Trojaner-Board - GVU mit CAM auf Kinox.to

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - GVU mit CAM auf Kinox.to (https://www.trojaner-board.de/128381-gvu-cam-kinox-to.html)

GVU mit CAM auf Kinox.to

Hi,

war am surfen als plötzlich sich ne Seite öffnete mit "Ihr Computer ist gesperrt", Strafverfolgungen nach mehreren Paragraphen und einem Countdown für nen "Paysafekonto" von 100 € einschließlich meiner aktitvierten Cam und IP-Adresse, sowie Standort etc. laut GVU.

Da ich kein Plan von PC`s hab, dachte ich mir machste mal per Taskmanager das Ding weg, und gut ist. War natürlich nicht der Fall.

Nach ner misslungenden Systemwiederherstellung und aktiven Internetverbindung kam die Seite von alleine wieder und das gleiche war der Fall.

Hab das mal gegoogelt, wobei mir laut den gegoogelten Bildern schon klar war, dass nicht meiner dabei ist. Anscheind nen sehr neuer.

Bin als erstes nach

hxxp://www.chip.de/news/Bundespolizei-Virus-entfernen-PC-entsperren_50761972.html

vorgegangen und nach dem scan des gebooteten Sticks wars immer noch nicht behoben.

Hab dann mal weiter gegoogelt und bin auf

hxxp://www.evild3ad.com/1875/reveton-c-gvu-trojaner-mit-webcam-entfernen-win7/

gestoßen. Bin so vorgegangen, hab die Dateien gelöscht und sieh an, der Mozilla firefox funktioniert wieder.

Nen Kollege hat mir empfolen, das alles hier nochmal zu beschreiben nur um auf Nr. sicher zu gehen.

Danke schonmal.

Hi
wann lernt ihrs denn endlich, kinox.to und konsorten bieten illegalen Inhalt an, das tun die nicht, weil sie euch mögen, die wollen Geld verdienen, und, wenn man schon illegalen Inhalt anbietet, kann man ja auch gleich mit Autoren von Malware zusammenarbeiten um den Gewinn zu mehren...
also, Finger weg von solchen Schrottseiten.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

C:\Windows\system32\*.tsp

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

explorer.exe

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\*.dll /lockedfiles

%USERPROFILE%\*.*

%USERPROFILE%\Local Settings\Temp\*.exe

%USERPROFILE%\Local Settings\Temp\*.dll

%USERPROFILE%\Application Data\*.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 20.12.2012 17:35:49 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alice\Desktop

 Home Premium Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,75 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 76,71% Memory free

7,50 Gb Paging File | 6,45 Gb Available in Paging File | 85,99% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 256,99 Gb Total Space | 149,43 Gb Free Space | 58,15% Space Free | Partition Type: NTFS

Drive D: | 40,00 Gb Total Space | 26,19 Gb Free Space | 65,47% Space Free | Partition Type: NTFS

 

Computer Name: BUNSE | User Name: Alice | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.12.20 17:33:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe

PRC - [2012.11.06 11:46:42 | 002,611,328 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTShellHlp.exe

PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2012.08.08 21:35:42 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.06.11 12:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

PRC - [2012.05.08 21:00:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 21:00:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.08 21:00:51 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011.01.07 15:55:40 | 001,797,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe

PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2010.06.22 14:07:46 | 002,478,080 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MGSysCtrl.exe

PRC - [2010.06.08 21:52:30 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2010.06.08 21:52:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2010.06.08 16:19:14 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe

PRC - [2009.05.11 16:35:30 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibtmon.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.12.08 00:12:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.06.11 12:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV - [2012.05.08 21:00:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.08 21:00:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)

SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.06.08 21:52:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.07.09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Disabled | Stopped] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM)

SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.12.20 15:10:38 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)

DRV - [2012.05.08 21:00:52 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.08 21:00:52 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.03.05 15:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)

DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.06.09 00:53:34 | 005,551,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2010.06.08 21:19:18 | 000,176,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2010.05.26 16:59:52 | 000,136,304 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2010.05.06 04:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2010.04.01 09:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)

DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)

DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)

DRV - [2009.12.02 14:01:06 | 000,168,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {84965E3F-D633-47BA-B913-9A0B223490E8}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\..\SearchScopes\{84965E3F-D633-47BA-B913-9A0B223490E8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Plasmoo"

FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"

FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledAddons: engine%40plasmoo.com:1.0.0.32

FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.16.0.3

FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Alice\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.20 20:38:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.08 00:12:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 19:28:50 | 000,000,000 | ---D | M]

 

[2010.08.03 13:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\Extensions

[2012.11.06 18:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions

[2012.07.25 08:26:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.11.06 18:17:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2011.03.26 02:59:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\engine@conduit.com

[2011.07.07 12:44:06 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\engine@plasmoo.com

[2010.10.17 12:59:56 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\vshare@toolbar

[2011.08.14 17:01:25 | 000,090,118 | ---- | M] () (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi

[2011.03.05 15:04:57 | 000,000,873 | ---- | M] () -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\searchplugins\conduit.xml

[2012.12.18 11:05:05 | 000,001,056 | ---- | M] () -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\searchplugins\icqplugin.xml

[2011.04.28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\searchplugins\plasmoo.xml

[2012.10.12 19:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.12.08 00:12:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll

[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2012.02.12 17:58:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.09 20:47:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.12 17:58:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.12 17:58:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.12 17:58:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.12 17:58:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)

O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found

O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3419D85-E322-4433-9B6A-C9BB26D39093}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^Users^Alice^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip -  - File not found

MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

MsConfig - State: "startup" - 2

MsConfig - State: "services" - 2

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.20 17:33:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe

[2012.12.20 16:31:49 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2012.12.20 15:57:19 | 000,000,000 | ---D | C] -- C:\Users\Alice\Desktop\SARDU_2.0.6.2

[2012.12.20 15:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

[2012.12.20 15:10:38 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2012.12.20 15:10:35 | 000,000,000 | ---D | C] -- C:\Users\Alice\AppData\Roaming\DAEMON Tools Lite

[2012.12.20 15:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite

[2012.12.20 15:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite

[2012.12.20 15:09:47 | 014,682,176 | ---- | C] (DT Soft Ltd) -- C:\Users\Alice\Desktop\DTLite4461-0327.exe

[2012.12.15 16:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA

[2012.12.15 16:54:59 | 000,000,000 | ---D | C] -- C:\Star Wars-The Old Republic

[2012.12.13 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\Alice\AppData\Local\{0713CD0A-E4E0-4A94-8286-FEBC7F98148C}

[2012.01.01 18:42:16 | 000,021,504 | ---- | C] (deepxw) -- C:\Users\Alice\AppData\Local\Wtrmrk.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.20 17:33:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe

[2012.12.20 16:26:01 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.20 16:26:01 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.20 16:22:22 | 000,680,058 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.12.20 16:22:22 | 000,629,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.12.20 16:22:22 | 000,139,880 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.12.20 16:22:22 | 000,115,058 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.12.20 16:18:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.20 16:18:05 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys

[2012.12.20 15:56:16 | 013,479,174 | ---- | M] () -- C:\Users\Alice\Desktop\SARDU_2.0.6.2.zip

[2012.12.20 15:11:38 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

[2012.12.20 15:10:38 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2012.12.20 15:09:06 | 014,682,176 | ---- | M] (DT Soft Ltd) -- C:\Users\Alice\Desktop\DTLite4461-0327.exe

[2012.12.20 14:50:14 | 381,210,453 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.12.15 16:55:02 | 000,000,736 | ---- | M] () -- C:\Users\Alice\Star Wars - The Old Republic.lnk

[2012.12.13 00:18:15 | 000,333,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.12.20 15:57:13 | 013,479,174 | ---- | C] () -- C:\Users\Alice\Desktop\SARDU_2.0.6.2.zip

[2012.12.20 15:11:38 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

[2012.12.15 16:55:02 | 000,000,736 | ---- | C] () -- C:\Users\Alice\Star Wars - The Old Republic.lnk

[2012.09.05 09:41:32 | 000,000,224 | ---- | C] () -- C:\Users\Alice\AppData\Roaming\wklnhst.dat

[2012.09.02 09:20:55 | 000,000,908 | ---- | C] () -- C:\Users\Alice\World of Warcraft.lnk

