EA8110}
[2011.06.19 10:52:15 | 000,000,000 | ---- | C] () -- C:\Users\Naddel\AppData\Local\{124BE094-8B09-4CE2-9470-1515B19D37DF}
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.02.17 23:42:23 | 000,068,287 | ---- | C] () -- C:\Users\Naddel\test.jpg
[2011.02.17 23:39:23 | 001,568,142 | ---- | C] () -- C:\Users\Naddel\Test.xcf
[2010.03.08 21:31:59 | 000,000,090 | ---- | C] () -- C:\Users\Naddel\AppData\Roaming\wklnhst.dat
[2010.01.27 00:03:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010.06.19 23:03:12 | 000,000,000 | -HSD | M] -- C:\Users\Naddel\AppData\Roaming\.#
[2010.10.08 21:54:02 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Alawar
[2010.06.19 21:58:12 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Awem
[2012.10.07 20:16:48 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\DVDVideoSoft
[2011.04.03 21:24:33 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.24 00:01:14 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\GameConsole
[2012.09.21 00:39:49 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\gtk-2.0
[2010.10.03 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Gutscheinmieze
[2012.05.17 23:23:58 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\ICQ
[2010.06.26 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\NPLUTO Corporation
[2010.05.01 22:00:08 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\PlayFirst
[2010.02.02 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\PowerCinema
[2012.10.07 21:52:32 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Samsung
[2010.02.28 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Skinux
[2010.02.02 22:08:41 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\SoftDMA
[2012.05.06 19:57:13 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Systweak
[2010.03.08 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Template
[2012.07.16 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\TomTom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >

--------------------------------------------------------------------------

Extra.txt

OTL Extras logfile created on: 08.10.2012 20:05:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Naddel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,85% Memory free
7,99 Gb Paging File | 6,23 Gb Available in Paging File | 77,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 360,51 Gb Total Space | 283,94 Gb Free Space | 78,76% Space Free | Partition Type: NTFS

Computer Name: NADDEL-PC | User Name: Naddel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AB4FF6-AED4-4456-9E35-3626C61E3E5D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{03A7CFE4-8096-4B73-89E0-849C80819519}" = lport=137 | protocol=17 | dir=in | app=system |
"{0E9A55E3-7855-4466-BD51-0E1660E3EFF8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{16976EA4-D63E-4C1E-9655-10F8BECC8D5A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{18DDEDDA-0AFA-4B54-94A6-3C3FAD46606D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1C153134-30D1-472E-89F5-DC1F3D369901}" = lport=445 | protocol=6 | dir=in | app=system |
"{1EC205FD-9914-44CD-93C3-11D4894D223E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{27D03E42-1221-4DE6-BA7F-BA3C9793A90E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2AE6CDC0-D4BA-4A24-9DA1-2014D1F3AF4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E452C0C-0B51-4C4E-8576-3AFE8BCF5330}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40D2CF4D-CD79-4893-B9E3-96C529A3038B}" = rport=139 | protocol=6 | dir=out | app=system |
"{41ADA698-C20F-4228-9CC7-A8FAB0882920}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{43B17C79-AFD6-4FD3-8322-FADE27CEB440}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{476F8D48-EA3D-4DB4-A70C-A5F21EC9B14A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5C6FFD13-C485-418E-B030-65585D5B8248}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68E80472-89D9-47FE-A29A-CC5855BB9E28}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{7341F7C5-D66A-429E-88EC-FBC6BDB56F59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{739AC140-417C-4A79-9568-E4516821919E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76614667-2F3B-4B03-9A2B-21FBA5EC0CCF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{770B630A-1F8A-47ED-BAE9-DCF40BDC8BF7}" = rport=2869 | protocol=6 | dir=out | app=system |
"{8ADE496E-DA28-4FF7-8A8B-939B8CE26078}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A2886A0F-FECD-4BCC-A9C7-0CB228CE7D91}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD8E1C7D-964F-4C00-A4BE-6D8E7D3B18A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{BCBBB1A5-64C6-4380-AF4D-03AA2A99A1A6}" = lport=139 | protocol=6 | dir=in | app=system |
"{C127540D-1244-4654-8AB3-476ED8A25398}" = lport=138 | protocol=17 | dir=in | app=system |
"{C4F42A5E-CA6B-441B-9948-10CFA9F3F89E}" = rport=445 | protocol=6 | dir=out | app=system |
"{E727E526-5270-4467-9FB2-E756037208D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E74840AD-EA35-4692-82E7-63DDD9B768DE}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE5D0D8F-835C-4814-9D04-74BE377447CF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F0528EEB-B606-4D50-83E4-DD990A07505B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F09C2BFF-FF83-4D2F-8D97-6D33265BE84E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F96F4800-35AD-43E9-9669-C53990F057CE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0427111B-7B3A-4291-B3B5-CBC4A29E0417}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{043DABD9-3E3F-4386-AB87-6C5CF6D9A3DF}" = protocol=58 | dir=in | app=system |
"{04E1F894-BE1A-403C-8347-FDA2482099BD}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{0A486E0D-6A56-4804-B90E-754F4D8214AF}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{19C30F3C-895E-4E58-A8D2-1408D793288C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BE5378D-F463-4C8F-B206-7343413D09EC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1EE2BABD-3BAD-4A1F-B992-EC12EF7F535A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{24FD35FA-291C-40DA-9D44-D2CB50B604B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{25D52B14-4DE9-4139-9210-E807F20CB28A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2974A15D-31D4-4CD1-B433-63F0F23E01A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{32D4313A-D163-49C2-B6AD-EA13CFCAC5C0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{33E67007-F03E-462B-8068-3902C52515E9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3D69E5D7-4441-40F0-A081-90CE49EBC8F7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3E8F1699-EA28-4137-A6DF-42387699BED3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3FE1B7E5-A2F5-491B-A540-381B3B0850AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4BBE54B2-CBC9-435A-BBC8-EEC62CB2073A}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{6391B84D-DBF9-42D0-89C5-24EEABFF2387}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{659AC7E9-1469-46C7-A926-5919B5257DA8}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{6A9ED789-F178-4AD6-8BBF-8EC4DB25EB76}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{74D5503C-2934-49DF-9986-6B12BFF8585A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{7DAB3744-0157-468D-B711-8EF1759A6F69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E84B284-CD0E-40E7-8B25-5CC3A2024CE0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E9121FF-11F3-4DCF-92C3-6AD111A5B75B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E962B6E-537C-4274-B174-6C74B54163AE}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{85D189FB-9F74-402F-9E7E-6873E5EB8939}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{877D1BE4-8CB8-47A4-A9F5-96A9BB11FA37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9077FAB1-7404-491A-8466-891F4FEA7672}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{920F15DB-5761-4D4E-8263-B269C5819EDF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{9554B1E5-2B35-4715-9DCE-7E444E3E6913}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{95DCF333-EFC9-4FBF-BC7D-355103CC2EA5}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{97558645-1DA9-4C54-9536-2553B06CD7F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9BB1D0F3-A65B-4318-B412-070117D9DD6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F290F70-AA06-42BC-892B-B8532A41ADC1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{AA72F6AE-85A3-430D-A283-CA5478BFF0BA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF67E004-F86E-4704-A8B0-3E85CCD3500A}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B0192226-1E84-4B97-A005-F74906F1EC59}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B220447F-8EB8-4DF8-A3B8-5B9664BC9C91}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B7DD8C05-C56B-4073-AC0E-31DE918AC8F6}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CBA19D1B-DCED-48C7-B172-5FE587698E72}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D2B5CF6B-50C1-4213-8A6A-99D753BFF2F2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D39606F8-3C1E-49D5-9CFC-57FC6DB36C46}" = protocol=6 | dir=out | app=system |
"{D6C006BA-25FF-4B9B-BE63-BB2C9630EAA9}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{DD2DA947-D057-45F9-8F30-5C4800CF1AC4}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{E1F946BA-801D-46AC-AC19-A598BEC4FD48}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E38A04A3-273D-4394-B244-EDECB6FFAF9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5EFC2F4-BB38-4BAF-A269-C49F3AF62523}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E693D91B-14C2-4639-98BF-D177B432C3F6}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{EA81DCCF-F5D1-4375-8AEA-FB4A0ECEE7E3}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{EC3C1577-3FA8-4E7B-95F7-46608D796D28}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{EFB3734B-6AB6-45CC-8614-D1F9160B0834}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F481074C-144E-48B7-B33A-547CDAD1FAD6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F991434A-4B66-4219-BCFA-3CD2946D9098}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FC5E8F81-032B-4703-8D0F-492010438D76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0B78516F-37DF-4F12-B678-BC2E7DDD77D5}C:\program files (x86)\driftcity\driftcity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\driftcity\driftcity.exe |
"TCP Query User{88757843-8A93-48D5-94E0-DC20A141A22C}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{92D95647-28C1-4EB1-BEDD-0F517A7E8725}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"TCP Query User{A0511E73-BF1B-4A59-9E1A-BAD5B7406A58}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"UDP Query User{646CD4A5-4DCC-4EFA-BA88-589CE114A9BA}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{7CFA1915-3B6F-4DC1-B1CD-E1ECE588ABD6}C:\program files (x86)\driftcity\driftcity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\driftcity\driftcity.exe |
"UDP Query User{89C9A857-B6E2-4141-B29B-4D9E9BB06430}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"UDP Query User{C1F80A6C-4A9D-48B7-AFA7-568752176A81}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D5F58C1-5295-57A6-54E9-10FD8F7B74D7}" = ccc-utility64
"{C5304802-5E11-D74F-813E-BAABDD870774}" = ATI Catalyst Install Manager
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E84C9B48-CF3C-5AB8-E915-5BE862F72142}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{016F0E63-E8C1-9A26-D806-C820243B2501}" = CCC Help Chinese Traditional
"{03C14EC9-0A8C-5385-0384-527500576CE5}" = CCC Help French
"{0AAA31D0-3A02-9A28-8EA4-E4E910DA0E01}" = CCC Help Greek
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1BA785B4-2FB8-9986-48D4-681D39B6B06F}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26C6F5FD-498A-0253-1F2C-1264AA286413}" = ccc-core-static
"{28625F12-BFF5-F584-06B1-DF07B5B06792}" = CCC Help Chinese Standard
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29C23BEA-990E-9149-5346-0474C04FC989}" = CCC Help German
"{2FA54B92-4617-46B2-900C-8D47B882C160}" = Catalyst Control Center Graphics Light
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F4B3036-9851-3464-5EBD-4204CAF3C178}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{508E957F-571E-1D76-1A22-E1DF7AB1165D}" = CCC Help Spanish
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FE72193-FB2D-8878-5A22-92E082922E35}" = CCC Help Thai
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{632465EC-7F49-EBB1-AB85-147C754FAC0C}" = Catalyst Control Center Core Implementation
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6C888A46-45BD-4B88-6466-247BCCD0A5D1}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81D4BCCC-D379-0D69-F1B6-67BA833B3379}" = CCC Help Korean
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{84191522-25EF-4303-3EDA-AD9FC5A903C3}" = CCC Help English
"{85011B6F-541B-EC6E-A28F-ACD0413873EF}" = CCC Help Finnish
"{8521E572-CADC-7810-FB71-31A2213081E9}" = CCC Help Polish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D12C14D-135E-0462-CE30-1290A3F7F733}" = Catalyst Control Center InstallProxy
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{93F56E58-2E87-6DB5-7B5F-C013B6124033}" = Catalyst Control Center Graphics Previews Vista
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DFCD3D9-4516-252A-C752-D54F3C4B6E22}" = CCC Help Portuguese
"{A1328CC1-BF51-EC63-0ECA-1A9E0F523B16}" = CCC Help Russian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{C8359BA0-A1CD-B5E9-B6EC-82B84C10F7C5}" = CCC Help Dutch
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB1C3622-6E88-430D-A287-957F436D1031}" = Nero BackItUp 2 Essentials
"{CF533D9D-A95B-6472-17B8-598277088A0F}" = Catalyst Control Center Localization All
"{DC87397A-C093-4BFC-1EAF-B6B48B535F95}" = CCC Help Norwegian
"{DCF6701A-CD53-F101-E774-233CA42931E3}" = CCC Help Turkish
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"{E35070A6-F1F1-22C2-0354-84D90B9038DE}" = Catalyst Control Center Graphics Full Existing
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E9946AA3-56E6-07D3-718C-F5F5861D97FA}" = CCC Help Hungarian
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F111A58E-9E91-756F-A551-0C3017A56A8B}" = CCC Help Danish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13B5718-D098-D368-CFEC-6EA0A1883B07}" = CCC Help Japanese
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FFB63D38-1F82-C7BB-8205-ED778DA45256}" = Catalyst Control Center Graphics Full New
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Browser Mouse Browser Mouse" = Browser Mouse Browser Mouse 1.1
"Cradle of Rome_is1" = Cradle of Rome
"DreamAqua" = Dream Aquarium
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.50
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"GridVista" = Acer GridVista
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Strike Ball 3_is1" = Strike Ball 3
"The Rise Of Atlantis_is1" = The Rise Of Atlantis
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DrKawashima" = Dr Kawashima
"Luka und der verborgene Schatz" = Luka und der verborgene Schatz

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03.10.2012 15:23:53 | Computer Name = Naddel-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 06.10.2012 20:09:40 | Computer Name = Naddel-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
Datei C:\Users\Naddel\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg.

[ACCESS_VIOLATION Exception!! EIP = 0x1606da2] Bitte Avira informieren und die
obige Datei übersenden!