[2012.07.23 09:24:59 | 000,001,993 | ---- | C] () -- C:\Users\Alice\Adobe Reader X.lnk

[2012.06.11 12:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe

[2012.05.14 17:52:46 | 000,000,941 | ---- | C] () -- C:\Users\Alice\Diablo III.lnk

[2012.04.14 11:54:47 | 000,000,366 | ---- | C] () -- C:\Users\Alice\WoW.lnk

[2012.04.08 12:27:50 | 000,002,187 | ---- | C] () -- C:\Users\Alice\AION.lnk

[2012.03.09 05:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat

[2012.03.09 05:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat

[2012.02.17 21:59:32 | 000,000,093 | ---- | C] () -- C:\Users\Alice\AppData\Local\fusioncache.dat

[2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll

[2012.01.14 19:59:13 | 000,001,055 | ---- | C] () -- C:\Users\Alice\PokerStars.net.lnk

[2012.01.01 18:42:16 | 002,076,309 | ---- | C] () -- C:\Users\Alice\AppData\Local\ntkrlICE.exe

[2012.01.01 18:42:16 | 000,570,073 | ---- | C] () -- C:\Users\Alice\AppData\Local\gui.exe

[2012.01.01 18:42:16 | 000,397,900 | ---- | C] () -- C:\Users\Alice\AppData\Local\4GB_GER.exe

[2012.01.01 18:42:16 | 000,397,900 | ---- | C] () -- C:\Users\Alice\AppData\Local\4GB_EN.exe

[2012.01.01 18:42:16 | 000,000,518 | ---- | C] () -- C:\Users\Alice\AppData\Local\UNAWAVE_EN.url

[2012.01.01 18:42:16 | 000,000,240 | ---- | C] () -- C:\Users\Alice\AppData\Local\UPDATE.url

[2012.01.01 18:42:16 | 000,000,216 | ---- | C] () -- C:\Users\Alice\AppData\Local\UNAWAVE_GER.url

[2012.01.01 17:52:31 | 000,007,597 | ---- | C] () -- C:\Users\Alice\AppData\Local\Resmon.ResmonCfg

[2011.12.25 03:21:52 | 000,001,586 | ---- | C] () -- C:\Users\Alice\DivX Movies.lnk

[2011.12.25 03:21:37 | 000,001,086 | ---- | C] () -- C:\Users\Alice\DivX Plus Player.lnk

[2011.10.18 18:02:10 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011.10.06 20:35:16 | 000,411,744 | ---- | C] () -- C:\Users\Alice\Dok1.odt

[2011.10.03 14:28:23 | 000,001,586 | ---- | C] () -- C:\Users\Alice\DivX Movies (2).lnk

[2011.08.13 11:03:20 | 000,001,360 | ---- | C] () -- C:\Users\Alice\Free YouTube to MP3 Converter.lnk

[2011.08.13 11:03:20 | 000,001,257 | ---- | C] () -- C:\Users\Alice\Free Audio CD Burner.lnk

[2011.08.13 11:03:20 | 000,001,201 | ---- | C] () -- C:\Users\Alice\DVDVideoSoft Free Studio.lnk

[2011.08.13 10:57:52 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2011.06.10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2011.04.05 13:36:29 | 000,002,066 | ---- | C] () -- C:\Users\Alice\DivX Plus Converter.lnk

[2011.01.28 21:45:56 | 000,001,085 | ---- | C] () -- C:\Users\Alice\Audiograbber.lnk

[2011.01.15 16:53:50 | 000,000,550 | ---- | C] () -- C:\Windows\cdplayer.ini

[2010.08.28 16:10:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.06.23 03:04:00 | 000,002,690 | ---- | C] () -- C:\Users\Alice\Medion MediaPack.lnk

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.12.20 15:12:10 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\DAEMON Tools Lite

[2012.10.05 17:43:55 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Dropbox

[2012.11.03 13:18:35 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\DVDVideoSoft

[2010.10.02 10:57:35 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Electronic Arts

[2012.10.19 21:35:55 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\ICQ

[2011.11.15 14:52:10 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Mumble

[2012.10.20 12:22:11 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\SoftGrid Client

[2012.09.05 09:41:34 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Template

[2011.05.17 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\TP

[2012.11.06 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\TS3Client

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2012.05.15 04:59:33 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2012.04.22 10:28:19 | 000,000,000 | ---D | M] -- C:\AMD

[2012.05.14 18:15:20 | 000,000,000 | ---D | M] -- C:\Diablo 3

[2010.08.03 10:25:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2012.12.20 16:41:42 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0

[2012.12.20 15:10:33 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.12.20 16:15:01 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2010.08.03 10:25:53 | 000,000,000 | -HSD | M] -- C:\Programme

[2010.08.03 10:25:53 | 000,000,000 | -HSD | M] -- C:\Recovery

[2012.12.15 17:19:24 | 000,000,000 | ---D | M] -- C:\Star Wars-The Old Republic

[2012.12.20 17:40:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012.12.15 16:54:08 | 000,000,000 | R--D | M] -- C:\Users

[2012.12.20 14:50:14 | 000,000,000 | ---D | M] -- C:\Windows

[2012.11.01 15:05:59 | 000,000,000 | ---D | M] -- C:\World of Warcraft

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

[2012.01.01 18:51:28 | 000,397,900 | ---- | M] () -- C:\Users\Alice\AppData\Local\4GB_EN.exe

[2012.01.01 18:51:28 | 000,397,900 | ---- | M] () -- C:\Users\Alice\AppData\Local\4GB_GER.exe

[2012.01.01 18:51:28 | 000,570,073 | ---- | M] () -- C:\Users\Alice\AppData\Local\gui.exe

[2012.01.01 18:51:28 | 002,076,309 | ---- | M] () -- C:\Users\Alice\AppData\Local\ntkrlICE.exe

[2012.01.01 18:51:28 | 000,021,504 | ---- | M] (deepxw) -- C:\Users\Alice\AppData\Local\Wtrmrk.exe

 
 < %systemroot%\*. /mp /s >

 
 < C:\Windows\system32\*.tsp >

[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp

[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp

[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp

[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp

[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp

[2009.07.14 05:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll

 
 < %USERPROFILE%\*.* >

[2012.07.23 09:24:59 | 000,001,993 | ---- | M] () -- C:\Users\Alice\Adobe Reader X.lnk

[2012.04.08 12:27:50 | 000,002,187 | ---- | M] () -- C:\Users\Alice\AION.lnk

[2012.02.27 16:49:40 | 000,000,016 | ---- | M] () -- C:\Users\Alice\andre.txt

[2011.01.28 21:45:56 | 000,001,085 | ---- | M] () -- C:\Users\Alice\Audiograbber.lnk

[2012.05.14 18:15:23 | 000,000,941 | ---- | M] () -- C:\Users\Alice\Diablo III.lnk

[2011.10.03 14:28:23 | 000,001,586 | ---- | M] () -- C:\Users\Alice\DivX Movies (2).lnk

[2011.12.25 03:21:52 | 000,001,586 | ---- | M] () -- C:\Users\Alice\DivX Movies.lnk

[2011.04.05 13:36:29 | 000,002,066 | ---- | M] () -- C:\Users\Alice\DivX Plus Converter.lnk

[2011.12.25 03:21:37 | 000,001,086 | ---- | M] () -- C:\Users\Alice\DivX Plus Player.lnk

[2011.10.06 20:35:23 | 000,411,744 | ---- | M] () -- C:\Users\Alice\Dok1.odt

[2011.08.13 11:03:20 | 000,001,201 | ---- | M] () -- C:\Users\Alice\DVDVideoSoft Free Studio.lnk

[2011.08.13 11:03:20 | 000,001,257 | ---- | M] () -- C:\Users\Alice\Free Audio CD Burner.lnk

[2011.08.13 11:03:20 | 000,001,360 | ---- | M] () -- C:\Users\Alice\Free YouTube to MP3 Converter.lnk

[2010.06.23 03:05:13 | 000,002,690 | ---- | M] () -- C:\Users\Alice\Medion MediaPack.lnk

[2012.12.20 17:57:09 | 002,359,296 | -HS- | M] () -- C:\Users\Alice\ntuser.dat

[2012.12.20 17:57:09 | 000,262,144 | -HS- | M] () -- C:\Users\Alice\ntuser.dat.LOG1

[2012.11.19 17:15:59 | 000,262,144 | -HS- | M] () -- C:\Users\Alice\ntuser.dat.LOG2

[2010.08.03 10:26:32 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2010.08.03 10:26:32 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2010.08.03 10:26:32 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2012.08.29 18:10:34 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{b638a02c-f1f4-11e1-8a5c-406186af99e2}.TM.blf

[2012.08.29 18:10:34 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{b638a02c-f1f4-11e1-8a5c-406186af99e2}.TMContainer00000000000000000001.regtrans-ms

[2012.08.29 18:10:34 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{b638a02c-f1f4-11e1-8a5c-406186af99e2}.TMContainer00000000000000000002.regtrans-ms

[2011.04.11 16:15:05 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{bf7a6eef-643f-11e0-b7b9-406186af99e2}.TM.blf

[2011.04.11 16:15:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{bf7a6eef-643f-11e0-b7b9-406186af99e2}.TMContainer00000000000000000001.regtrans-ms

[2011.04.11 16:15:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{bf7a6eef-643f-11e0-b7b9-406186af99e2}.TMContainer00000000000000000002.regtrans-ms

[2012.09.05 16:10:05 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{c76e392b-f72d-11e1-841c-406186af99e2}.TM.blf

[2012.09.05 16:10:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{c76e392b-f72d-11e1-841c-406186af99e2}.TMContainer00000000000000000001.regtrans-ms

[2012.09.05 16:10:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{c76e392b-f72d-11e1-841c-406186af99e2}.TMContainer00000000000000000002.regtrans-ms

[2011.11.03 16:37:13 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{fac46e5f-0613-11e1-be1f-406186af99e2}.TM.blf

[2011.11.03 16:37:13 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{fac46e5f-0613-11e1-be1f-406186af99e2}.TMContainer00000000000000000001.regtrans-ms

[2011.11.03 16:37:13 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{fac46e5f-0613-11e1-be1f-406186af99e2}.TMContainer00000000000000000002.regtrans-ms

[2010.08.03 10:26:33 | 000,000,020 | -HS- | M] () -- C:\Users\Alice\ntuser.ini

[2012.01.14 19:59:13 | 000,001,055 | ---- | M] () -- C:\Users\Alice\PokerStars.net.lnk

[2012.12.15 16:55:02 | 000,000,736 | ---- | M] () -- C:\Users\Alice\Star Wars - The Old Republic.lnk

[2012.04.21 18:20:47 | 000,035,328 | -HS- | M] () -- C:\Users\Alice\Thumbs.db

[2012.09.02 09:21:25 | 000,000,908 | ---- | M] () -- C:\Users\Alice\World of Warcraft.lnk

[2012.04.14 11:54:47 | 000,000,366 | ---- | M] () -- C:\Users\Alice\WoW.lnk

[2012.04.14 16:47:14 | 000,000,016 | ---- | M] () -- C:\Users\Alice\Zuhause.txt

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

 
 <           >
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 20.12.2012 17:35:49 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alice\Desktop

 Home Premium Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,75 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 76,71% Memory free

7,50 Gb Paging File | 6,45 Gb Available in Paging File | 85,99% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 256,99 Gb Total Space | 149,43 Gb Free Space | 58,15% Space Free | Partition Type: NTFS

Drive D: | 40,00 Gb Total Space | 26,19 Gb Free Space | 65,47% Space Free | Partition Type: NTFS

 

Computer Name: BUNSE | User Name: Alice | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{000BBA56-A75A-4C38-8ABD-F7DF13E1DAA0}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{032DF29F-B567-404A-99EE-526D1918F386}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{05171F89-EAF5-418B-8427-D5112EF50861}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{08E17A8E-AD70-4CCD-8C8B-D8ECE9F1F6EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{0B342F8F-BC64-483F-A137-3F5606542D2B}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{10383BDE-F838-4F06-8B76-503C9AC6A036}" = rport=137 | protocol=17 | dir=out | app=system | 

"{1A7B8E4C-8092-4D2F-BFF8-C515BB8797A6}" = lport=138 | protocol=17 | dir=in | app=system | 

"{1E788448-D236-437B-A68F-AD0320603435}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{22D7CFE4-EB65-495D-B1C5-4972263933AD}" = rport=445 | protocol=6 | dir=out | app=system | 

"{23A42691-89A8-498E-B6A9-B005DBCBAFD0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{2488882C-7BF0-44AB-97C1-2E130ED8B693}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{250909EB-9F48-4202-9BB7-F1B9B226A8C6}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{2A90946D-DBFA-4A74-8935-94937AF992D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{2C5DCF18-6B09-47BD-BD13-36953F810A32}" = rport=139 | protocol=6 | dir=out | app=system | 

"{344FCD98-9BCF-4760-BB0E-294B33FF56AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{3E3E9E8C-263B-44A4-8C03-46E687788E43}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{472C205E-833E-48E1-A828-EC0EB27A6BD2}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{4A0B0D5C-BB57-4D26-BBEF-024B1D07300B}" = lport=445 | protocol=6 | dir=in | app=system | 

"{53EB3596-0EDA-40C0-8027-DF6FBF81F492}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{58E44565-67F1-44EC-A003-8962197C58D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{5BC3A91E-C7E9-4277-992C-B69881665434}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{5BFA859A-25EE-4CC8-AFA5-271649CCA713}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{60BBB308-89AB-4F9D-96B8-060540B9195E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{78E43A6F-8C00-4B0F-8028-22377986796E}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{7CB14377-FD78-4223-9D06-E8825607FA89}" = lport=139 | protocol=6 | dir=in | app=system | 

"{84E2DC43-12F0-41A3-AFDF-8B9669E27FAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{87E9F6DA-9982-47F1-AC0B-EDC1C50EDA3E}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{8A3EC12F-6555-4AF8-8E0C-3FF9E004FA6F}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{95234416-0EAF-4242-AD3A-B085F374FBD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{A6B700F4-9912-4DC6-A993-4584B10DEE53}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{A7B070A2-BC08-4DC2-9AEE-076A6D9D88CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{AEF7F456-B339-412E-BCBA-1CE7C1FC33B5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{AFD5AC08-5077-4120-A6B6-C4635D1541D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{B28DC406-8484-4AD8-87BC-B22D9EA52719}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{BC5FBC3F-D46A-48C3-ABFB-09A62B5D9310}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{BF318625-3D24-495F-9824-9DFCCA727EB4}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{BF342F57-5F7B-460E-AAFF-A7ACFCF72124}" = rport=138 | protocol=17 | dir=out | app=system | 

"{C2F75073-F3EB-4E24-B4FB-BDCD7CB1E39A}" = lport=137 | protocol=17 | dir=in | app=system | 

"{CB6FE9C3-42EB-4D56-B39C-E70808F99C59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{E251257A-D7D0-4696-87BE-B7671E393741}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{E8FC85BB-521B-489F-A5F3-75D695FD4BEB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{E9C2DD56-E564-413C-AC5E-F648CEA23B8F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{FDC24C2C-9077-4625-A683-6FE29FFF5260}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00B8599B-758E-4761-A49F-974F50462CD7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{05890410-49A7-460E-AAF9-4662D5F98D07}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"{076E37A9-1489-4F88-8252-79126C6178D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{07CCE69B-1A4D-4E1B-8F31-27640EF7A016}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 

"{0DF6327B-F168-4A63-B411-F1A29BEFE336}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 

"{0E0BE800-57DC-46A0-B4FF-21AB5143B80D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{19D3CD51-ABC9-49B9-86E3-0F3684CBF344}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{28F11474-2117-410E-9E03-67FBFBF47386}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 

"{2989FB79-A6D6-4E15-B80F-F7A49EF3712D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{2B772306-583D-42E2-8A46-C8EBE466D055}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 

"{2C28377C-4976-4DE0-A54D-FFF9FE6F10AA}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 

"{2D5E5FB0-BCBD-4B7F-A85A-E88273CA13DC}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{2F0169E5-8BC0-4E84-A006-C5D69030EC43}" = protocol=6 | dir=in | app=c:\star wars-the old republic\launcher.exe | 

"{2F38012C-F4FD-4F9D-9922-4F5373123B8B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{31DDA071-2660-41FA-9755-257CB6318B9E}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe | 