Error - 07.10.2012 16:21:56 | Computer Name = Naddel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Naddel\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 07.10.2012 16:22:14 | Computer Name = Naddel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Naddel\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 07.10.2012 16:22:14 | Computer Name = Naddel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Naddel\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 07.10.2012 16:23:18 | Computer Name = Naddel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Naddel\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 07.10.2012 17:24:55 | Computer Name = Naddel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Naddel\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 07.10.2012 17:24:55 | Computer Name = Naddel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Naddel\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 07.10.2012 17:24:57 | Computer Name = Naddel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Naddel\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 08.10.2012 14:04:36 | Computer Name = Naddel-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1108 Startzeit:
01cda57f18ce0a78 Endzeit: 12 Anwendungspfad: C:\Users\Naddel\Downloads\OTL.exe Berichts-ID:


[ System Events ]
Error - 07.10.2012 15:49:58 | Computer Name = Naddel-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 07.10.2012 15:50:47 | Computer Name = Naddel-PC | Source = ipnathlp | ID = 34001
Description =

Error - 07.10.2012 15:50:47 | Computer Name = Naddel-PC | Source = ipnathlp | ID = 30013
Description =

Error - 08.10.2012 02:49:08 | Computer Name = Naddel-PC | Source = DCOM | ID = 10010
Description =

Error - 08.10.2012 02:49:14 | Computer Name = Naddel-PC | Source = ipnathlp | ID = 31004
Description =

Error - 08.10.2012 02:49:14 | Computer Name = Naddel-PC | Source = ipnathlp | ID = 31004
Description =

Error - 08.10.2012 02:49:17 | Computer Name = Naddel-PC | Source = ipnathlp | ID = 30013
Description =

Error - 08.10.2012 13:32:29 | Computer Name = Naddel-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 08.10.2012 13:33:45 | Computer Name = Naddel-PC | Source = ipnathlp | ID = 34001
Description =

Error - 08.10.2012 13:33:45 | Computer Name = Naddel-PC | Source = ipnathlp | ID = 30013
Description =


< End of report >

Ich hoffe Ihr könnt mir helfen und mir beschreiben wie ich genau weiter verfahren soll. Ich würde mich sehr freuen :-)

Ganz liebe Grüße

Nadine

P.S. Daumen hoch für Eure Hilfe. Ich finde so etwas ist nicht selbstverständlich. Danke :applaus:

cosinus 08.10.2012 20:18
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Nadine47077 09.10.2012 20:27
Hallo cosinus,

Danke für Deine Antwort. Ich habe nur dieses eine Log von Malewarebytes. Habe in der Vergangenheit nicht damit gescannt. Bisher nur dieses eine Mal, da mir auffiel, dass der PC plötzlich so langsam lief.

Liebe Grüße
Nadine

cosinus 09.10.2012 20:30

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Nadine47077 12.10.2012 18:13
Hallo cosinus,

nochmals Danke für Deine Hilfe. :-) Hier der gewünschte Log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b2953f263fdcd34d80ae449e14d71b35
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-07 09:21:58
# local_time=2012-10-07 11:21:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 30504481 30504481 0 0
# compatibility_mode=5893 16776573 100 94 0 101271377 0 0
# compatibility_mode=8192 67108863 100 0 127 127 0 0
# scanned=98453
# found=0
# cleaned=0
# scan_time=3391
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b2953f263fdcd34d80ae449e14d71b35
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-07 11:53:03
# local_time=2012-10-08 01:53:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 30508196 30508196 0 0
# compatibility_mode=5893 16776573 100 94 0 101275092 0 0
# compatibility_mode=8192 67108863 100 0 3842 3842 0 0
# scanned=207609
# found=1
# cleaned=0
# scan_time=8742
C:\Users\Naddel\Downloads\registrybooster(1).exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b2953f263fdcd34d80ae449e14d71b35
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-11 12:16:32
# local_time=2012-10-11 02:16:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 30770463 30770463 0 0
# compatibility_mode=5893 16776573 100 94 96499 101537359 0 0
# compatibility_mode=8192 67108863 100 0 266109 266109 0 0
# scanned=140830
# found=1
# cleaned=0
# scan_time=50283
C:\Users\Naddel\Downloads\registrybooster(1).exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b2953f263fdcd34d80ae449e14d71b35
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-11 09:59:27
# local_time=2012-10-11 11:59:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 30854816 30854816 0 0
# compatibility_mode=5893 16776573 100 94 180852 101621712 0 0
# compatibility_mode=8192 67108863 100 0 350462 350462 0 0
# scanned=16347
# found=0
# cleaned=0
# scan_time=905
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b2953f263fdcd34d80ae449e14d71b35
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-12 08:16:45
# local_time=2012-10-12 10:16:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 30855776 30855776 0 0
# compatibility_mode=5893 16776573 100 94 181812 101622672 0 0
# compatibility_mode=8192 67108863 100 0 351422 351422 0 0
# scanned=214218
# found=1
# cleaned=0
# scan_time=36983
C:\Users\Naddel\Downloads\registrybooster(1).exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
Ich hoffe, der Scan hilft Dir weiter.

Vielen Dank und liebe Grüße
Nadine

cosinus 12.10.2012 19:39
Code:
C:\Users\Naddel\Downloads\registrybooster(1).exe
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.


adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Nadine47077 14.10.2012 21:39
Hallo cosinus,

vielen Dank für Deine Hinweise. Man lernt ja nie aus. :wtf: Hier die gewünscht Logdatei:

Code:
# AdwCleaner v2.005 - Datei am 14/10/2012 um 22:30:59 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Naddel - NADDEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Naddel\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : ICQ Service

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Naddel\AppData\Roaming\Mozilla\Firefox\Profiles\qhuddm4j.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Naddel\AppData\Local\Temp\boost_interprocess
Ordner Gefunden : C:\Users\Naddel\AppData\Roaming\Mozilla\Firefox\Profiles\qhuddm4j.default\Conduit
Ordner Gefunden : C:\Users\Naddel\AppData\Roaming\Mozilla\Firefox\Profiles\qhuddm4j.default\ConduitCommon
Ordner Gefunden : C:\Users\Naddel\AppData\Roaming\Mozilla\Firefox\Profiles\qhuddm4j.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-229999014-1990505316-589686378-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-229999014-1990505316-589686378-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Naddel\AppData\Roaming\Mozilla\Firefox\Profiles\qhuddm4j.default\prefs.js

Gefunden : user_pref("CT2644243..clientLogIsEnabled", true);
Gefunden : user_pref("CT2644243..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2644243..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2644243.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2644243.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2644243.AppTrackingLastCheckTime", "Mon Nov 14 2011 20:22:05 GMT+0100");
Gefunden : user_pref("CT2644243.BrowserCompStateIsOpen_129593580411002183", true);
Gefunden : user_pref("CT2644243.CTID", "CT2644243");
Gefunden : user_pref("CT2644243.CurrentServerDate", "21-1-2012");
Gefunden : user_pref("CT2644243.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2644243.DialogsGetterLastCheckTime", "Fri Jan 20 2012 23:54:35 GMT+0100");
Gefunden : user_pref("CT2644243.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Gefunden : user_pref("CT2644243.ExternalComponentPollDate129194282674469409", "Fri Jan 20 2012 23:54:33 GMT+010[...]
Gefunden : user_pref("CT2644243.ExternalComponentPollDate129194282677438199", "Fri Jan 20 2012 23:54:33 GMT+010[...]
Gefunden : user_pref("CT2644243.FirstServerDate", "9-10-2010");
Gefunden : user_pref("CT2644243.FirstTime", true);
Gefunden : user_pref("CT2644243.FirstTimeFF3", true);
Gefunden : user_pref("CT2644243.FixPageNotFoundErrors", false);
Gefunden : user_pref("CT2644243.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2644243.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2644243.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2644243.HomePageProtectorEnabled", false);
Gefunden : user_pref("CT2644243.Initialize", true);
Gefunden : user_pref("CT2644243.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2644243.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2644243.InstalledDate", "Sat Oct 09 2010 22:21:56 GMT+0200");
Gefunden : user_pref("CT2644243.InvalidateCache", false);
Gefunden : user_pref("CT2644243.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2644243.IsGrouping", false);
Gefunden : user_pref("CT2644243.IsMulticommunity", false);
Gefunden : user_pref("CT2644243.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2644243.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2644243.LanguagePackLastCheckTime", "Fri Jan 20 2012 23:54:34 GMT+0100");
Gefunden : user_pref("CT2644243.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2644243.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2644243.LastLogin_3.1.0.12", "Fri Dec 24 2010 22:16:14 GMT+0100");
Gefunden : user_pref("CT2644243.LastLogin_3.2.5.2", "Sun Mar 27 2011 21:21:58 GMT+0200");
Gefunden : user_pref("CT2644243.LastLogin_3.3.3.2", "Mon Aug 22 2011 21:20:14 GMT+0200");
Gefunden : user_pref("CT2644243.LastLogin_3.6.0.10", "Tue Nov 08 2011 23:19:38 GMT+0100");
Gefunden : user_pref("CT2644243.LastLogin_3.8.0.8", "Mon Nov 14 2011 20:21:56 GMT+0100");
Gefunden : user_pref("CT2644243.LastLogin_3.9.0.3", "Fri Jan 20 2012 23:54:34 GMT+0100");
Gefunden : user_pref("CT2644243.LatestVersion", "3.9.0.3");
Gefunden : user_pref("CT2644243.Locale", "en-us");
Gefunden : user_pref("CT2644243.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2644243.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2644243.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2644243.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2644243.RadioIsPodcast", false);
Gefunden : user_pref("CT2644243.RadioLastCheckTime", "Fri Jan 20 2012 23:54:37 GMT+0100");
Gefunden : user_pref("CT2644243.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2644243.RadioLastUpdateServer", "3");
Gefunden : user_pref("CT2644243.RadioMediaID", "8559");
Gefunden : user_pref("CT2644243.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2644243.RadioMenuSelectedID", "EBRadioMenu_CT2644243_RECENT8559");
Gefunden : user_pref("CT2644243.RadioShrinked", "expanded");
Gefunden : user_pref("CT2644243.RadioStationName", "Radio%20Gong%2096%2C3");
Gefunden : user_pref("CT2644243.RadioStationURL", "hxxp://www.radiogong.de/live/live.m3u");
Gefunden : user_pref("CT2644243.RadioVolume", "90");
Gefunden : user_pref("CT2644243.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2644243.SearchBoxWidth", 139);
Gefunden : user_pref("CT2644243.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2644243.SearchEngineBeforeUnload", "foxsearch");
Gefunden : user_pref("CT2644243.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2644243.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...]
Gefunden : user_pref("CT2644243.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2644243.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2644243.SearchInNewTabLastCheckTime", "Fri Jan 20 2012 23:54:35 GMT+0100");
Gefunden : user_pref("CT2644243.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2644243.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gefunden : user_pref("CT2644243.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2644243.SearchProtectorEnabled", false);
Gefunden : user_pref("CT2644243.SearchProtectorToolbarDisabled", false);
Gefunden : user_pref("CT2644243.ServiceMapLastCheckTime", "Fri Jan 20 2012 23:54:34 GMT+0100");
Gefunden : user_pref("CT2644243.SettingsLastCheckTime", "Fri Jan 20 2012 23:54:33 GMT+0100");
Gefunden : user_pref("CT2644243.SettingsLastUpdate", "1327080121");
Gefunden : user_pref("CT2644243.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2644243.ThirdPartyComponentsLastCheck", "Fri Jan 20 2012 23:54:33 GMT+0100");
Gefunden : user_pref("CT2644243.ThirdPartyComponentsLastUpdate", "1312887586");
Gefunden : user_pref("CT2644243.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2644243");
Gefunden : user_pref("CT2644243.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2644243.Uninstall", true);
Gefunden : user_pref("CT2644243.UserID", "UN58819315161935831");
Gefunden : user_pref("CT2644243.ValidationData_Search", 0);
Gefunden : user_pref("CT2644243.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2644243.WeatherNetwork", "");
Gefunden : user_pref("CT2644243.WeatherPollDate", "Sat Jan 21 2012 00:54:38 GMT+0100");
Gefunden : user_pref("CT2644243.WeatherUnit", "C");
Gefunden : user_pref("CT2644243.alertChannelId", "1036928");
Gefunden : user_pref("CT2644243.approveUntrustedApps", false);
Gefunden : user_pref("CT2644243.backendstorage.cbfirsttime", "5765642053657020323820323031312032323A33383A35332[...]
Gefunden : user_pref("CT2644243.backendstorage.url_history", "687474703A2F2F7777772E6D6F7A696C6C612E6F72672F646[...]
Gefunden : user_pref("CT2644243.backendstorage.url_history_time", "31333231323939303435373736");
Gefunden : user_pref("CT2644243.clientLogIsEnabled", false);
Gefunden : user_pref("CT2644243.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2644243.components.1000034", false);
Gefunden : user_pref("CT2644243.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2644243.globalFirstTimeInfoLastCheckTime", "Fri Jan 20 2012 23:54:35 GMT+0100");
Gefunden : user_pref("CT2644243.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2644243.initDone", true);
Gefunden : user_pref("CT2644243.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2644243.myStuffEnabled", true);
Gefunden : user_pref("CT2644243.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2644243.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2644243.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2644243.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2644243.oldAppsList", "129194282673219393,129194282674469408,111,129194282677906952,129[...]
Gefunden : user_pref("CT2644243.revertSettingsEnabled", true);
Gefunden : user_pref("CT2644243.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2644243.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2644243.testingCtid", "");
Gefunden : user_pref("CT2644243.toolbarAppMetaDataLastCheckTime", "Fri Jan 20 2012 23:54:34 GMT+0100");
Gefunden : user_pref("CT2644243.toolbarContextMenuLastCheckTime", "Fri Jan 20 2012 23:54:34 GMT+0100");
Gefunden : user_pref("CT2644243.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CT2644243.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=1036928&fid=1032639", "\"0\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1036928/1032639/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2644243", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2644243",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2644243&octid=[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/?ctid=CT2644243&octid=CT[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2644243/CT2644243[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/maxi.gif[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play_min[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Gefunden : user_pref("CommunityToolbar.EngineOwner", "");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "{d2f11d8b-3eb5-4b42-9511-370dbec707fb}");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "oryte_games_1.15");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", true);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Naddel\\AppData\\Roaming\\Mozilla\\[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://cdn.tictacti.com/widgets/WidgetView.html?[...]
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://oryte.com/content/games/mario/marioplayer[...]
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://oryte.com/mochigadget", "422x159");
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2644243");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{d2f11d8b-3eb5-4b42-9511-370dbec707fb}");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "oryte_games_1.15");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.finduny.com?client=mozilla-fi[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2644243");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2644243");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 28 2011 22:30:57 GMT+02[...]
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Aug 22 2011 21:20:23 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Aug 22 2011 21:20:13 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "26d11e19-fdda-4632-ac53-6c78423ed274");
Gefunden : user_pref("CommunityToolbar.facebook.sessionKey", "2.bydi3LJVtGtObZLGkcbrAQ__.86400.1289167200-10000[...]
Gefunden : user_pref("CommunityToolbar.facebook.sessionSecret", "kTfTAxDaKveVxYuMn0rqHg__");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 20 2012 23:54:33 GMT+0100");
Gefunden : user_pref("CommunityToolbar.facebook.userId", "100001617362845");
Gefunden : user_pref("CommunityToolbar.globalUserId", "b30a852d-df52-43f9-8d2d-2cf90eedefb2");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.killedEngine", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Nov 11 2011 19:33:5[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Nov 14 2011 20:22:04 GMT+010[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Nov 14 2011 20:21:56 GMT+0100");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "564f56f2-e25d-4519-8109-78cc3960f9b2");
Gefunden : user_pref("CommunityToolbar.undefined", "");