"{3B2123F9-C90A-4A43-A1E7-C170EEC1E697}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{404D4394-1F79-4EB9-A7DB-C3115D0083BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{423FB6BE-C247-4C0E-93E8-2CDDF8ABF9AB}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe | 

"{434F297A-0882-4A51-85B8-09503CDD481A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{43E855B8-7256-410E-AE49-B7735FCF3348}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{498DDF9A-1948-4AD6-939C-2F598AF0C67B}" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 

"{499C9CD9-28E1-4518-B2A1-B356B91A9E19}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{4BABEA70-9F41-4D34-A44F-589FA035C288}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{4ECF2C20-9FFE-4CBE-8128-63CA33B3B1DF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{505F75B6-0DF4-4FA7-9E8A-F0843A4FDB98}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{52D29D5F-E709-4443-ADD8-B1BFD78B6265}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{53B5D205-F94D-4F7B-9164-6951FAF6EAC6}" = protocol=17 | dir=in | app=c:\diablo 3\diablo iii\diablo iii.exe | 

"{559375B6-1FB0-4D87-8B1F-06451A0D17F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 

"{55BF6CC1-68E9-4010-BDC0-81FADF17D1B3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 

"{578BC725-B1EC-48E5-BDEA-5F7E5DD35BBA}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 

"{5D14DD7A-B000-4353-8A9E-EDBC8E6681C6}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 

"{61B059D8-F145-4CFC-B0EA-0146AA31E283}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{62A1652A-CBDE-47D3-BD31-49DA5B2B0F07}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{63C176CF-256E-4B72-8DE9-568176CFC064}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{63C35551-A45C-4CFA-8DA9-56DEDF349290}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 

"{761BBEAC-CA44-44CD-9893-4683E48D9768}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 

"{778FC48E-90DC-44BE-B97A-CF7AA5D26129}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{7B874C27-5131-458A-B6EC-7FAB69602A73}" = protocol=17 | dir=in | app=c:\star wars-the old republic\launcher.exe | 

"{7B8F5D01-9071-4005-B044-79444DB66941}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{80D7695E-E6EB-448B-A9F2-0C621FE355CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{86B1ADB3-7418-42A7-9919-41174F952B3E}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe | 

"{87E51C75-1608-4371-8994-6E66849447E5}" = protocol=6 | dir=in | app=c:\diablo 3\diablo iii\diablo iii.exe | 

"{896E12D0-5356-4613-8910-B6F60EE9E9D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{89BF43A9-5B92-453B-ACFD-8C4BBE412B5D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 

"{8AE7D4D8-BE73-4CA3-B750-D7113D748474}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{9486E511-1DE2-4EB4-A420-4E8D7A167BBC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{960101DC-051D-464B-9DDC-555AA99C0760}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 

"{966765C5-F8B0-4890-9258-57B42622AAC2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"{968F302E-82AB-4F76-B923-ABE793752B81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{97786589-06D3-45FD-A19A-21B521A5EF91}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 

"{9A515C14-7C2A-4EA5-80AB-3A444D67D726}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{9C83C18D-C3CA-44E3-87A4-DBEC98A57E79}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{9DDFF6F5-143C-48D2-A3AA-C91DF0983161}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 

"{9E037D9C-8088-469B-9EB9-34DF12B94B32}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 

"{A01FEE12-7DD5-46DE-9BEA-D01767E8CB8B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{A29CA614-527A-4AA6-9232-E10F635DE85C}" = protocol=6 | dir=out | app=system | 

"{A6023236-47CF-42DC-9CD1-703C1200C864}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{AF369903-3F43-4205-B688-28B1A5F2E108}" = protocol=6 | dir=in | app=c:\star wars-the old republic\launcher.exe | 

"{B18D957B-7F0D-4B95-B123-FA2178335E08}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{B1CD8363-DAF8-408B-8C76-F32F7F0A0488}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{B5A54266-C545-43E5-9E20-954E29724866}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{C04D3088-F2D4-4A4C-A35D-708F2C956ED0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{C0D2141B-5501-4884-BE65-09BF743232F1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 

"{C15F9BC7-E325-4F19-8CC1-826718EE5923}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{C175AEF0-9A17-4F4A-B522-88FBDBDF157D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 

"{C2D147CC-BB0F-4682-861F-35E6F20566D9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 

"{C378FB0A-D84D-46D9-878F-653733165BFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C940A863-B6E5-4AE7-92BF-449D97657A87}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{CD7AFC79-B3FC-4D78-A7F0-040DF4F503AC}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe | 

"{CF011444-F01B-4F89-A331-ED33014819EC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{D03F2DA8-C06A-4684-AE42-E6B1CA788856}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 

"{D27D00B3-083E-47EA-9B3C-45614084C2F1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{D36C5F63-A59C-4D07-91C4-24DEC5B484FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{DBC17997-DFB7-40F1-81F1-2EBE7EBE01B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{DF9FE081-EAF6-4592-8A76-31444429AD2C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{DFC54914-750B-4832-9DFB-BA68806C27AD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{E17EAC0E-58EC-4C1E-B37F-7067454A937C}" = protocol=17 | dir=in | app=c:\star wars-the old republic\launcher.exe | 

"{E2305DDB-D0E2-4FF2-886C-5A20C51F57D0}" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 

"{F05A0424-B995-4D96-B416-3765ACA915DC}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{F7951146-E55D-4477-ACB3-E1F7C08DB309}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 

"{FBEB2D15-CF0E-43CA-A61C-9148623A2D35}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{FD436FDD-482F-42F4-89FA-BDD88689AAB5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{FE8C6353-D0D5-4556-A752-3AB1EE296EAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"TCP Query User{0677F68D-F8D3-45C4-AAFD-DD9883945407}C:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\blizzard downloader.exe | 

"TCP Query User{1B567286-E53E-4D0A-8055-7FE460604017}C:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 

"TCP Query User{1C54D7D4-AB77-4B33-B10D-3BB874B62EC8}C:\program files\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 

"TCP Query User{202A0F5C-1AB3-47E3-9A39-3591869E436F}C:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 

"TCP Query User{2BBB5999-9FE9-4612-ABD6-BE201E57FE21}C:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 

"TCP Query User{2FD30378-9295-47AE-BCE1-3DA068314594}C:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | 

"TCP Query User{2FFFBDA2-F605-483E-AAB9-A7B6E2B3D8DF}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 

"TCP Query User{30C1762F-A6BC-4BCF-B7EC-AC5C1BCFFBE1}C:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader.exe | 

"TCP Query User{3677523C-1B75-4E55-BA22-6FC269A6A11B}C:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe | 

"TCP Query User{371C5694-AB63-4574-8F74-CB63394FC177}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"TCP Query User{4354E0B6-A6EF-4524-8459-05D90AA22A79}C:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 

"TCP Query User{4971FA06-A26E-4243-8A19-515571D7BE4D}C:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 

"TCP Query User{5080CE8F-B956-46B5-A69A-85FC00E027A7}D:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe" = protocol=6 | dir=in | app=d:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe | 

"TCP Query User{542B54AD-AC05-4E8D-94C9-B41DCB2EF252}C:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 

"TCP Query User{56E3B3A5-3137-4FF3-ABF3-5CEEFA9B235C}C:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 

"TCP Query User{5F0B5B5A-01BA-4A18-A343-7C9386A048C5}C:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 

"TCP Query User{64F8FD31-5590-4305-AB06-A94E8ABCD776}C:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 

"TCP Query User{6A954AEA-A00F-470F-A114-490E0D140670}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe | 

"TCP Query User{6FC879B6-5D21-48B0-80AA-8AF01FBDAEAF}C:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=6 | dir=in | app=c:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | 

"TCP Query User{73A3B25C-A719-45E7-B5E3-4FFD7D8D29F9}C:\diablo 3\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\diablo 3\diablo iii\diablo iii.exe | 

"TCP Query User{7F485943-329A-422B-B45B-A307928E1465}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 

"TCP Query User{9D308879-A2E5-4FCE-9D57-A1A26E5DCCF4}C:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 

"TCP Query User{A475232B-1FAE-4B51-9645-CB0EBEFEEC6D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 

"TCP Query User{ADDAA587-B38C-45AF-833D-85F194BE8026}C:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | 

"TCP Query User{C15B588E-EBB5-406C-A045-D90016B5DD3E}C:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 

"TCP Query User{C3946789-0372-4F5A-BA70-517D02BE5227}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 

"TCP Query User{C58E15E1-8FD9-4CFA-BFB6-FDDDFA71977D}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"TCP Query User{DF6111B5-0508-4FA7-BA0B-2C57DB5851B0}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{E12D4D1E-DBA5-4035-905A-B6E4391289FC}C:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 

"TCP Query User{E6EFE641-FDC3-470D-8487-6BBC1E268100}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{E74C45A2-2933-4009-BBE9-28E1EEE465EF}C:\program files\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\der herr der ringe online\lotroclient.exe | 

"TCP Query User{E820A056-A2DE-484E-A24E-B474C55C5EC5}C:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 

"TCP Query User{E954CAF1-B143-470B-8695-D562DBC79CF3}C:\users\alice\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=6 | dir=in | app=c:\users\alice\appdata\local\temp\rarsfx0\medionfinder.exe | 

"TCP Query User{FA883158-E00B-4B96-8209-9DBD43C06E02}D:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe" = protocol=6 | dir=in | app=d:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe | 

"TCP Query User{FF8E3D57-2E8E-4DC6-B7FE-ED6F0B3718D5}C:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\blizzard downloader.exe | 

"UDP Query User{0056783F-0286-48C6-A2E1-81B3A4AF5053}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 

"UDP Query User{1E5C677C-EDCD-4878-90AE-FE3879512635}C:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 

"UDP Query User{1E692C5F-FA51-4189-A065-F6B0355F95A5}C:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader.exe | 

"UDP Query User{227C6A82-74D2-4FE0-A44A-4F788C99F086}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 

"UDP Query User{376A9C6B-8D72-4249-B50F-35D95018EB8B}C:\diablo 3\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\diablo 3\diablo iii\diablo iii.exe | 

"UDP Query User{3849FDB0-C3DE-4A36-9936-BCF31A66E7DE}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 

"UDP Query User{42E4BC09-2E5F-4937-A031-F788A2CD61B7}C:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\blizzard downloader.exe | 

"UDP Query User{4DDF033B-A2A5-4405-9BD3-E4094C1BA35B}C:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\blizzard downloader.exe | 

"UDP Query User{4E1C8789-7655-4BD0-8EA1-66429FBCF01C}D:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe" = protocol=17 | dir=in | app=d:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe | 

"UDP Query User{57CDBA0A-BA4A-4475-9C86-4980AAF488E7}C:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe | 

"UDP Query User{5E0E8180-8BB1-457D-B59E-A9A80205B8BE}C:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 

"UDP Query User{5F0E0AE4-C2E2-451C-A06C-A00CF041715F}C:\program files\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 

"UDP Query User{67D5DE74-9D7B-4651-A647-446DD1491821}C:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 

"UDP Query User{7B0F17FA-D101-4372-B3CD-4669E05AD599}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{7BDEDE15-29A4-4FEE-9E09-2AFC6FA0E372}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{7E1A9463-9EE6-4490-B4A7-77723EFEF628}C:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 

"UDP Query User{943DB850-6FDF-4478-97F5-B0898DE4C519}C:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=17 | dir=in | app=c:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | 

"UDP Query User{95153EB9-933F-4823-89A7-02AECF3C4CEA}C:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 

"UDP Query User{A14209C9-13E4-459E-988A-58C9D0F60121}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 

"UDP Query User{A168F898-3A36-4712-B601-AFB5582285D5}C:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 

"UDP Query User{A3BD498C-1CA2-40E6-BC1F-E2F2D3600019}C:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 

"UDP Query User{A4C7F28B-4154-41C2-BDF6-9B82D171A5D7}C:\program files\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\der herr der ringe online\lotroclient.exe | 

"UDP Query User{A5391F01-AFE9-4877-8563-ED5E4277ED3D}D:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe" = protocol=17 | dir=in | app=d:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe | 

"UDP Query User{AA271BCF-A636-426B-9FD2-A0478744F45C}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"UDP Query User{B5E2E7A8-6966-45A9-BB89-CD5A72655656}C:\users\alice\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=17 | dir=in | app=c:\users\alice\appdata\local\temp\rarsfx0\medionfinder.exe | 

"UDP Query User{B98CA27D-026F-4F7C-8A10-DB77E0DB18BE}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"UDP Query User{BEBE7044-4B79-4356-A0AF-8AC7C1EB84CD}C:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | 

"UDP Query User{BF83A4ED-C983-4E69-8F5E-285C1A132DA9}C:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 

"UDP Query User{C402C1EC-3717-49E5-B1E9-7274B7066B40}C:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 

"UDP Query User{C4C5DF37-1C11-4D6B-87F4-2BD7A77C44CA}C:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 

"UDP Query User{C90F588B-0732-403B-B439-EAC78D39A2CC}C:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 

"UDP Query User{CEF1FA9C-5B11-4C6E-A3A4-B0834367C38D}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe | 

"UDP Query User{E4098D2C-DCF3-4924-99FF-46342573B865}C:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | 

"UDP Query User{F1EFC08E-FDF3-40AE-9967-89595F34BCB3}C:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 

"UDP Query User{F6F976ED-3845-4F60-A24F-CB1F47C459F6}C:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4

"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE

"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian

"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All

"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = AMD VISION Engine Control Center

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish

"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish

"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN

"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai

"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard

"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync

"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German

"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play

"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian

"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6

"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese

"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010

"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch

"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common

"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver

"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime

"{A93F317E-722A-A1C9-0781-4128BFEF7A54}" = AMD Drag and Drop Transcoding

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B5239BF0-3547-E82B-1D1B-754F17EBBDC5}" = AMD Accelerated Video Transcoding

"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw

"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR

"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]

"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA

"{C028F57F-603A-AB6E-F2D0-1374EA538F8A}" = ccc-utility

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES

"{C725719D-AEEA-61C8-E732-E29513201D59}" = AMD Fuel

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension

"{CF45E5AA-4F5D-1188-CAA6-C2DE5ABBB389}" = Catalyst Control Center InstallProxy

"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech

"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support

"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian

"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish

"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian

"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English

"{EA75A269-0206-A2AA-D125-3F959E7EB72E}" = AMD Media Foundation Decoders

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FB11AC97-E48F-13E8-812E-1EAD76AF3146}" = AMD Catalyst Install Manager

"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)

"7-Zip" = 7-Zip 9.20

"97CEB8209F0BC014131F0864966F5B9C9345570E" = Windows Driver Package - Broadcom Bluetooth  (05/27/2009 6.1.7100.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio

"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander

"Ashampoo Snap_is1" = Ashampoo Snap

"Audiograbber" = Audiograbber 1.83 SE 

"Audiograbber-Lame" = Audiograbber MP3-Plugin

"Avira AntiVir Desktop" = Avira Free Antivirus

"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)

"conduitEngine" = Conduit Engine

"DAEMON Tools Lite" = DAEMON Tools Lite

"Diablo III" = Diablo III

"DivX Setup" = DivX-Setup

"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NCLauncher_GameForge" = NC Launcher (GameForge)

"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010

"PokerStars.net" = PokerStars.net

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Uninstall_is1" = Uninstall 1.0.0.1

"Veetle TV" = Veetle TV 0.9.18

"VLC media player" = VLC media player 1.1.2

"vShare.tv plugin" = vShare.tv plugin 1.3

"Winamp" = Winamp

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 (32-Bit)

"World of Warcraft" = World of Warcraft

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.3.0

"UnityWebPlayer" = Unity Web Player

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 23.11.2012 09:14:22 | Computer Name = Bunse | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385,

 Zeitstempel: 0x4a5bc225  Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.279,

 Zeitstempel: 0x4c0f00e7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001dbe31  ID des fehlerhaften

 Prozesses: 0xc24  Startzeit der fehlerhaften Anwendung: 0x01cdc97c72703a47  Pfad der

 fehlerhaften Anwendung: C:\Windows\system32\Dwm.exe  Pfad des fehlerhaften Moduls:

 C:\Windows\system32\atidxx32.dll  Berichtskennung: b1f676fe-356f-11e2-8430-406186af99e2

 

Error - 09.12.2012 09:56:02 | Computer Name = Bunse | Source = Application Hang | ID = 1002

Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ad0    Startzeit: 

01cdd614c1619cf9    Endzeit: 88    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
 

Berichts-ID:

 2801435c-4208-11e2-8af4-406186af99e2  

 

Error - 11.12.2012 15:29:16 | Computer Name = Bunse | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: HTTP-Status 400: Der Server kann die Anforderung aufgrund

 der ungültigen Syntax nicht verarbeiten.  