Profilname : default
Datei : C:\Users\Administrator.Naddel-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9edv98sc.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Naddel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [21985 octets] - [14/10/2012 22:30:59]

########## EOF - C:\AdwCleaner[R1].txt - [22046 octets] ##########
Liebe Grüße
Nadine

cosinus 15.10.2012 13:18
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Nadine47077 15.10.2012 20:05
Hallo cosinus,

habe alles wie gewünscht erledigt. :-)

Die Logdatei:

Code:
# AdwCleaner v2.005 - Datei am 15/10/2012 um 20:56:56 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Naddel - NADDEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Naddel\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : ICQ Service

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Naddel\AppData\Roaming\Mozilla\Firefox\Profiles\qhuddm4j.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Naddel\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\Naddel\AppData\Roaming\Mozilla\Firefox\Profiles\qhuddm4j.default\Conduit
Ordner Gelöscht : C:\Users\Naddel\AppData\Roaming\Mozilla\Firefox\Profiles\qhuddm4j.default\ConduitCommon
Ordner Gelöscht : C:\Users\Naddel\AppData\Roaming\Mozilla\Firefox\Profiles\qhuddm4j.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Naddel\AppData\Roaming\Mozilla\Firefox\Profiles\qhuddm4j.default\prefs.js

C:\Users\Naddel\AppData\Roaming\Mozilla\Firefox\Profiles\qhuddm4j.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2644243..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2644243..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2644243..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2644243.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2644243.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2644243.AppTrackingLastCheckTime", "Mon Nov 14 2011 20:22:05 GMT+0100");
Gelöscht : user_pref("CT2644243.BrowserCompStateIsOpen_129593580411002183", true);
Gelöscht : user_pref("CT2644243.CTID", "CT2644243");
Gelöscht : user_pref("CT2644243.CurrentServerDate", "21-1-2012");
Gelöscht : user_pref("CT2644243.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2644243.DialogsGetterLastCheckTime", "Fri Jan 20 2012 23:54:35 GMT+0100");
Gelöscht : user_pref("CT2644243.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Gelöscht : user_pref("CT2644243.ExternalComponentPollDate129194282674469409", "Fri Jan 20 2012 23:54:33 GMT+010[...]
Gelöscht : user_pref("CT2644243.ExternalComponentPollDate129194282677438199", "Fri Jan 20 2012 23:54:33 GMT+010[...]
Gelöscht : user_pref("CT2644243.FirstServerDate", "9-10-2010");
Gelöscht : user_pref("CT2644243.FirstTime", true);
Gelöscht : user_pref("CT2644243.FirstTimeFF3", true);
Gelöscht : user_pref("CT2644243.FixPageNotFoundErrors", false);
Gelöscht : user_pref("CT2644243.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2644243.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2644243.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2644243.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2644243.Initialize", true);
Gelöscht : user_pref("CT2644243.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2644243.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2644243.InstalledDate", "Sat Oct 09 2010 22:21:56 GMT+0200");
Gelöscht : user_pref("CT2644243.InvalidateCache", false);
Gelöscht : user_pref("CT2644243.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2644243.IsGrouping", false);
Gelöscht : user_pref("CT2644243.IsMulticommunity", false);
Gelöscht : user_pref("CT2644243.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2644243.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2644243.LanguagePackLastCheckTime", "Fri Jan 20 2012 23:54:34 GMT+0100");
Gelöscht : user_pref("CT2644243.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2644243.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2644243.LastLogin_3.1.0.12", "Fri Dec 24 2010 22:16:14 GMT+0100");
Gelöscht : user_pref("CT2644243.LastLogin_3.2.5.2", "Sun Mar 27 2011 21:21:58 GMT+0200");
Gelöscht : user_pref("CT2644243.LastLogin_3.3.3.2", "Mon Aug 22 2011 21:20:14 GMT+0200");
Gelöscht : user_pref("CT2644243.LastLogin_3.6.0.10", "Tue Nov 08 2011 23:19:38 GMT+0100");
Gelöscht : user_pref("CT2644243.LastLogin_3.8.0.8", "Mon Nov 14 2011 20:21:56 GMT+0100");
Gelöscht : user_pref("CT2644243.LastLogin_3.9.0.3", "Fri Jan 20 2012 23:54:34 GMT+0100");
Gelöscht : user_pref("CT2644243.LatestVersion", "3.9.0.3");
Gelöscht : user_pref("CT2644243.Locale", "en-us");
Gelöscht : user_pref("CT2644243.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2644243.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2644243.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2644243.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2644243.RadioIsPodcast", false);
Gelöscht : user_pref("CT2644243.RadioLastCheckTime", "Fri Jan 20 2012 23:54:37 GMT+0100");
Gelöscht : user_pref("CT2644243.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2644243.RadioLastUpdateServer", "3");
Gelöscht : user_pref("CT2644243.RadioMediaID", "8559");
Gelöscht : user_pref("CT2644243.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2644243.RadioMenuSelectedID", "EBRadioMenu_CT2644243_RECENT8559");
Gelöscht : user_pref("CT2644243.RadioShrinked", "expanded");
Gelöscht : user_pref("CT2644243.RadioStationName", "Radio%20Gong%2096%2C3");
Gelöscht : user_pref("CT2644243.RadioStationURL", "hxxp://www.radiogong.de/live/live.m3u");
Gelöscht : user_pref("CT2644243.RadioVolume", "90");
Gelöscht : user_pref("CT2644243.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2644243.SearchBoxWidth", 139);
Gelöscht : user_pref("CT2644243.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2644243.SearchEngineBeforeUnload", "foxsearch");
Gelöscht : user_pref("CT2644243.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2644243.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...]
Gelöscht : user_pref("CT2644243.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2644243.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2644243.SearchInNewTabLastCheckTime", "Fri Jan 20 2012 23:54:35 GMT+0100");
Gelöscht : user_pref("CT2644243.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2644243.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2644243.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2644243.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2644243.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2644243.ServiceMapLastCheckTime", "Fri Jan 20 2012 23:54:34 GMT+0100");
Gelöscht : user_pref("CT2644243.SettingsLastCheckTime", "Fri Jan 20 2012 23:54:33 GMT+0100");
Gelöscht : user_pref("CT2644243.SettingsLastUpdate", "1327080121");
Gelöscht : user_pref("CT2644243.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2644243.ThirdPartyComponentsLastCheck", "Fri Jan 20 2012 23:54:33 GMT+0100");
Gelöscht : user_pref("CT2644243.ThirdPartyComponentsLastUpdate", "1312887586");
Gelöscht : user_pref("CT2644243.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2644243");
Gelöscht : user_pref("CT2644243.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2644243.Uninstall", true);
Gelöscht : user_pref("CT2644243.UserID", "UN58819315161935831");
Gelöscht : user_pref("CT2644243.ValidationData_Search", 0);
Gelöscht : user_pref("CT2644243.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2644243.WeatherNetwork", "");
Gelöscht : user_pref("CT2644243.WeatherPollDate", "Sat Jan 21 2012 00:54:38 GMT+0100");
Gelöscht : user_pref("CT2644243.WeatherUnit", "C");
Gelöscht : user_pref("CT2644243.alertChannelId", "1036928");
Gelöscht : user_pref("CT2644243.approveUntrustedApps", false);
Gelöscht : user_pref("CT2644243.backendstorage.cbfirsttime", "5765642053657020323820323031312032323A33383A35332[...]
Gelöscht : user_pref("CT2644243.backendstorage.url_history", "687474703A2F2F7777772E6D6F7A696C6C612E6F72672F646[...]
Gelöscht : user_pref("CT2644243.backendstorage.url_history_time", "31333231323939303435373736");
Gelöscht : user_pref("CT2644243.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2644243.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2644243.components.1000034", false);
Gelöscht : user_pref("CT2644243.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2644243.globalFirstTimeInfoLastCheckTime", "Fri Jan 20 2012 23:54:35 GMT+0100");
Gelöscht : user_pref("CT2644243.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2644243.initDone", true);
Gelöscht : user_pref("CT2644243.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2644243.myStuffEnabled", true);
Gelöscht : user_pref("CT2644243.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2644243.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2644243.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2644243.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2644243.oldAppsList", "129194282673219393,129194282674469408,111,129194282677906952,129[...]
Gelöscht : user_pref("CT2644243.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2644243.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2644243.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2644243.testingCtid", "");
Gelöscht : user_pref("CT2644243.toolbarAppMetaDataLastCheckTime", "Fri Jan 20 2012 23:54:34 GMT+0100");
Gelöscht : user_pref("CT2644243.toolbarContextMenuLastCheckTime", "Fri Jan 20 2012 23:54:34 GMT+0100");
Gelöscht : user_pref("CT2644243.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2644243.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=1036928&fid=1032639", "\"0\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1036928/1032639/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2644243", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2644243",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2644243&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/?ctid=CT2644243&octid=CT[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2644243/CT2644243[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/maxi.gif[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play_min[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{d2f11d8b-3eb5-4b42-9511-370dbec707fb}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "oryte_games_1.15");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Naddel\\AppData\\Roaming\\Mozilla\\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://cdn.tictacti.com/widgets/WidgetView.html?[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://oryte.com/content/games/mario/marioplayer[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://oryte.com/mochigadget", "422x159");
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.tictacti.com/widgets/WidgetView.html?tagT[...]
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2644243");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{d2f11d8b-3eb5-4b42-9511-370dbec707fb}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "oryte_games_1.15");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.finduny.com?client=mozilla-fi[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2644243");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2644243");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 28 2011 22:30:57 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Aug 22 2011 21:20:23 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Aug 22 2011 21:20:13 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "26d11e19-fdda-4632-ac53-6c78423ed274");
Gelöscht : user_pref("CommunityToolbar.facebook.sessionKey", "2.bydi3LJVtGtObZLGkcbrAQ__.86400.1289167200-10000[...]
Gelöscht : user_pref("CommunityToolbar.facebook.sessionSecret", "kTfTAxDaKveVxYuMn0rqHg__");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 20 2012 23:54:33 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.facebook.userId", "100001617362845");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "b30a852d-df52-43f9-8d2d-2cf90eedefb2");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.killedEngine", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Nov 11 2011 19:33:5[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Nov 14 2011 20:22:04 GMT+010[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Nov 14 2011 20:21:56 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "564f56f2-e25d-4519-8109-78cc3960f9b2");
Gelöscht : user_pref("CommunityToolbar.undefined", "");

Profilname : default
Datei : C:\Users\Administrator.Naddel-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9edv98sc.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Naddel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [22108 octets] - [15/10/2012 20:53:18]
AdwCleaner[S1].txt - [21911 octets] - [15/10/2012 20:56:56]

########## EOF - C:\AdwCleaner[S1].txt - [21972 octets] ##########
Vielen Dank und liebe Grüße
Nadine

cosinus 16.10.2012 13:42
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Nadine47077 16.10.2012 20:58
Hallo cosinus,

der normale Modus geht wieder uneingeschränkt. Nach Nutzung des AwdCleaners fehlt ein Symbol auf dem Desktop. Ich weiß aber leider nicht mehr, welches Programm es war. Bin die einzelnen Ordner unter "alle Programme" durchgegangen. Dort ist alles vorhanden.