 

Error - 20.12.2012 07:03:30 | Computer Name = Bunse | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.

 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 

 

Error - 20.12.2012 07:37:10 | Computer Name = Bunse | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.

 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 

 

Error - 20.12.2012 09:50:53 | Computer Name = Bunse | Source = System Restore | ID = 8204

Description = 

 

Error - 20.12.2012 10:00:22 | Computer Name = Bunse | Source = System Restore | ID = 8204

Description = 

 

Error - 20.12.2012 10:10:04 | Computer Name = Bunse | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.

 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 

 

Error - 20.12.2012 10:53:24 | Computer Name = Bunse | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.

 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 

 

Error - 20.12.2012 11:04:59 | Computer Name = Bunse | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.

 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 

 

[ System Events ]

Error - 20.12.2012 11:08:02 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 20.12.2012 11:08:02 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 20.12.2012 11:08:02 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 20.12.2012 11:08:02 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 20.12.2012 11:08:02 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 20.12.2012 11:10:36 | Computer Name = Bunse | Source = DCOM | ID = 10005

Description = 

 

Error - 20.12.2012 11:10:36 | Computer Name = Bunse | Source = DCOM | ID = 10005

Description = 

 

Error - 20.12.2012 11:10:36 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 20.12.2012 11:15:45 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 20.12.2012 13:26:31 | Computer Name = Bunse | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst AntiVirSchedulerService erreicht.

 

 