Liebe Grüße
Nadine

cosinus 17.10.2012 13:58
Mach bitte einen (neuen) CustomScan mit OTL - das Log davon nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Nadine47077 17.10.2012 22:19
Hallo,

hier ist der gewünschte Log:

Code:
OTL logfile created on: 17.10.2012 22:56:14 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Naddel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 72,23% Memory free
7,99 Gb Paging File | 6,58 Gb Available in Paging File | 82,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 360,51 Gb Total Space | 284,39 Gb Free Space | 78,89% Space Free | Partition Type: NTFS
 
Computer Name: NADDEL-PC | User Name: Naddel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.17 22:53:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Naddel\Desktop\OTL.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2012.01.23 06:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.08.18 11:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.08.06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.31 18:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.03.26 14:14:32 | 000,910,896 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.03.26 14:14:02 | 000,149,040 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.03.26 13:41:32 | 001,185,328 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
PRC - [2001.11.20 12:51:28 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2001.12.26 03:28:26 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.1\MOUDL32A.DLL
MOD - [2001.11.20 12:51:28 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.04 17:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.15 22:40:57 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.08.29 05:05:26 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.07.31 12:42:48 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd)
DRV:64bit: - [2012.07.31 12:42:48 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.07.31 12:42:48 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.25 08:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.05.25 08:45:38 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.04.27 04:25:22 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010.04.27 04:25:22 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus)
DRV:64bit: - [2010.04.27 04:25:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2009.09.21 05:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.08.21 11:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.08.04 18:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.27 09:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.18 14:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.01.14 18:55:38 | 000,092,672 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV - [2010.05.25 08:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.26 05:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110l325l0324z1m5t48k2c885
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110l325l0324z1m5t48k2c885
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110l325l0324z1m5t48k2c885
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110l325l0324z1m5t48k2c885
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-229999014-1990505316-589686378-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110l325l0324z1m5t48k2c885
IE - HKU\S-1-5-21-229999014-1990505316-589686378-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-229999014-1990505316-589686378-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-229999014-1990505316-589686378-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-229999014-1990505316-589686378-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE363
IE - HKU\S-1-5-21-229999014-1990505316-589686378-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-229999014-1990505316-589686378-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-229999014-1990505316-589686378-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.89
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..extensions.enabledItems: {d2f11d8b-3eb5-4b42-9511-370dbec707fb}:3.8.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.15 22:40:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.07 21:48:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.15 22:40:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.07 21:48:39 | 000,000,000 | ---D | M]
 
[2012.07.16 20:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naddel\AppData\Roaming\mozilla\Extensions
[2012.07.16 20:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naddel\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.10.15 20:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naddel\AppData\Roaming\mozilla\Firefox\Profiles\qhuddm4j.default\extensions
[2012.10.02 22:42:20 | 000,000,000 | ---D | M] (ChatZilla [de]) -- C:\Users\Naddel\AppData\Roaming\mozilla\Firefox\Profiles\qhuddm4j.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.10.06 23:19:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Naddel\AppData\Roaming\mozilla\Firefox\Profiles\qhuddm4j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.25 00:27:23 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Naddel\AppData\Roaming\mozilla\firefox\profiles\qhuddm4j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.20 00:11:20 | 000,000,933 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\mozilla\firefox\profiles\qhuddm4j.default\searchplugins\11-suche.xml
[2011.12.20 00:11:20 | 000,002,419 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\mozilla\firefox\profiles\qhuddm4j.default\searchplugins\englische-ergebnisse.xml
[2011.12.20 00:11:20 | 000,010,525 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\mozilla\firefox\profiles\qhuddm4j.default\searchplugins\gmx-suche.xml
[2011.12.20 00:11:20 | 000,002,457 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\mozilla\firefox\profiles\qhuddm4j.default\searchplugins\lastminute.xml
[2011.12.20 00:11:20 | 000,005,508 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\mozilla\firefox\profiles\qhuddm4j.default\searchplugins\webde-suche.xml
[2012.09.02 21:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.09.02 21:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.15 22:40:57 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.15 22:40:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.03 21:59:10 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Naddel\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-229999014-1990505316-589686378-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-229999014-1990505316-589686378-1000\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Naddel\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-229999014-1990505316-589686378-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-229999014-1990505316-589686378-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Naddel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Naddel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.225 83.169.186.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C1DE6B8-A0F0-4B54-B96D-AA459B6F142B}: DhcpNameServer = 83.169.186.225 83.169.186.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{802A150F-DC1C-47FE-9403-678AD21DDC4A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{28640b58-da0c-11df-beb3-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{28640b58-da0c-11df-beb3-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{28640b60-da0c-11df-beb3-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{28640b60-da0c-11df-beb3-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{28640b84-da0c-11df-beb3-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{28640b84-da0c-11df-beb3-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{28640b89-da0c-11df-beb3-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{28640b89-da0c-11df-beb3-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{41b6c2f4-dc6b-11df-8655-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{41b6c2f4-dc6b-11df-8655-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{41b6c2fa-dc6b-11df-8655-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{41b6c2fa-dc6b-11df-8655-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{63ab1c56-da96-11df-8e87-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{63ab1c56-da96-11df-8e87-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{63ab1c5e-da96-11df-8e87-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{63ab1c5e-da96-11df-8e87-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c2d433ba-da14-11df-a822-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{c2d433ba-da14-11df-a822-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c2d433ca-da14-11df-a822-002622712566}\Shell - "" = AutoRun
O33 - MountPoints2\{c2d433ca-da14-11df-a822-002622712566}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autoch)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: AllShareAgent - hkey= - key= - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig:64bit - StartUpReg: KiesPreload - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.17 22:53:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Naddel\Desktop\OTL.exe
[2012.10.16 21:47:10 | 000,000,000 | ---D | C] -- C:\Users\Naddel\AppData\Roaming\Avira
[2012.10.16 21:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.16 21:41:26 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.16 21:41:26 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.16 21:41:26 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.16 21:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.16 21:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.10.10 23:04:36 | 000,000,000 | ---D | C] -- C:\Users\Naddel\Neuer Ordner
[2012.10.07 22:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.07 20:32:11 | 000,000,000 | ---D | C] -- C:\Users\Naddel\AppData\Roaming\Malwarebytes
[2012.10.07 20:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.06 23:20:36 | 000,000,000 | ---D | C] -- C:\Users\Naddel\06.10.2012
[2009.10.03 04:24:40 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Users\Naddel\AppData\Local\*.tmp files -> C:\Users\Naddel\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.17 22:53:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Naddel\Desktop\OTL.exe
[2012.10.17 22:03:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.17 21:22:46 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 21:22:46 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 21:20:53 | 000,019,243 | ---- | M] () -- C:\Users\Naddel\Desktop\Winterspielplan 2012.ods
[2012.10.17 21:13:44 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.17 21:13:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.17 21:13:25 | 3219,632,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.16 21:41:40 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.15 20:52:50 | 000,538,941 | ---- | M] () -- C:\Users\Naddel\Desktop\adwcleaner.exe
[2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.09.25 22:07:49 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.25 22:07:49 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.25 22:07:49 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.25 22:07:49 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.25 22:07:49 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.09.21 00:39:49 | 000,004,727 | ---- | M] () -- C:\Users\Naddel\.recently-used.xbel
[1 C:\Users\Naddel\AppData\Local\*.tmp files -> C:\Users\Naddel\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.17 21:20:53 | 000,019,243 | ---- | C] () -- C:\Users\Naddel\Desktop\Winterspielplan 2012.ods
[2012.10.16 21:41:40 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.15 20:52:43 | 000,538,941 | ---- | C] () -- C:\Users\Naddel\Desktop\adwcleaner.exe
[2012.09.21 00:39:49 | 000,004,727 | ---- | C] () -- C:\Users\Naddel\.recently-used.xbel
[2012.03.14 22:47:54 | 000,001,103 | ---- | C] () -- C:\Users\Naddel\Dokumente - Verknüpfung.lnk
[2011.08.02 21:43:36 | 000,000,000 | ---- | C] () -- C:\Users\Naddel\AppData\Local\{CC4B87DD-523E-4580-BBE1-02EB58B71CFF}
[2011.07.07 20:56:36 | 000,000,000 | ---- | C] () -- C:\Users\Naddel\AppData\Local\{E701835A-FC8C-429A-ACE0-534131EA8110}
[2011.06.19 10:52:15 | 000,000,000 | ---- | C] () -- C:\Users\Naddel\AppData\Local\{124BE094-8B09-4CE2-9470-1515B19D37DF}
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.02.17 23:42:23 | 000,068,287 | ---- | C] () -- C:\Users\Naddel\test.jpg
[2011.02.17 23:39:23 | 001,568,142 | ---- | C] () -- C:\Users\Naddel\Test.xcf
[2010.03.08 21:31:59 | 000,000,090 | ---- | C] () -- C:\Users\Naddel\AppData\Roaming\wklnhst.dat
[2010.01.27 00:03:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.06.19 23:03:12 | 000,000,000 | -HSD | M] -- C:\Users\Naddel\AppData\Roaming\.#
[2010.10.08 21:54:02 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Alawar
[2010.06.19 21:58:12 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Awem
[2012.10.07 20:16:48 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\DVDVideoSoft
[2011.04.03 21:24:33 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.24 00:01:14 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\GameConsole
[2012.09.21 00:39:49 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\gtk-2.0
[2010.10.03 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Gutscheinmieze
[2012.05.17 23:23:58 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\ICQ
[2010.06.26 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\NPLUTO Corporation
[2010.05.01 22:00:08 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\PlayFirst
[2010.02.02 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\PowerCinema
[2012.10.07 21:52:32 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Samsung
[2010.02.28 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Skinux
[2010.02.02 22:08:41 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\SoftDMA
[2012.05.06 19:57:13 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Systweak
[2010.03.08 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Template
[2012.07.16 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\TomTom
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.06.19 23:03:12 | 000,000,000 | -HSD | M] -- C:\Users\Naddel\AppData\Roaming\.#
[2010.01.25 22:18:00 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Adobe
[2010.09.26 20:44:32 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Ahead
[2010.10.08 21:54:02 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Alawar
[2012.01.21 00:31:57 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Arcsoft
[2010.01.24 00:01:06 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\ATI
[2012.10.16 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Avira
[2010.06.19 21:58:12 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Awem
[2010.02.02 22:08:27 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\CyberLink
[2012.10.07 20:16:48 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\DVDVideoSoft
[2011.04.03 21:24:33 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.24 00:01:14 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\GameConsole
[2010.01.24 00:21:43 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Google
[2012.09.21 00:39:49 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\gtk-2.0
[2010.10.03 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Gutscheinmieze
[2012.05.17 23:23:58 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\ICQ
[2010.01.23 23:59:49 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Identities
[2010.01.24 00:00:23 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Macromedia
[2012.10.07 20:32:11 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Media Center Programs
[2012.07.24 23:33:16 | 000,000,000 | --SD | M] -- C:\Users\Naddel\AppData\Roaming\Microsoft
[2010.01.24 00:24:33 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Mozilla
[2010.06.26 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\NPLUTO Corporation
[2010.05.01 22:00:08 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\PlayFirst
[2010.02.02 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\PowerCinema
[2012.10.07 21:52:32 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Samsung
[2010.02.28 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Skinux
[2012.05.12 21:36:19 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Skype
[2012.05.12 21:35:56 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\skypePM
[2010.02.02 22:08:41 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\SoftDMA
[2012.05.06 19:57:13 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Systweak
[2010.03.08 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\Template
[2012.07.16 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Naddel\AppData\Roaming\TomTom
 
< %APPDATA%\*.exe /s >
[2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Naddel\AppData\Roaming\Gutscheinmieze\uninstall.exe
[2011.06.28 07:32:22 | 081,122,288 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2012.09.12 20:36:32 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe
[2012.07.16 06:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
[2012.07.16 06:23:58 | 000,278,968 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
[2012.06.26 09:04:30 | 000,320,000 | ---- | M] (Samsung) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesLogger.exe
[2012.07.16 06:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
[2012.06.26 09:03:34 | 000,182,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe
[2012.06.26 09:03:34 | 000,321,536 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe
[2012.07.16 06:19:36 | 000,717,312 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
[2012.07.16 06:24:02 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
[2012.06.26 09:03:16 | 000,106,960 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.06.26 09:03:16 | 000,101,328 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.07.16 06:24:04 | 000,183,736 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.07.16 06:24:06 | 003,742,648 | ---- | M] (Freeware) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
[2012.07.16 06:24:08 | 000,451,000 | ---- | M] (ml) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Updater\Kies.Update.exe
[2012.06.26 09:02:34 | 024,164,152 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.08.31 02:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2012.08.28 03:06:22 | 000,291,840 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAgent.exe
[2012.08.31 02:52:14 | 000,278,968 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2012.08.28 03:06:22 | 000,320,512 | ---- | M] (Samsung) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesLogger.exe
[2012.08.31 02:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2012.08.28 03:05:28 | 000,182,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe
[2012.08.28 03:05:28 | 000,322,048 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe
[2012.08.28 03:05:32 | 000,717,312 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2012.08.31 02:52:18 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2012.08.28 03:05:28 | 000,057,344 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\RegisterCOM.exe
[2012.08.28 03:05:14 | 000,106,960 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe
[2012.08.28 03:05:14 | 000,101,328 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe
[2012.08.31 02:52:20 | 000,183,736 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.08.31 02:52:22 | 000,021,432 | ---- | M] () -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2012.08.31 02:52:24 | 003,765,256 | ---- | M] (Freeware) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2012.08.31 02:52:26 | 000,593,848 | ---- | M] (ml) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Updater\Kies.Update.exe
[2012.08.28 03:04:28 | 024,177,352 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.07.16 06:24:08 | 000,451,000 | ---- | M] (ml) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.08.31 02:52:26 | 000,593,848 | ---- | M] (ml) -- C:\Users\Naddel\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >
Liebe Grüße
Nadine

cosinus 18.10.2012 09:26
Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Nadine47077 19.10.2012 20:09
Hallo cosinus,

die Logdatei wird geliefert:
Code:
# AdwCleaner v2.005 - Datei am 19/10/2012 um 21:05:49 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Naddel - NADDEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Naddel\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Naddel\AppData\Roaming\Mozilla\Firefox\Profiles\qhuddm4j.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default
Datei : C:\Users\Administrator.Naddel-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9edv98sc.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Naddel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [22108 octets] - [15/10/2012 20:53:18]
AdwCleaner[S1].txt - [22034 octets] - [15/10/2012 20:56:56]
AdwCleaner[R2].txt - [1212 octets] - [19/10/2012 21:05:49]