< End of report >

--- --- ---

download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

21:39:19.0292 3504 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:39:19.0900 3504 ============================================================
21:39:19.0900 3504 Current date / time: 2012/12/20 21:39:19.0900
21:39:19.0900 3504 SystemInfo:
21:39:19.0900 3504
21:39:19.0900 3504 OS Version: 6.1.7600 ServicePack: 1.0
21:39:19.0900 3504 Product type: Workstation
21:39:19.0900 3504 ComputerName: BUNSE
21:39:19.0900 3504 UserName: Alice
21:39:19.0900 3504 Windows directory: C:\Windows
21:39:19.0900 3504 System windows directory: C:\Windows
21:39:19.0900 3504 Processor architecture: Intel x86
21:39:19.0900 3504 Number of processors: 2
21:39:19.0900 3504 Page size: 0x1000
21:39:19.0900 3504 Boot type: Normal boot
21:39:19.0900 3504 ============================================================
21:39:20.0961 3504 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:39:20.0961 3504 ============================================================
21:39:20.0961 3504 \Device\Harddisk0\DR0:
21:39:20.0961 3504 MBR partitions:
21:39:20.0961 3504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:39:20.0961 3504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x201FA800
21:39:20.0961 3504 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2022D000, BlocksNum 0x5000000
21:39:20.0961 3504 ============================================================
21:39:20.0976 3504 C: <-> \Device\Harddisk0\DR0\Partition2
21:39:21.0023 3504 D: <-> \Device\Harddisk0\DR0\Partition3
21:39:21.0023 3504 ============================================================
21:39:21.0023 3504 Initialize success
21:39:21.0023 3504 ============================================================
21:39:37.0263 1392 ============================================================
21:39:37.0263 1392 Scan started
21:39:37.0263 1392 Mode: Manual; SigCheck; TDLFS;
21:39:37.0263 1392 ============================================================
21:39:38.0058 1392 ================ Scan system memory ========================
21:39:38.0058 1392 System memory - ok
21:39:38.0058 1392 ================ Scan services =============================
21:39:38.0214 1392 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:39:38.0667 1392 1394ohci - ok
21:39:38.0682 1392 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:39:38.0714 1392 ACPI - ok
21:39:38.0729 1392 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:39:38.0979 1392 AcpiPmi - ok
21:39:39.0104 1392 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:39:39.0119 1392 AdobeARMservice - ok
21:39:39.0150 1392 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:39:39.0182 1392 adp94xx - ok
21:39:39.0197 1392 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:39:39.0213 1392 adpahci - ok
21:39:39.0228 1392 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:39:39.0244 1392 adpu320 - ok
21:39:39.0260 1392 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:39:39.0275 1392 AeLookupSvc - ok
21:39:39.0322 1392 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:39:39.0338 1392 AFD - ok
21:39:39.0369 1392 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:39:39.0384 1392 agp440 - ok
21:39:39.0416 1392 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:39:39.0431 1392 aic78xx - ok
21:39:39.0462 1392 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:39:39.0603 1392 ALG - ok
21:39:39.0618 1392 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:39:39.0634 1392 aliide - ok
21:39:39.0665 1392 [ A7406A311896BDDA7E382D206FD19DC7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:39:39.0681 1392 AMD External Events Utility - ok
21:39:39.0743 1392 AMD FUEL Service - ok
21:39:39.0759 1392 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:39:39.0774 1392 amdagp - ok
21:39:39.0806 1392 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:39:39.0821 1392 amdide - ok
21:39:39.0852 1392 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
21:39:39.0884 1392 amdiox86 - ok
21:39:39.0915 1392 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:39:39.0930 1392 AmdK8 - ok
21:39:40.0071 1392 [ 88E064F0DDD48394EFE9368DC54A679B ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:39:40.0149 1392 amdkmdag - ok
21:39:40.0196 1392 [ 744E88CDA1E8C46D2EE37319456405CB ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:39:40.0211 1392 amdkmdap - ok
21:39:40.0274 1392 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:39:40.0289 1392 AmdPPM - ok
21:39:40.0336 1392 [ AF8E6573058C7B88651E76B4426F9E05 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
21:39:40.0383 1392 amdsata - ok
21:39:40.0398 1392 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:39:40.0445 1392 amdsbs - ok
21:39:40.0461 1392 [ 1FB960FB68C75AAE203C50D6B8004C16 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
21:39:40.0493 1392 amdxata - ok
21:39:40.0555 1392 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:39:40.0571 1392 AntiVirSchedulerService - ok
21:39:40.0618 1392 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:39:40.0618 1392 AntiVirService - ok
21:39:40.0665 1392 [ 40C15CE1B832B78CC2A2F61807058763 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
21:39:40.0711 1392 AODDriver4.1 - ok
21:39:40.0743 1392 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:39:40.0758 1392 AppID - ok
21:39:40.0789 1392 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:39:40.0821 1392 AppIDSvc - ok
21:39:40.0852 1392 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:39:40.0883 1392 Appinfo - ok
21:39:40.0961 1392 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:39:40.0977 1392 Apple Mobile Device - ok
21:39:40.0992 1392 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:39:41.0008 1392 arc - ok
21:39:41.0039 1392 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:39:41.0055 1392 arcsas - ok
21:39:41.0101 1392 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:39:41.0117 1392 aspnet_state - ok
21:39:41.0133 1392 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:39:41.0164 1392 AsyncMac - ok
21:39:41.0195 1392 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:39:41.0211 1392 atapi - ok
21:39:41.0257 1392 [ 434192D027A6A11E32E1C74C7C43E1ED ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
21:39:41.0320 1392 AtiHDAudioService - ok
21:39:41.0351 1392 [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
21:39:41.0367 1392 AtiHdmiService - ok
21:39:41.0382 1392 [ 4FFE74E33BD9170950116F0CA46EAC89 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
21:39:41.0413 1392 AtiPcie - ok
21:39:41.0460 1392 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:39:41.0523 1392 AudioEndpointBuilder - ok
21:39:41.0523 1392 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:39:41.0569 1392 Audiosrv - ok
21:39:41.0632 1392 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:39:41.0679 1392 avgntflt - ok
21:39:41.0710 1392 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:39:41.0757 1392 avipbb - ok
21:39:41.0772 1392 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:39:41.0803 1392 avkmgr - ok
21:39:41.0850 1392 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:39:41.0897 1392 AxInstSV - ok
21:39:41.0928 1392 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:39:41.0944 1392 b06bdrv - ok
21:39:41.0975 1392 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:39:41.0991 1392 b57nd60x - ok
21:39:42.0006 1392 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:39:42.0022 1392 BDESVC - ok
21:39:42.0037 1392 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:39:42.0069 1392 Beep - ok
21:39:42.0115 1392 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:39:42.0162 1392 BFE - ok
21:39:42.0209 1392 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:39:42.0240 1392 BITS - ok
21:39:42.0271 1392 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:39:42.0287 1392 blbdrive - ok
21:39:42.0365 1392 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:39:42.0381 1392 Bonjour Service - ok
21:39:42.0412 1392 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:39:42.0427 1392 bowser - ok
21:39:42.0427 1392 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:39:42.0443 1392 BrFiltLo - ok
21:39:42.0459 1392 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:39:42.0474 1392 BrFiltUp - ok
21:39:42.0505 1392 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:39:42.0521 1392 Browser - ok
21:39:42.0537 1392 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:39:42.0552 1392 Brserid - ok
21:39:42.0568 1392 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:39:42.0583 1392 BrSerWdm - ok
21:39:42.0615 1392 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:39:42.0630 1392 BrUsbMdm - ok
21:39:42.0630 1392 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:39:42.0646 1392 BrUsbSer - ok
21:39:42.0677 1392 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:39:42.0693 1392 BTHMODEM - ok
21:39:42.0724 1392 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:39:42.0739 1392 bthserv - ok
21:39:42.0771 1392 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:39:42.0802 1392 cdfs - ok
21:39:42.0849 1392 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:39:42.0864 1392 cdrom - ok
21:39:42.0911 1392 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:39:42.0927 1392 CertPropSvc - ok
21:39:42.0942 1392 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:39:42.0958 1392 circlass - ok
21:39:42.0989 1392 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:39:43.0005 1392 CLFS - ok
21:39:43.0020 1392 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:39:43.0036 1392 clr_optimization_v2.0.50727_32 - ok
21:39:43.0114 1392 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:39:43.0129 1392 clr_optimization_v4.0.30319_32 - ok
21:39:43.0145 1392 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:39:43.0161 1392 CmBatt - ok
21:39:43.0192 1392 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:39:43.0207 1392 cmdide - ok
21:39:43.0239 1392 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:39:43.0270 1392 CNG - ok
21:39:43.0285 1392 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:39:43.0301 1392 Compbatt - ok
21:39:43.0332 1392 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:39:43.0348 1392 CompositeBus - ok
21:39:43.0363 1392 COMSysApp - ok
21:39:43.0379 1392 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:39:43.0395 1392 crcdisk - ok
21:39:43.0441 1392 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:39:43.0457 1392 CryptSvc - ok
21:39:43.0536 1392 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:39:43.0598 1392 cvhsvc - ok
21:39:43.0645 1392 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:39:43.0676 1392 DcomLaunch - ok
21:39:43.0692 1392 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:39:43.0723 1392 defragsvc - ok
21:39:43.0770 1392 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:39:43.0786 1392 DfsC - ok
21:39:43.0817 1392 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:39:43.0848 1392 Dhcp - ok
21:39:43.0879 1392 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:39:43.0895 1392 discache - ok
21:39:43.0942 1392 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:39:43.0957 1392 Disk - ok
21:39:43.0988 1392 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:39:44.0004 1392 Dnscache - ok
21:39:44.0051 1392 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:39:44.0066 1392 dot3svc - ok
21:39:44.0113 1392 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:39:44.0144 1392 DPS - ok
21:39:44.0160 1392 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:39:44.0176 1392 drmkaud - ok
21:39:44.0222 1392 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:39:44.0254 1392 dtsoftbus01 - ok
21:39:44.0300 1392 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:39:44.0332 1392 DXGKrnl - ok
21:39:44.0363 1392 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:39:44.0394 1392 EapHost - ok
21:39:44.0456 1392 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:39:44.0520 1392 ebdrv - ok
21:39:44.0567 1392 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:39:44.0567 1392 EFS - ok
21:39:44.0629 1392 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:39:44.0645 1392 ehRecvr - ok
21:39:44.0676 1392 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:39:44.0691 1392 ehSched - ok
21:39:44.0723 1392 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:39:44.0738 1392 elxstor - ok
21:39:44.0754 1392 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:39:44.0769 1392 ErrDev - ok
21:39:44.0801 1392 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:39:44.0832 1392 EventSystem - ok
21:39:44.0847 1392 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:39:44.0894 1392 exfat - ok
21:39:44.0910 1392 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:39:44.0941 1392 fastfat - ok
21:39:44.0988 1392 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:39:45.0019 1392 Fax - ok
21:39:45.0050 1392 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:39:45.0066 1392 fdc - ok
21:39:45.0081 1392 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:39:45.0113 1392 fdPHost - ok
21:39:45.0113 1392 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:39:45.0144 1392 FDResPub - ok
21:39:45.0175 1392 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:39:45.0191 1392 FileInfo - ok
21:39:45.0206 1392 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:39:45.0237 1392 Filetrace - ok
21:39:45.0253 1392 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:39:45.0253 1392 flpydisk - ok
21:39:45.0284 1392 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:39:45.0300 1392 FltMgr - ok
21:39:45.0347 1392 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:39:45.0362 1392 FontCache - ok
21:39:45.0409 1392 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:39:45.0425 1392 FontCache3.0.0.0 - ok