########## EOF - C:\AdwCleaner[R2].txt - [1272 octets] ##########
Liebe Grüße
Nadine

cosinus 21.10.2012 11:32
Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js - File not found
[2010.10.03 21:59:10 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Naddel\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\S-1-5-21-229999014-1990505316-589686378-1000\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Naddel\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-229999014-1990505316-589686378-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
:Files
C:\Users\Naddel\Downloads\registrybooster(1).exe
C:\ProgramData\FullRemove.exe
C:\Users\Naddel\AppData\Roaming\.#
C:\Users\Naddel\AppData\Roaming\Gutscheinmieze
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Nadine47077 21.10.2012 17:42
Hallo cosinus,

hier ist wieder Mal ein Logfile:

Code:
All processes killed
========== OTL ==========
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: gutscheinmieze@synatix-gmbh.de:1.03 removed from extensions.enabledItems
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Program Files (x86)\Mozilla Firefox\searchplugins\foxsearch.src moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ deleted successfully.
C:\Users\Naddel\AppData\Roaming\Gutscheinmieze\toolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-229999014-1990505316-589686378-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
File C:\Users\Naddel\AppData\Roaming\Gutscheinmieze\toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-229999014-1990505316-589686378-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:BB24555F deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
ADS C:\ProgramData\Temp:1D32EC29 deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
========== FILES ==========
C:\Users\Naddel\Downloads\registrybooster(1).exe moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
C:\Users\Naddel\AppData\Roaming\.# folder moved successfully.
C:\Users\Naddel\AppData\Roaming\Gutscheinmieze folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Naddel\Desktop\cmd.bat deleted successfully.
C:\Users\Naddel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: Administrator.Naddel-PC
->Temp folder emptied: 1598770 bytes
->Temporary Internet Files folder emptied: 2311611 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44076148 bytes
->Flash cache emptied: 880 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Naddel
->Temp folder emptied: 521889490 bytes
->Temporary Internet Files folder emptied: 1242768980 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 1153612016 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 213352 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 450243821 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 111912581 bytes
 
Total Files Cleaned = 3.366,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10212012_181946

Files\Folders moved on Reboot...
C:\Users\Naddel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Liebe Grüße
Nadine

cosinus 21.10.2012 20:30
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Nadine47077 22.10.2012 21:08
Hallo cosinus,

habe alles brav ausgeführt *zwinker*

Das Log. Es wurden zwei Threats gefunden:

Code:
21:59:46.0493 4904  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:59:46.0758 4904  ============================================================
21:59:46.0758 4904  Current date / time: 2012/10/22 21:59:46.0758
21:59:46.0758 4904  SystemInfo:
21:59:46.0758 4904 
21:59:46.0758 4904  OS Version: 6.1.7601 ServicePack: 1.0
21:59:46.0758 4904  Product type: Workstation
21:59:46.0758 4904  ComputerName: NADDEL-PC
21:59:46.0758 4904  UserName: Naddel
21:59:46.0758 4904  Windows directory: C:\Windows
21:59:46.0758 4904  System windows directory: C:\Windows
21:59:46.0758 4904  Running under WOW64
21:59:46.0758 4904  Processor architecture: Intel x64
21:59:46.0758 4904  Number of processors: 2
21:59:46.0758 4904  Page size: 0x1000
21:59:46.0758 4904  Boot type: Normal boot
21:59:46.0758 4904  ============================================================
21:59:49.0535 4904  Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:49.0535 4904  ============================================================
21:59:49.0535 4904  \Device\Harddisk0\DR0:
21:59:49.0535 4904  MBR partitions:
21:59:49.0535 4904  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
21:59:49.0535 4904  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x2D103984
21:59:49.0535 4904  ============================================================
21:59:49.0551 4904  C: <-> \Device\Harddisk0\DR0\Partition2
21:59:49.0551 4904  ============================================================
21:59:49.0551 4904  Initialize success
21:59:49.0551 4904  ============================================================
22:01:23.0697 2920  ============================================================
22:01:23.0697 2920  Scan started
22:01:23.0697 2920  Mode: Manual; SigCheck; TDLFS;
22:01:23.0697 2920  ============================================================
22:01:25.0023 2920  ================ Scan system memory ========================
22:01:25.0023 2920  System memory - ok
22:01:25.0038 2920  ================ Scan services =============================
22:01:25.0272 2920  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:01:25.0382 2920  1394ohci - ok
22:01:25.0460 2920  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:01:25.0491 2920  ACDaemon - ok
22:01:25.0569 2920  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:01:25.0600 2920  ACPI - ok
22:01:25.0631 2920  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
22:01:25.0740 2920  AcpiPmi - ok
22:01:25.0818 2920  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
22:01:25.0865 2920  adp94xx - ok
22:01:25.0896 2920  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
22:01:25.0928 2920  adpahci - ok
22:01:25.0943 2920  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
22:01:25.0959 2920  adpu320 - ok
22:01:25.0990 2920  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
22:01:26.0115 2920  AeLookupSvc - ok
22:01:26.0240 2920  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
22:01:26.0318 2920  AFD - ok
22:01:26.0349 2920  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:01:26.0380 2920  agp440 - ok
22:01:26.0396 2920  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
22:01:26.0489 2920  ALG - ok
22:01:26.0520 2920  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:01:26.0536 2920  aliide - ok
22:01:26.0567 2920  [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:01:26.0661 2920  AMD External Events Utility - ok
22:01:26.0692 2920  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:01:26.0723 2920  amdide - ok
22:01:26.0754 2920  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
22:01:26.0848 2920  AmdK8 - ok
22:01:26.0848 2920  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:01:26.0895 2920  AmdPPM - ok
22:01:26.0942 2920  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
22:01:26.0957 2920  amdsata - ok
22:01:27.0004 2920  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:01:27.0020 2920  amdsbs - ok
22:01:27.0035 2920  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
22:01:27.0051 2920  amdxata - ok
22:01:27.0316 2920  [ 98A8B7D168D035FEFDEFA18F759115F6 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:01:27.0347 2920  AntiVirSchedulerService - ok
22:01:27.0425 2920  [ AAACAE485AE81D0A449FBC754880C791 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:01:27.0441 2920  AntiVirService - ok
22:01:27.0488 2920  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
22:01:27.0690 2920  AppID - ok
22:01:27.0706 2920  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:01:27.0784 2920  AppIDSvc - ok
22:01:27.0815 2920  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
22:01:27.0893 2920  Appinfo - ok
22:01:27.0909 2920  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
22:01:27.0924 2920  arc - ok
22:01:27.0956 2920  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:01:27.0971 2920  arcsas - ok
22:01:27.0987 2920  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:01:28.0065 2920  AsyncMac - ok
22:01:28.0143 2920  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
22:01:28.0158 2920  atapi - ok
22:01:28.0346 2920  [ 88A02B6046356E6BE4E387FAA7451439 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:01:28.0502 2920  athr - ok
22:01:28.0860 2920  [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:01:29.0094 2920  atikmdag - ok
22:01:29.0157 2920  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:01:29.0235 2920  AudioEndpointBuilder - ok
22:01:29.0266 2920  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:01:29.0313 2920  AudioSrv - ok
22:01:29.0344 2920  [ 25B63A3C24A5E0223A35DE2F0D9E0FAF ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:01:29.0360 2920  avgntflt - ok
22:01:29.0406 2920  [ A83691240C1568E6A3EAA5C86D9F8AE3 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:01:29.0422 2920  avipbb - ok
22:01:29.0438 2920  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:01:29.0453 2920  avkmgr - ok
22:01:29.0484 2920  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:01:29.0578 2920  AxInstSV - ok
22:01:29.0625 2920  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
22:01:29.0687 2920  b06bdrv - ok
22:01:29.0703 2920  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:01:29.0734 2920  b57nd60a - ok
22:01:29.0968 2920  [ B44879610F2DC4A046B14BEFA3AE72DE ] BCM43XX        C:\Windows\system32\DRIVERS\bcmwl664.sys
22:01:30.0093 2920  BCM43XX - ok
22:01:30.0108 2920  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:01:30.0171 2920  BDESVC - ok
22:01:30.0186 2920  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:01:30.0296 2920  Beep - ok
22:01:30.0342 2920  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
22:01:30.0420 2920  BFE - ok
22:01:30.0452 2920  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
22:01:30.0545 2920  BITS - ok
22:01:30.0576 2920  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:01:30.0608 2920  blbdrive - ok
22:01:30.0686 2920  [ CC4E72A0FA7F62175C8BB42BA2CAA3D5 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
22:01:30.0732 2920  Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
22:01:30.0732 2920  Bonjour Service - detected UnsignedFile.Multi.Generic (1)
22:01:30.0764 2920  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:01:30.0810 2920  bowser - ok
22:01:30.0826 2920  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:01:30.0935 2920  BrFiltLo - ok
22:01:30.0951 2920  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:01:30.0966 2920  BrFiltUp - ok
22:01:31.0013 2920  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
22:01:31.0091 2920  Browser - ok
22:01:31.0122 2920  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
22:01:31.0169 2920  Brserid - ok
22:01:31.0200 2920  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:01:31.0232 2920  BrSerWdm - ok
22:01:31.0247 2920  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:01:31.0325 2920  BrUsbMdm - ok
22:01:31.0341 2920  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:01:31.0372 2920  BrUsbSer - ok
22:01:31.0388 2920  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:01:31.0403 2920  BTHMODEM - ok
22:01:31.0466 2920  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
22:01:31.0544 2920  bthserv - ok
22:01:31.0575 2920  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:01:31.0637 2920  cdfs - ok
22:01:31.0668 2920  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\drivers\cdrom.sys
22:01:31.0700 2920  cdrom - ok
22:01:31.0746 2920  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
22:01:31.0793 2920  CertPropSvc - ok
22:01:31.0824 2920  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:01:31.0871 2920  circlass - ok
22:01:31.0918 2920  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:01:31.0934 2920  CLFS - ok
22:01:32.0012 2920  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:01:32.0043 2920  clr_optimization_v2.0.50727_32 - ok
22:01:32.0105 2920  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:01:32.0121 2920  clr_optimization_v2.0.50727_64 - ok
22:01:32.0339 2920  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:01:32.0417 2920  clr_optimization_v4.0.30319_32 - ok
22:01:32.0464 2920  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:01:32.0480 2920  clr_optimization_v4.0.30319_64 - ok
22:01:32.0542 2920  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:01:32.0589 2920  CmBatt - ok
22:01:32.0604 2920  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:01:32.0636 2920  cmdide - ok
22:01:32.0682 2920  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
22:01:32.0729 2920  CNG - ok
22:01:32.0776 2920  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:01:32.0792 2920  Compbatt - ok
22:01:32.0823 2920  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:01:32.0870 2920  CompositeBus - ok
22:01:32.0885 2920  COMSysApp - ok
22:01:32.0916 2920  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
22:01:32.0948 2920  crcdisk - ok
22:01:32.0979 2920  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:01:33.0057 2920  CryptSvc - ok
22:01:33.0119 2920  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:01:33.0213 2920  DcomLaunch - ok
22:01:33.0291 2920  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
22:01:33.0384 2920  defragsvc - ok
22:01:33.0431 2920  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:01:33.0509 2920  DfsC - ok
22:01:33.0572 2920  [ 867FA8B9E9E3078F68C4089904BBF4B0 ] dgderdrv        C:\Windows\system32\drivers\dgderdrv.sys
22:01:33.0587 2920  dgderdrv - ok
22:01:33.0650 2920  [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
22:01:33.0665 2920  dg_ssudbus - ok
22:01:33.0712 2920  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:01:33.0790 2920  Dhcp - ok
22:01:33.0806 2920  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:01:33.0884 2920  discache - ok
22:01:33.0899 2920  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:01:33.0915 2920  Disk - ok
22:01:33.0993 2920  [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr        C:\Windows\SysWOW64\Drivers\DKbFltr.sys
22:01:34.0008 2920  DKbFltr - ok
22:01:34.0102 2920  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:01:34.0149 2920  Dnscache - ok
22:01:34.0196 2920  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
22:01:34.0274 2920  dot3svc - ok
22:01:34.0320 2920  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
22:01:34.0383 2920  DPS - ok
22:01:34.0414 2920  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
22:01:34.0445 2920  drmkaud - ok
22:01:34.0632 2920  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
22:01:34.0679 2920  DXGKrnl - ok
22:01:34.0726 2920  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
22:01:34.0788 2920  EapHost - ok
22:01:35.0054 2920  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
22:01:35.0241 2920  ebdrv - ok
22:01:35.0303 2920  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
22:01:35.0366 2920  EFS - ok
22:01:35.0475 2920  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
22:01:35.0553 2920  ehRecvr - ok
22:01:35.0584 2920  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
22:01:35.0646 2920  ehSched - ok
22:01:35.0693 2920  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
22:01:35.0724 2920  elxstor - ok
22:01:35.0865 2920  [ 019137B4C7EA2DD2255D79A571FCC6C7 ] ePowerSvc      C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
22:01:35.0912 2920  ePowerSvc - ok
22:01:35.0958 2920  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:01:36.0005 2920  ErrDev - ok
22:01:36.0083 2920  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
22:01:36.0146 2920  EventSystem - ok
22:01:36.0161 2920  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
22:01:36.0224 2920  exfat - ok
22:01:36.0255 2920  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
22:01:36.0333 2920  fastfat - ok
22:01:36.0411 2920  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
22:01:36.0489 2920  Fax - ok
22:01:36.0504 2920  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
22:01:36.0536 2920  fdc - ok
22:01:36.0567 2920  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
22:01:36.0614 2920  fdPHost - ok
22:01:36.0629 2920  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:01:36.0676 2920  FDResPub - ok
22:01:36.0707 2920  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:01:36.0723 2920  FileInfo - ok
22:01:36.0738 2920  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
22:01:36.0816 2920  Filetrace - ok
22:01:36.0832 2920  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:01:36.0863 2920  flpydisk - ok
22:01:36.0894 2920  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:01:36.0910 2920  FltMgr - ok
22:01:36.0972 2920  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
22:01:37.0050 2920  FontCache - ok
22:01:37.0113 2920  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:01:37.0128 2920  FontCache3.0.0.0 - ok
22:01:37.0191 2920  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
22:01:37.0206 2920  FsDepends - ok
22:01:37.0238 2920  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:01:37.0253 2920  Fs_Rec - ok
22:01:37.0300 2920  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:01:37.0316 2920  fvevol - ok
22:01:37.0347 2920  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:01:37.0362 2920  gagp30kx - ok
22:01:37.0394 2920  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
22:01:37.0503 2920  gpsvc - ok
22:01:37.0581 2920  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
22:01:37.0612 2920  Greg_Service - ok
22:01:37.0659 2920  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:01:37.0674 2920  gupdate - ok
22:01:37.0690 2920  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:01:37.0706 2920  gupdatem - ok
22:01:37.0721 2920  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:01:37.0784 2920  hcw85cir - ok
22:01:37.0830 2920  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:01:37.0893 2920  HdAudAddService - ok
22:01:37.0924 2920  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:01:37.0955 2920  HDAudBus - ok
22:01:37.0986 2920  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
22:01:38.0033 2920  HidBatt - ok
22:01:38.0049 2920  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:01:38.0080 2920  HidBth - ok
22:01:38.0096 2920  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
22:01:38.0142 2920  HidIr - ok
22:01:38.0189 2920  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
22:01:38.0283 2920  hidserv - ok
22:01:38.0314 2920  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:01:38.0330 2920  HidUsb - ok
22:01:38.0361 2920  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:01:38.0439 2920  hkmsvc - ok
22:01:38.0486 2920  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:01:38.0548 2920  HomeGroupListener - ok
22:01:38.0564 2920  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:01:38.0595 2920  HomeGroupProvider - ok
22:01:38.0626 2920  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:01:38.0657 2920  HpSAMD - ok
22:01:38.0688 2920  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:01:38.0766 2920  HTTP - ok
22:01:38.0766 2920  hwdatacard - ok
22:01:38.0798 2920  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:01:38.0813 2920  hwpolicy - ok
22:01:38.0860 2920  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:01:38.0891 2920  i8042prt - ok
22:01:38.0922 2920  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
22:01:38.0954 2920  iaStorV - ok
22:01:39.0000 2920  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:01:39.0016 2920  IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:01:39.0016 2920  IDriverT - detected UnsignedFile.Multi.Generic (1)
22:01:39.0078 2920  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:01:39.0141 2920  idsvc - ok
22:01:39.0297 2920  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:01:39.0515 2920  igfx - ok
22:01:39.0531 2920  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
22:01:39.0546 2920  iirsp - ok
22:01:39.0593 2920  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:01:39.0687 2920  IKEEXT - ok
22:01:39.0780 2920  [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:01:39.0827 2920  IntcAzAudAddService - ok
22:01:39.0858 2920  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:01:39.0874 2920  intelide - ok
22:01:39.0905 2920  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:01:39.0936 2920  intelppm - ok
22:01:39.0952 2920  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
22:01:40.0014 2920  IPBusEnum - ok
22:01:40.0046 2920  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:01:40.0108 2920  IpFilterDriver - ok
22:01:40.0155 2920  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:01:40.0217 2920  iphlpsvc - ok
22:01:40.0280 2920  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
22:01:40.0326 2920  IPMIDRV - ok
22:01:40.0373 2920  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
22:01:40.0420 2920  IPNAT - ok
22:01:40.0436 2920  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:01:40.0514 2920  IRENUM - ok
22:01:40.0545 2920  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:01:40.0576 2920  isapnp - ok
22:01:40.0592 2920  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:01:40.0623 2920  iScsiPrt - ok
22:01:40.0654 2920  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:01:40.0670 2920  kbdclass - ok
22:01:40.0701 2920  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:01:40.0716 2920  kbdhid - ok
22:01:40.0732 2920  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:01:40.0748 2920  KeyIso - ok
22:01:40.0794 2920  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:01:40.0810 2920  KSecDD - ok
22:01:40.0857 2920  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
22:01:40.0888 2920  KSecPkg - ok
22:01:40.0919 2920  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
22:01:40.0966 2920  ksthunk - ok
22:01:41.0013 2920  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
22:01:41.0075 2920  KtmRm - ok
22:01:41.0106 2920  [ 2377EC4CC3E356655B996F39B43486B6 ] L1C            C:\Windows\system32\DRIVERS\L1C62x64.sys
22:01:41.0138 2920  L1C - ok
22:01:41.0184 2920  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:01:41.0231 2920  LanmanServer - ok
22:01:41.0294 2920  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:01:41.0325 2920  LanmanWorkstation - ok
22:01:41.0387 2920  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:01:41.0450 2920  lltdio - ok
22:01:41.0481 2920  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
22:01:41.0543 2920  lltdsvc - ok
22:01:41.0574 2920  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
22:01:41.0621 2920  lmhosts - ok
22:01:41.0637 2920  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:01:41.0652 2920  LSI_FC - ok
22:01:41.0684 2920  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
22:01:41.0699 2920  LSI_SAS - ok
22:01:41.0715 2920  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:01:41.0730 2920  LSI_SAS2 - ok
22:01:41.0746 2920  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:01:41.0762 2920  LSI_SCSI - ok
22:01:41.0777 2920  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
22:01:41.0840 2920  luafv - ok
22:01:41.0871 2920  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
22:01:41.0918 2920  Mcx2Svc - ok
22:01:41.0933 2920  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
22:01:41.0949 2920  megasas - ok
22:01:41.0964 2920  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:01:41.0980 2920  MegaSR - ok
22:01:42.0058 2920  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:01:42.0089 2920  Microsoft Office Groove Audit Service - ok
22:01:42.0120 2920  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
22:01:42.0214 2920  MMCSS - ok
22:01:42.0245 2920  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
22:01:42.0292 2920  Modem - ok
22:01:42.0308 2920  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
22:01:42.0323 2920  monitor - ok
22:01:42.0354 2920  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
22:01:42.0370 2920  mouclass - ok
22:01:42.0370 2920  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:01:42.0401 2920  mouhid - ok
22:01:42.0432 2920  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:01:42.0448 2920  mountmgr - ok
22:01:42.0495 2920  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:01:42.0510 2920  MozillaMaintenance - ok
22:01:42.0557 2920  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:01:42.0573 2920  mpio - ok
22:01:42.0604 2920  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:01:42.0666 2920  mpsdrv - ok
22:01:42.0713 2920  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:01:42.0822 2920  MpsSvc - ok
22:01:42.0854 2920  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:01:42.0885 2920  MRxDAV - ok
22:01:42.0916 2920  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:01:42.0978 2920  mrxsmb - ok
22:01:43.0025 2920  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:01:43.0072 2920  mrxsmb10 - ok
22:01:43.0088 2920  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:01:43.0119 2920  mrxsmb20 - ok
22:01:43.0150 2920  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:01:43.0166 2920  msahci - ok
22:01:43.0197 2920  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
22:01:43.0212 2920  msdsm - ok
22:01:43.0244 2920  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
22:01:43.0275 2920  MSDTC - ok
22:01:43.0306 2920  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:01:43.0353 2920  Msfs - ok
22:01:43.0384 2920  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
22:01:43.0431 2920  mshidkmdf - ok
22:01:43.0462 2920  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:01:43.0462 2920  msisadrv - ok
22:01:43.0493 2920  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
22:01:43.0540 2920  MSiSCSI - ok
22:01:43.0540 2920  msiserver - ok
22:01:43.0571 2920  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
22:01:43.0634 2920  MSKSSRV - ok
22:01:43.0665 2920  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:01:43.0727 2920  MSPCLOCK - ok
22:01:43.0758 2920  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
22:01:43.0805 2920  MSPQM - ok
22:01:43.0852 2920  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
22:01:43.0883 2920  MsRPC - ok
22:01:43.0914 2920  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:01:43.0930 2920  mssmbios - ok
22:01:43.0946 2920  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
22:01:44.0008 2920  MSTEE - ok
22:01:44.0039 2920  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:01:44.0055 2920  MTConfig - ok
22:01:44.0070 2920  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
22:01:44.0086 2920  Mup - ok
22:01:44.0117 2920  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:01:44.0117 2920  mwlPSDFilter - ok
22:01:44.0133 2920  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ    C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:01:44.0148 2920  mwlPSDNServ - ok
22:01:44.0164 2920  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk    C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:01:44.0180 2920  mwlPSDVDisk - ok
22:01:44.0226 2920  [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] MWLService      C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
22:01:44.0242 2920  MWLService - ok
22:01:44.0289 2920  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:01:44.0336 2920  napagent - ok
22:01:44.0367 2920  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
22:01:44.0414 2920  NativeWifiP - ok
22:01:44.0507 2920  [ 2C6870134D11F866E69926DF66866E3D ] NBService      C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
22:01:44.0554 2920  NBService - ok
22:01:44.0616 2920  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:01:44.0663 2920  NDIS - ok
22:01:44.0694 2920  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
22:01:44.0741 2920  NdisCap - ok
22:01:44.0757 2920  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:01:44.0804 2920  NdisTapi - ok
22:01:44.0850 2920  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
22:01:44.0882 2920  Ndisuio - ok
22:01:44.0928 2920  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
22:01:44.0975 2920  NdisWan - ok
22:01:45.0022 2920  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
22:01:45.0084 2920  NDProxy - ok
22:01:45.0116 2920  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
22:01:45.0162 2920  NetBIOS - ok
22:01:45.0209 2920  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
22:01:45.0272 2920  NetBT - ok
22:01:45.0287 2920  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:01:45.0303 2920  Netlogon - ok
22:01:45.0334 2920  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:01:45.0396 2920  Netman - ok
22:01:45.0428 2920  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:01:45.0474 2920  netprofm - ok
22:01:45.0506 2920  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:01:45.0521 2920  NetTcpPortSharing - ok
22:01:45.0537 2920  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
22:01:45.0552 2920  nfrd960 - ok
22:01:45.0584 2920  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:01:45.0646 2920  NlaSvc - ok
22:01:45.0693 2920  [ 4C0D7762814C98C02EE6C1EB21C48BEA ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
22:01:45.0708 2920  NMIndexingService - ok
22:01:45.0724 2920  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:01:45.0771 2920  Npfs - ok
22:01:45.0802 2920  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
22:01:45.0849 2920  nsi - ok
22:01:45.0880 2920  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:01:45.0927 2920  nsiproxy - ok
22:01:46.0005 2920  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:01:46.0067 2920  Ntfs - ok
22:01:46.0130 2920  [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:01:46.0161 2920  NTIBackupSvc - ok
22:01:46.0223 2920  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr        C:\Windows\system32\drivers\NTIDrvr.sys
22:01:46.0254 2920  NTIDrvr - ok
22:01:46.0270 2920  [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:01:46.0301 2920  NTISchedulerSvc - ok
22:01:46.0332 2920  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:01:46.0364 2920  Null - ok
22:01:46.0395 2920  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:01:46.0410 2920  nvraid - ok
22:01:46.0442 2920  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:01:46.0457 2920  nvstor - ok
22:01:46.0473 2920  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:01:46.0488 2920  nv_agp - ok
22:01:46.0566 2920  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:01:46.0598 2920  odserv - ok
22:01:46.0629 2920  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:01:46.0660 2920  ohci1394 - ok
22:01:46.0707 2920  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:01:46.0722 2920  ose - ok
22:01:46.0754 2920  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:01:46.0785 2920  p2pimsvc - ok
22:01:46.0832 2920  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:01:46.0847 2920  p2psvc - ok
22:01:46.0878 2920  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
22:01:46.0894 2920  Parport - ok
22:01:46.0925 2920  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
22:01:46.0956 2920  partmgr - ok
22:01:46.0972 2920  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:01:47.0003 2920  PcaSvc - ok
22:01:47.0081 2920  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
22:01:47.0097 2920  pci - ok
22:01:47.0128 2920  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:01:47.0144 2920  pciide - ok
22:01:47.0175 2920  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:01:47.0190 2920  pcmcia - ok
22:01:47.0206 2920  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
22:01:47.0222 2920  pcw - ok
22:01:47.0237 2920  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:01:47.0300 2920  PEAUTH - ok
22:01:47.0378 2920  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:01:47.0409 2920  PerfHost - ok
22:01:47.0471 2920  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
22:01:47.0565 2920  pla - ok
22:01:47.0643 2920  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:01:47.0674 2920  PlugPlay - ok
22:01:47.0705 2920  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
22:01:47.0736 2920  PNRPAutoReg - ok
22:01:47.0768 2920  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
22:01:47.0783 2920  PNRPsvc - ok
22:01:47.0830 2920  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
22:01:47.0892 2920  PolicyAgent - ok
22:01:47.0924 2920  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
22:01:48.0002 2920  Power - ok
22:01:48.0048 2920  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:01:48.0111 2920  PptpMiniport - ok
22:01:48.0142 2920  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
22:01:48.0173 2920  Processor - ok
22:01:48.0204 2920  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
22:01:48.0267 2920  ProfSvc - ok
22:01:48.0282 2920  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:01:48.0298 2920  ProtectedStorage - ok
22:01:48.0329 2920  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:01:48.0407 2920  Psched - ok
22:01:48.0470 2920  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:01:48.0563 2920  ql2300 - ok
22:01:48.0594 2920  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:01:48.0610 2920  ql40xx - ok
22:01:48.0641 2920  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
22:01:48.0657 2920  QWAVE - ok
22:01:48.0688 2920  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:01:48.0719 2920  QWAVEdrv - ok
22:01:48.0766 2920  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:01:48.0828 2920  RasAcd - ok
22:01:48.0860 2920  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
22:01:48.0906 2920  RasAgileVpn - ok
22:01:48.0938 2920  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
22:01:48.0984 2920  RasAuto - ok
22:01:49.0016 2920  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
22:01:49.0062 2920  Rasl2tp - ok
22:01:49.0125 2920  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:01:49.0203 2920  RasMan - ok
22:01:49.0250 2920  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:01:49.0312 2920  RasPppoe - ok
22:01:49.0328 2920  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
22:01:49.0374 2920  RasSstp - ok
22:01:49.0421 2920  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
22:01:49.0468 2920  rdbss - ok
22:01:49.0484 2920  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:01:49.0515 2920  rdpbus - ok
22:01:49.0530 2920  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:01:49.0593 2920  RDPCDD - ok
22:01:49.0608 2920  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:01:49.0655 2920  RDPENCDD - ok
22:01:49.0671 2920  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:01:49.0718 2920  RDPREFMP - ok
22:01:49.0749 2920  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
22:01:49.0827 2920  RDPWD - ok
22:01:49.0874 2920  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:01:49.0889 2920  rdyboost - ok
22:01:49.0920 2920  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:01:49.0983 2920  RemoteAccess - ok
22:01:50.0014 2920  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:01:50.0061 2920  RemoteRegistry - ok
22:01:50.0092 2920  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:01:50.0139 2920  RpcEptMapper - ok
22:01:50.0154 2920  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:01:50.0186 2920  RpcLocator - ok
22:01:50.0232 2920  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
22:01:50.0279 2920  RpcSs - ok
22:01:50.0310 2920  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:01:50.0373 2920  rspndr - ok
22:01:50.0404 2920  [ DB30AA4DAA0D492FA5D7717D8181FFA1 ] RSUSBSTOR      C:\Windows\system32\Drivers\RtsUStor.sys
22:01:50.0451 2920  RSUSBSTOR - ok
22:01:50.0482 2920  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
22:01:50.0498 2920  SamSs - ok
22:01:50.0700 2920  [ 328100AF2EFD951EAB657384EC361B6F ] SamsungAllShareV2.0 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
22:01:50.0716 2920  SamsungAllShareV2.0 - ok
22:01:50.0747 2920  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:01:50.0763 2920  sbp2port - ok
22:01:50.0794 2920  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:01:50.0856 2920  SCardSvr - ok
22:01:50.0888 2920  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:01:50.0919 2920  scfilter - ok
22:01:50.0981 2920  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:01:51.0075 2920  Schedule - ok
22:01:51.0122 2920  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
22:01:51.0168 2920  SCPolicySvc - ok
22:01:51.0184 2920  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:01:51.0246 2920  SDRSVC - ok
22:01:51.0262 2920  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:01:51.0324 2920  secdrv - ok
22:01:51.0356 2920  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:01:51.0434 2920  seclogon - ok
22:01:51.0465 2920  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:01:51.0527 2920  SENS - ok
22:01:51.0543 2920  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:01:51.0605 2920  SensrSvc - ok
22:01:51.0636 2920  [ BC7ED37FBA7CD8A46A63C6EDFE98BB36 ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl64.sys
22:01:51.0683 2920  Ser2pl - ok
22:01:51.0714 2920  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
22:01:51.0730 2920  Serenum - ok
22:01:51.0746 2920  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:01:51.0792 2920  Serial - ok
22:01:51.0824 2920  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:01:51.0855 2920  sermouse - ok
22:01:51.0886 2920  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:01:51.0948 2920  SessionEnv - ok
22:01:51.0995 2920  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
22:01:52.0058 2920  sffdisk - ok
22:01:52.0073 2920  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:01:52.0104 2920  sffp_mmc - ok
22:01:52.0120 2920  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
22:01:52.0151 2920  sffp_sd - ok
22:01:52.0167 2920  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
22:01:52.0198 2920  sfloppy - ok
22:01:52.0229 2920  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:01:52.0292 2920  SharedAccess - ok
22:01:52.0354 2920  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:01:52.0416 2920  ShellHWDetection - ok
22:01:52.0463 2920  [ 1980FE1F5A32067DAD1D8776B63C2669 ] SimpleSlideShowServer C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
22:01:52.0479 2920  SimpleSlideShowServer - ok
22:01:52.0510 2920  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:01:52.0541 2920  SiSRaid2 - ok
22:01:52.0557 2920  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:01:52.0572 2920  SiSRaid4 - ok
22:01:52.0650 2920  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
22:01:52.0666 2920  SkypeUpdate - ok
22:01:52.0682 2920  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
22:01:52.0744 2920  Smb - ok
22:01:52.0775 2920  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:01:52.0806 2920  SNMPTRAP - ok
22:01:52.0838 2920  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
22:01:52.0853 2920  spldr - ok
22:01:52.0884 2920  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
22:01:52.0947 2920  Spooler - ok
22:01:53.0056 2920  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:01:53.0228 2920  sppsvc - ok
22:01:53.0290 2920  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
22:01:53.0337 2920  sppuinotify - ok
22:01:53.0384 2920  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
22:01:53.0430 2920  srv - ok
22:01:53.0446 2920  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:01:53.0477 2920  srv2 - ok
22:01:53.0508 2920  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:01:53.0540 2920  srvnet - ok
22:01:53.0586 2920  [ F74634F46692C8315E7F37F698AF3225 ] sscebus        C:\Windows\system32\DRIVERS\sscebus.sys
22:01:53.0602 2920  sscebus - ok
22:01:53.0618 2920  [ 82732B391EFD69B0548044BE9CB37BFC ] sscemdfl        C:\Windows\system32\DRIVERS\sscemdfl.sys
22:01:53.0633 2920  sscemdfl - ok
22:01:53.0649 2920  [ 43D56ACE4469D90F9790E8352D87D9B5 ] sscemdm        C:\Windows\system32\DRIVERS\sscemdm.sys
22:01:53.0664 2920  sscemdm - ok
22:01:53.0711 2920  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
22:01:53.0774 2920  SSDPSRV - ok
22:01:53.0789 2920  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
22:01:53.0836 2920  SstpSvc - ok
22:01:53.0883 2920  [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
22:01:53.0898 2920  ssudmdm - ok
22:01:53.0930 2920  [ 076044D95B6034CB34FFEC3EE5623A37 ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
22:01:53.0945 2920  ssudserd - ok
22:01:53.0976 2920  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:01:53.0992 2920  stexstor - ok
22:01:54.0070 2920  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:01:54.0132 2920  stisvc - ok
22:01:54.0179 2920  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:01:54.0195 2920  swenum - ok
22:01:54.0226 2920  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
22:01:54.0288 2920  swprv - ok
22:01:54.0335 2920  [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
22:01:54.0351 2920  SynTP - ok
22:01:54.0429 2920  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
22:01:54.0507 2920  SysMain - ok
22:01:54.0554 2920  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:01:54.0569 2920  TabletInputService - ok
22:01:54.0600 2920  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
22:01:54.0663 2920  TapiSrv - ok
22:01:54.0710 2920  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
22:01:54.0756 2920  TBS - ok
22:01:54.0850 2920  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
22:01:54.0975 2920  Tcpip - ok
22:01:55.0037 2920  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:01:55.0084 2920  TCPIP6 - ok
22:01:55.0131 2920  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:01:55.0209 2920  tcpipreg - ok
22:01:55.0240 2920  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:01:55.0271 2920  TDPIPE - ok
22:01:55.0302 2920  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
22:01:55.0334 2920  TDTCP - ok
22:01:55.0365 2920  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
22:01:55.0443 2920  tdx - ok
22:01:55.0474 2920  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:01:55.0490 2920  TermDD - ok
22:01:55.0505 2920  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
22:01:55.0599 2920  TermService - ok
22:01:55.0646 2920  [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk      C:\Windows\System32\Drivers\TFsExDisk.sys
22:01:55.0677 2920  TFsExDisk - ok
22:01:55.0708 2920  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:01:55.0739 2920  Themes - ok
22:01:55.0786 2920  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
22:01:55.0817 2920  THREADORDER - ok
22:01:55.0895 2920  [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
22:01:55.0911 2920  TomTomHOMEService - ok
22:01:55.0942 2920  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:01:56.0004 2920  TrkWks - ok
22:01:56.0067 2920  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:01:56.0145 2920  TrustedInstaller - ok
22:01:56.0192 2920  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:01:56.0254 2920  tssecsrv - ok
22:01:56.0301 2920  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:01:56.0332 2920  TsUsbFlt - ok
22:01:56.0379 2920  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:01:56.0441 2920  tunnel - ok
22:01:56.0457 2920  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:01:56.0472 2920  uagp35 - ok
22:01:56.0504 2920  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
22:01:56.0519 2920  UBHelper - ok
22:01:56.0566 2920  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:01:56.0644 2920  udfs - ok
22:01:56.0691 2920  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
22:01:56.0706 2920  UI0Detect - ok
22:01:56.0722 2920  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:01:56.0738 2920  uliagpkx - ok
22:01:56.0769 2920  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
22:01:56.0800 2920  umbus - ok
22:01:56.0816 2920  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:01:56.0847 2920  UmPass - ok
22:01:56.0909 2920  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:01:56.0940 2920  Updater Service - ok
22:01:56.0972 2920  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:01:57.0034 2920  upnphost - ok
22:01:57.0081 2920  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
22:01:57.0096 2920  usbccgp - ok
22:01:57.0128 2920  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:01:57.0143 2920  usbcir - ok
22:01:57.0174 2920  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
22:01:57.0190 2920  usbehci - ok
22:01:57.0221 2920  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:01:57.0237 2920  usbhub - ok
22:01:57.0268 2920  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
22:01:57.0284 2920  usbohci - ok
22:01:57.0315 2920  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:01:57.0362 2920  usbprint - ok
22:01:57.0377 2920  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:01:57.0408 2920  USBSTOR - ok
22:01:57.0440 2920  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
22:01:57.0486 2920  usbuhci - ok
22:01:57.0518 2920  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:01:57.0549 2920  usbvideo - ok
22:01:57.0580 2920  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
22:01:57.0642 2920  UxSms - ok
22:01:57.0658 2920  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:01:57.0674 2920  VaultSvc - ok
22:01:57.0689 2920  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:01:57.0705 2920  vdrvroot - ok
22:01:57.0736 2920  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
22:01:57.0830 2920  vds - ok
22:01:57.0861 2920  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
22:01:57.0876 2920  vga - ok
22:01:57.0892 2920  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
22:01:57.0954 2920  VgaSave - ok
22:01:57.0986 2920  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
22:01:58.0001 2920  vhdmp - ok
22:01:58.0032 2920  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:01:58.0064 2920  viaide - ok
22:01:58.0110 2920  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:01:58.0142 2920  volmgr - ok
22:01:58.0173 2920  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
22:01:58.0204 2920  volmgrx - ok
22:01:58.0251 2920  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
22:01:58.0282 2920  volsnap - ok
22:01:58.0313 2920  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
22:01:58.0329 2920  vsmraid - ok
22:01:58.0391 2920  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
22:01:58.0500 2920  VSS - ok
22:01:58.0516 2920  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:01:58.0563 2920  vwifibus - ok
22:01:58.0578 2920  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:01:58.0625 2920  vwififlt - ok
22:01:58.0656 2920  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
22:01:58.0672 2920  vwifimp - ok
22:01:58.0703 2920  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
22:01:58.0750 2920  W32Time - ok
22:01:58.0781 2920  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:01:58.0812 2920  WacomPen - ok
22:01:58.0844 2920  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:01:58.0890 2920  WANARP - ok
22:01:58.0906 2920  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:01:58.0937 2920  Wanarpv6 - ok
22:01:59.0000 2920  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:01:59.0093 2920  wbengine - ok
22:01:59.0124 2920  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:01:59.0156 2920  WbioSrvc - ok
22:01:59.0187 2920  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
22:01:59.0249 2920  wcncsvc - ok
22:01:59.0296 2920  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:01:59.0312 2920  WcsPlugInService - ok
22:01:59.0327 2920  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:01:59.0343 2920  Wd - ok
22:01:59.0374 2920  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:01:59.0405 2920  Wdf01000 - ok
22:01:59.0421 2920  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:01:59.0546 2920  WdiServiceHost - ok
22:01:59.0546 2920  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
22:01:59.0577 2920  WdiSystemHost - ok
22:01:59.0624 2920  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
22:01:59.0686 2920  WebClient - ok
22:01:59.0717 2920  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:01:59.0780 2920  Wecsvc - ok
22:01:59.0811 2920  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
22:01:59.0842 2920  wercplsupport - ok
22:01:59.0858 2920  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:01:59.0920 2920  WerSvc - ok
22:01:59.0982 2920  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:02:00.0060 2920  WfpLwf - ok
22:02:00.0060 2920  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:02:00.0076 2920  WIMMount - ok
22:02:00.0107 2920  WinDefend - ok
22:02:00.0107 2920  WinHttpAutoProxySvc - ok
22:02:00.0170 2920  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
22:02:00.0216 2920  Winmgmt - ok
22:02:00.0294 2920  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
22:02:00.0404 2920  WinRM - ok
22:02:00.0450 2920  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:02:00.0497 2920  WinUsb - ok
22:02:00.0544 2920  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
22:02:00.0622 2920  Wlansvc - ok
22:02:00.0638 2920  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
22:02:00.0669 2920  WmiAcpi - ok
22:02:00.0700 2920  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:02:00.0716 2920  wmiApSrv - ok
22:02:00.0747 2920  WMPNetworkSvc - ok
22:02:00.0762 2920  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:02:00.0794 2920  WPCSvc - ok
22:02:00.0825 2920  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:02:00.0856 2920  WPDBusEnum - ok
22:02:00.0887 2920  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
22:02:00.0950 2920  ws2ifsl - ok
22:02:00.0965 2920  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:02:00.0996 2920  wscsvc - ok
22:02:00.0996 2920  WSearch - ok
22:02:01.0106 2920  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:02:01.0215 2920  wuauserv - ok
22:02:01.0246 2920  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:02:01.0308 2920  WudfPf - ok
22:02:01.0340 2920  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:02:01.0402 2920  WUDFRd - ok
22:02:01.0449 2920  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
22:02:01.0511 2920  wudfsvc - ok
22:02:01.0527 2920  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
22:02:01.0574 2920  WwanSvc - ok
22:02:01.0574 2920  ================ Scan global ===============================
22:02:01.0620 2920  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:02:01.0652 2920  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:02:01.0667 2920  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:02:01.0683 2920  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:02:01.0714 2920  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:02:01.0730 2920  [Global] - ok
22:02:01.0730 2920  ================ Scan MBR ==================================
22:02:01.0745 2920  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:02:02.0166 2920  \Device\Harddisk0\DR0 - ok
22:02:02.0166 2920  ================ Scan VBR ==================================
22:02:02.0166 2920  [ BDEBBA3E3E76F5DFAC70DC0082D271C6 ] \Device\Harddisk0\DR0\Partition1
22:02:02.0166 2920  \Device\Harddisk0\DR0\Partition1 - ok
22:02:02.0198 2920  [ 528AEF87E659965DFE6BC39132CEA3CC ] \Device\Harddisk0\DR0\Partition2
22:02:02.0213 2920  \Device\Harddisk0\DR0\Partition2 - ok
22:02:02.0213 2920  ============================================================
22:02:02.0213 2920  Scan finished
22:02:02.0213 2920  ============================================================
22:02:02.0260 4764  Detected object count: 2
22:02:02.0260 4764  Actual detected object count: 2
22:02:17.0579 4764  Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:17.0579 4764  Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:17.0579 4764  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:17.0579 4764  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
Wahnsinn, ich weiß nicht wie man daraus etwas erkennen kann *bewunder*

Liebe Grüße
Nadine

cosinus 23.10.2012 16:27
Die zwei Funde sind legitim, ist also unauffällig.
Noch Probleme oder Fragen offen?

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Nadine47077 24.10.2012 21:22
Hallo cosinus,

es wurde wieder etwas gefunden *schnief* Dabei habe ich gar nicht viel im Netz gemacht....

Log SUPERAntiSpyware:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/24/2012 at 10:12 PM

Application Version : 5.6.1012

Core Rules Database Version : 9466
Trace Rules Database Version: 7278

Scan type      : Complete Scan
Total Scan Time : 00:54:16

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 745
Memory threats detected  : 0
Registry items scanned    : 73373
Registry threats detected : 0
File items scanned        : 62878
File threats detected    : 510

Adware.Tracking Cookie
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\OP6FGE15.txt [ /questionmarket.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\OVTTX90Z.txt [ /advertising.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\10AJYNG3.txt [ /doubleclick.net ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\ZETWUCOB.txt [ /tacoda.at.atwola.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\VAVCCR0K.txt [ /invitemedia.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\S7KHVEM9.txt [ /apmebf.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\5FT1ILZ8.txt [ /dyntracker.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\27L3HH98.txt [ /atwola.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\K8HTVS70.txt [ /zanox-affiliate.de ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\FSIHCSDK.txt [ /tracking.quisma.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\4PK5LJHR.txt [ /fastclick.net ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\YQ9SMDSX.txt [ /adform.net ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\RJJEYWRR.txt [ /atdmt.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\1GQQA04F.txt [ /www.zanox-affiliate.de ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\6N311DUH.txt [ /imrworldwide.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\G6W8378C.txt [ /ad.dyntracker.de ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\DW0N01CZ.txt [ /cdn.at.atwola.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\C3RE3EWH.txt [ /smartadserver.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\82FQ0DA6.txt [ /serving-sys.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\WKA41JIL.txt [ /adfarm1.adition.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\F4D5TYR7.txt [ /ads.creative-serving.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\85XTX9ET.txt [ /ad.yieldmanager.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\XUGQCLUO.txt [ /zanox.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\8WW4J0R7.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\DICVIE4P.txt [ /track.adform.net ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\SWAY3NX2.txt [ /at.atwola.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\OGFKKMDC.txt [ /adserver.ignitad.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\32JLIGYG.txt [ /ad.zanox.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\7MUGS0AZ.txt [ /mediaplex.com ]
        C:\Users\Naddel\AppData\Roaming\Microsoft\Windows\Cookies\2UX7VZUZ.txt [ /ar.atwola.com ]
        C:\USERS\ADMINISTRATOR.NADDEL-PC\AppData\Roaming\Microsoft\Windows\Cookies\DLOHVHKF.txt [ Cookie:administrator@apmebf.com/ ]
        C:\USERS\ADMINISTRATOR.NADDEL-PC\AppData\Roaming\Microsoft\Windows\Cookies\EA67N8RE.txt [ Cookie:administrator@fastclick.net/ ]
        C:\USERS\ADMINISTRATOR.NADDEL-PC\AppData\Roaming\Microsoft\Windows\Cookies\U9F1PG9W.txt [ Cookie:administrator@mediaplex.com/ ]
        C:\USERS\ADMINISTRATOR.NADDEL-PC\AppData\Roaming\Microsoft\Windows\Cookies\FYRM6TRT.txt [ Cookie:administrator@www.zanox-affiliate.de/ ]
        C:\USERS\ADMINISTRATOR.NADDEL-PC\Cookies\DLOHVHKF.txt [ Cookie:administrator@apmebf.com/ ]
        C:\USERS\ADMINISTRATOR.NADDEL-PC\Cookies\EA67N8RE.txt [ Cookie:administrator@fastclick.net/ ]
        C:\USERS\ADMINISTRATOR.NADDEL-PC\Cookies\U9F1PG9W.txt [ Cookie:administrator@mediaplex.com/ ]
        C:\USERS\ADMINISTRATOR.NADDEL-PC\Cookies\FYRM6TRT.txt [ Cookie:administrator@www.zanox-affiliate.de/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\V040GAXO.txt [ Cookie:naddel@weborama.fr/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6BXTDBXA.txt [ Cookie:naddel@doubleclick.net/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\VWZT4CMX.txt [ Cookie:naddel@invitemedia.com/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6FOXCYF3.txt [ Cookie:naddel@xing.solution.weborama.fr/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EFP8XSA8.txt [ Cookie:naddel@zanox-affiliate.de/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7VSKIP2T.txt [ Cookie:naddel@revsci.net/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\36F1X9GL.txt [ Cookie:naddel@clkads.com/adServe ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\05RRGU4A.txt [ Cookie:naddel@webmasterplan.com/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\QNXX5WQJ.txt [ Cookie:naddel@serving-sys.com/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MVWQ5XB9.txt [ Cookie:naddel@adtech.de/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\LYIZJR22.txt [ Cookie:naddel@adfarm1.adition.com/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2IYNLYX.txt [ Cookie:naddel@clkads.com/adServe/banners ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DDR6TAX9.txt [ Cookie:naddel@ad4.adfarm1.adition.com/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\N0B1KKF0.txt [ Cookie:naddel@ad.yieldmanager.com/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\566HV0MM.txt [ Cookie:naddel@zanox.com/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\S3VKKMTW.txt [ Cookie:naddel@statse.webtrendslive.com/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JT1JR6IR.txt [ Cookie:naddel@yadro.ru/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5JREIDNW.txt [ Cookie:naddel@ad2.adfarm1.adition.com/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\R8QX0AAU.txt [ Cookie:naddel@tracker.vinsight.de/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\682FGNTV.txt [ Cookie:naddel@ad3.adfarm1.adition.com/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3J8KJH6A.txt [ Cookie:naddel@2o7.net/ ]
        C:\USERS\NADDEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5YJYAVOE.txt [ Cookie:naddel@mediaplex.com/ ]
        C:\USERS\NADDEL\Cookies\OP6FGE15.txt [ Cookie:naddel@questionmarket.com/ ]
        C:\USERS\NADDEL\Cookies\10AJYNG3.txt [ Cookie:naddel@doubleclick.net/ ]
        C:\USERS\NADDEL\Cookies\ZETWUCOB.txt [ Cookie:naddel@tacoda.at.atwola.com/ ]
        C:\USERS\NADDEL\Cookies\VAVCCR0K.txt [ Cookie:naddel@invitemedia.com/ ]
        C:\USERS\NADDEL\Cookies\5FT1ILZ8.txt [ Cookie:naddel@dyntracker.com/ ]
        C:\USERS\NADDEL\Cookies\K8HTVS70.txt [ Cookie:naddel@zanox-affiliate.de/ ]
        C:\USERS\NADDEL\Cookies\1GQQA04F.txt [ Cookie:naddel@www.zanox-affiliate.de/ ]
        C:\USERS\NADDEL\Cookies\G6W8378C.txt [ Cookie:naddel@ad.dyntracker.de/ ]
        C:\USERS\NADDEL\Cookies\DW0N01CZ.txt [ Cookie:naddel@cdn.at.atwola.com/ ]
        C:\USERS\NADDEL\Cookies\82FQ0DA6.txt [ Cookie:naddel@serving-sys.com/ ]
        C:\USERS\NADDEL\Cookies\WKA41JIL.txt [ Cookie:naddel@adfarm1.adition.com/ ]
        C:\USERS\NADDEL\Cookies\85XTX9ET.txt [ Cookie:naddel@ad.yieldmanager.com/ ]
        C:\USERS\NADDEL\Cookies\XUGQCLUO.txt [ Cookie:naddel@zanox.com/ ]
        C:\USERS\NADDEL\Cookies\8WW4J0R7.txt [ Cookie:naddel@ad1.adfarm1.adition.com/ ]
        C:\USERS\NADDEL\Cookies\DICVIE4P.txt [ Cookie:naddel@track.adform.net/ ]
        C:\USERS\NADDEL\Cookies\SWAY3NX2.txt [ Cookie:naddel@at.atwola.com/ ]
        C:\USERS\NADDEL\Cookies\7MUGS0AZ.txt [ Cookie:naddel@mediaplex.com/ ]
        C:\USERS\NADDEL\Cookies\2UX7VZUZ.txt [ Cookie:naddel@ar.atwola.com/ ]
        oddcast.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ANCHH7KG ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .unrulymedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        adserver.doccheck.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjlyqidjwdq.stats.esomniture.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfkispd5cap.stats.esomniture.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .sundiscount.eu [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .sundiscount.eu [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        stat.dealtime.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .stats.paypal.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        adserv.chirurgie-portal.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ec-track.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .get-a-fuck-tonight.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .get-a-fuck-tonight.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ads.crakmedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adxpansion.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        adserver.gb5.motorpresse.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.elitepartner.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.elitepartner.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .elitepartner.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .elitepartner.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .elitepartner.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .elitepartner.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .beiersdorf.122.2o7.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .wilson.122.2o7.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tennisexpress.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tennisexpress.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tennisexpress.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tennisexpress.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.tennisexpress.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.tennisexpress.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.tennisexpress.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tennisexpress.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.tennisexpress.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .nextag.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .nextag.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .nextag.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tennisexperte.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tennisexperte.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.tennisexperte.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        track.zalando.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6aeliekczegp.stats.esomniture.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webstat.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webstat.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .dealtime.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        banner.testberichte.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        banner.testberichte.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wgligjdzcep.stats.esomniture.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        count.asnetworks.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wgkyejcjigp.stats.esomniture.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        server.adformdsp.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adformdsp.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .flagcounter.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        tracking.tennisnet.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        tracking.dc-storm.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tracking.mindshare.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.bannerreport.org [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        traffic.brand-wall.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .quartermedia.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revenuemax.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www4.smartadserver.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www4.smartadserver.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .netmediaeurope.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .downloads.netmediaeurope.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .downloads.netmediaeurope.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .downloads.netmediaeurope.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .microsoftsto.112.2o7.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .c1.atdmt.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revenuemax.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        adx2.chip.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .mm.chitika.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        banner.testberichte.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        zbox.zanox.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .cdn.lfstmedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .cdn.lfstmedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .cdn.lfstmedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .bizrate.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .bizrate.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .srv.resultsmedia.biz [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NADDEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QHUDDM4J.DEFAULT\COOKIES.SQLITE ]

Adware.Somoto
        C:\$RECYCLE.BIN\S-1-5-21-229999014-1990505316-589686378-1000\$RS681DB.EXE
Log Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Naddel :: NADDEL-PC [Administrator]

24.10.2012 20:13:24
mbam-log-2012-10-24 (21-15-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 386397
Laufzeit: 1 Stunde(n), 1 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\$Recycle.Bin\S-1-5-21-229999014-1990505316-589686378-1000\$RS681DB.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt.

(Ende)
Bitte wieder einmal um Hilfe...

Vielen Dank und liebe Grüße
Nadine

cosinus 24.10.2012 21:38
Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg. Das andere ist nur ein gelöschtes Element im Papierkorb, weg damit.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Nadine47077 25.10.2012 20:44
Hallo cosinus,

der Papierkorb ist geleert, die Cookies gelöscht. Ist der PUP.BundleInstaller damit auch eleminiert?

Das mit dem MVPS Hosts File finde ich sehr interessant und habe mir den Link mal angeschaut. Aber das Ganze übersteigt doch meine PC-und Englisch-Kenntnisse *g*

Ansonsten scheint der PC wieder in Ordnung zu sein.

Hiermit möche ich mich nochmals gaaaaaanz herzlich für die Hilfe bedanken ..:abklatsch:

Liebe Grüße
Nadine

cosinus 25.10.2012 22:09
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Scan machen, aber immer vorher ans Update denken.

Es empfiehlt sich auf jeden Fall nach der beseitigten Infektion auch möglichst alle Passwörter zu ändern.

Abschließend ein ganz wichtiger Punkt: Absicherung des Rechners, aktualisieren der Programme siehe http://www.trojaner-board.de/96344-a...tml#post627442


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131