21:39:45.0425 1392 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:39:45.0440 1392 FsDepends - ok
21:39:45.0471 1392 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:39:45.0518 1392 Fs_Rec - ok
21:39:45.0565 1392 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:39:45.0612 1392 fvevol - ok
21:39:45.0643 1392 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:39:45.0643 1392 gagp30kx - ok
21:39:45.0705 1392 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:39:45.0705 1392 GEARAspiWDM - ok
21:39:45.0752 1392 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:39:45.0815 1392 gpsvc - ok
21:39:45.0830 1392 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:39:45.0846 1392 hcw85cir - ok
21:39:45.0908 1392 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:39:46.0002 1392 HdAudAddService - ok
21:39:46.0017 1392 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:39:46.0049 1392 HDAudBus - ok
21:39:46.0064 1392 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:39:46.0080 1392 HidBatt - ok
21:39:46.0095 1392 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:39:46.0111 1392 HidBth - ok
21:39:46.0127 1392 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:39:46.0142 1392 HidIr - ok
21:39:46.0173 1392 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:39:46.0220 1392 hidserv - ok
21:39:46.0236 1392 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:39:46.0251 1392 HidUsb - ok
21:39:46.0283 1392 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:39:46.0298 1392 hkmsvc - ok
21:39:46.0345 1392 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:39:46.0361 1392 HomeGroupListener - ok
21:39:46.0392 1392 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:39:46.0407 1392 HomeGroupProvider - ok
21:39:46.0439 1392 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:39:46.0454 1392 HpSAMD - ok
21:39:46.0517 1392 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:39:46.0549 1392 HTTP - ok
21:39:46.0580 1392 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:39:46.0596 1392 hwpolicy - ok
21:39:46.0627 1392 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:39:46.0642 1392 i8042prt - ok
21:39:46.0689 1392 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:39:46.0705 1392 iaStorV - ok
21:39:46.0767 1392 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:39:46.0798 1392 idsvc - ok
21:39:46.0830 1392 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:39:46.0845 1392 iirsp - ok
21:39:46.0892 1392 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:39:46.0923 1392 IKEEXT - ok
21:39:47.0017 1392 [ 5A4AAD2240CB8B50FFEAEDB2BF747ABD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:39:47.0126 1392 IntcAzAudAddService - ok
21:39:47.0142 1392 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:39:47.0157 1392 intelide - ok
21:39:47.0188 1392 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:39:47.0204 1392 intelppm - ok
21:39:47.0220 1392 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:39:47.0251 1392 IPBusEnum - ok
21:39:47.0266 1392 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:39:47.0298 1392 IpFilterDriver - ok
21:39:47.0344 1392 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:39:47.0376 1392 iphlpsvc - ok
21:39:47.0391 1392 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:39:47.0407 1392 IPMIDRV - ok
21:39:47.0422 1392 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:39:47.0469 1392 IPNAT - ok
21:39:47.0532 1392 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:39:47.0563 1392 iPod Service - ok
21:39:47.0578 1392 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:39:47.0594 1392 IRENUM - ok
21:39:47.0641 1392 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:39:47.0641 1392 isapnp - ok
21:39:47.0672 1392 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:39:47.0688 1392 iScsiPrt - ok
21:39:47.0719 1392 [ 858CE8CCD0FA4845AEB1A9C89EC3A0F2 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
21:39:47.0734 1392 JMCR - ok
21:39:47.0750 1392 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:39:47.0766 1392 kbdclass - ok
21:39:47.0781 1392 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:39:47.0797 1392 kbdhid - ok
21:39:47.0812 1392 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:39:47.0828 1392 KeyIso - ok
21:39:47.0859 1392 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:39:47.0875 1392 KSecDD - ok
21:39:47.0906 1392 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:39:47.0953 1392 KSecPkg - ok
21:39:47.0984 1392 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:39:48.0015 1392 KtmRm - ok
21:39:48.0062 1392 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:39:48.0109 1392 LanmanServer - ok
21:39:48.0265 1392 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:39:48.0327 1392 LanmanWorkstation - ok
21:39:48.0358 1392 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:39:48.0390 1392 lltdio - ok
21:39:48.0421 1392 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:39:48.0452 1392 lltdsvc - ok
21:39:48.0468 1392 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:39:48.0499 1392 lmhosts - ok
21:39:48.0530 1392 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:39:48.0546 1392 LSI_FC - ok
21:39:48.0546 1392 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:39:48.0561 1392 LSI_SAS - ok
21:39:48.0592 1392 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:39:48.0608 1392 LSI_SAS2 - ok
21:39:48.0624 1392 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:39:48.0639 1392 LSI_SCSI - ok
21:39:48.0670 1392 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:39:48.0686 1392 luafv - ok
21:39:48.0733 1392 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:39:48.0748 1392 Mcx2Svc - ok
21:39:48.0748 1392 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:39:48.0764 1392 megasas - ok
21:39:48.0795 1392 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:39:48.0811 1392 MegaSR - ok
21:39:48.0873 1392 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files\System Control Manager\MSIService.exe
21:39:48.0920 1392 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
21:39:48.0920 1392 Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
21:39:48.0936 1392 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:39:48.0967 1392 MMCSS - ok
21:39:48.0998 1392 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:39:49.0014 1392 Modem - ok
21:39:49.0045 1392 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:39:49.0060 1392 monitor - ok
21:39:49.0107 1392 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:39:49.0107 1392 mouclass - ok
21:39:49.0154 1392 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:39:49.0154 1392 mouhid - ok
21:39:49.0201 1392 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:39:49.0201 1392 mountmgr - ok
21:39:49.0279 1392 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:39:49.0294 1392 MozillaMaintenance - ok
21:39:49.0310 1392 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:39:49.0326 1392 mpio - ok
21:39:49.0357 1392 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:39:49.0372 1392 mpsdrv - ok
21:39:49.0419 1392 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:39:49.0450 1392 MpsSvc - ok
21:39:49.0482 1392 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:39:49.0513 1392 MRxDAV - ok
21:39:49.0544 1392 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:39:49.0560 1392 mrxsmb - ok
21:39:49.0591 1392 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:39:49.0606 1392 mrxsmb10 - ok
21:39:49.0622 1392 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:39:49.0638 1392 mrxsmb20 - ok
21:39:49.0669 1392 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:39:49.0684 1392 msahci - ok
21:39:49.0700 1392 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:39:49.0716 1392 msdsm - ok
21:39:49.0731 1392 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:39:49.0747 1392 MSDTC - ok
21:39:49.0778 1392 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:39:49.0809 1392 Msfs - ok
21:39:49.0825 1392 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:39:49.0856 1392 mshidkmdf - ok
21:39:49.0872 1392 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:39:49.0887 1392 msisadrv - ok
21:39:49.0903 1392 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:39:49.0950 1392 MSiSCSI - ok
21:39:49.0950 1392 msiserver - ok
21:39:49.0981 1392 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:39:49.0996 1392 MSKSSRV - ok
21:39:50.0012 1392 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:39:50.0074 1392 MSPCLOCK - ok
21:39:50.0090 1392 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:39:50.0121 1392 MSPQM - ok
21:39:50.0137 1392 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:39:50.0152 1392 MsRPC - ok
21:39:50.0168 1392 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:39:50.0184 1392 mssmbios - ok
21:39:50.0184 1392 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:39:50.0230 1392 MSTEE - ok
21:39:50.0262 1392 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:39:50.0277 1392 MTConfig - ok
21:39:50.0293 1392 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:39:50.0308 1392 Mup - ok
21:39:50.0340 1392 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:39:50.0371 1392 napagent - ok
21:39:50.0402 1392 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:39:50.0418 1392 NativeWifiP - ok
21:39:50.0480 1392 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:39:50.0511 1392 NDIS - ok
21:39:50.0527 1392 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:39:50.0558 1392 NdisCap - ok
21:39:50.0589 1392 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:39:50.0605 1392 NdisTapi - ok
21:39:50.0636 1392 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:39:50.0698 1392 Ndisuio - ok
21:39:50.0730 1392 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:39:50.0761 1392 NdisWan - ok
21:39:50.0792 1392 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:39:50.0808 1392 NDProxy - ok
21:39:50.0823 1392 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:39:50.0854 1392 NetBIOS - ok
21:39:50.0901 1392 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:39:50.0948 1392 NetBT - ok
21:39:50.0964 1392 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:39:50.0979 1392 Netlogon - ok
21:39:51.0010 1392 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:39:51.0042 1392 Netman - ok
21:39:51.0057 1392 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:39:51.0135 1392 netprofm - ok
21:39:51.0151 1392 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:39:51.0166 1392 NetTcpPortSharing - ok
21:39:51.0198 1392 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:39:51.0213 1392 nfrd960 - ok
21:39:51.0244 1392 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:39:51.0276 1392 NlaSvc - ok
21:39:51.0291 1392 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:39:51.0338 1392 Npfs - ok
21:39:51.0354 1392 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:39:51.0369 1392 nsi - ok
21:39:51.0385 1392 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:39:51.0416 1392 nsiproxy - ok
21:39:51.0478 1392 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:39:51.0541 1392 Ntfs - ok
21:39:51.0556 1392 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:39:51.0589 1392 Null - ok
21:39:51.0604 1392 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:39:51.0620 1392 nvraid - ok
21:39:51.0667 1392 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:39:51.0682 1392 nvstor - ok
21:39:51.0713 1392 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:39:51.0729 1392 nv_agp - ok
21:39:51.0745 1392 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:39:51.0776 1392 ohci1394 - ok
21:39:51.0823 1392 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:39:51.0838 1392 ose - ok
21:39:51.0947 1392 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:39:52.0057 1392 osppsvc - ok
21:39:52.0088 1392 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:39:52.0103 1392 p2pimsvc - ok
21:39:52.0135 1392 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:39:52.0150 1392 p2psvc - ok
21:39:52.0166 1392 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:39:52.0181 1392 Parport - ok
21:39:52.0213 1392 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:39:52.0228 1392 partmgr - ok
21:39:52.0259 1392 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:39:52.0275 1392 Parvdm - ok
21:39:52.0306 1392 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:39:52.0353 1392 PcaSvc - ok
21:39:52.0384 1392 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:39:52.0400 1392 pci - ok
21:39:52.0431 1392 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:39:52.0447 1392 pciide - ok
21:39:52.0478 1392 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:39:52.0478 1392 pcmcia - ok
21:39:52.0509 1392 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:39:52.0525 1392 pcw - ok
21:39:52.0556 1392 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:39:52.0587 1392 PEAUTH - ok
21:39:52.0666 1392 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:39:52.0713 1392 pla - ok
21:39:52.0728 1392 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:39:52.0760 1392 PlugPlay - ok
21:39:52.0775 1392 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:39:52.0791 1392 PNRPAutoReg - ok
21:39:52.0822 1392 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:39:52.0853 1392 PNRPsvc - ok
21:39:52.0884 1392 [ 420336F91EB745811CF130C80EDE0653 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
21:39:52.0900 1392 Point32 - ok
21:39:52.0947 1392 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:39:53.0009 1392 PolicyAgent - ok
21:39:53.0025 1392 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:39:53.0056 1392 Power - ok
21:39:53.0087 1392 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:39:53.0118 1392 PptpMiniport - ok
21:39:53.0134 1392 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:39:53.0134 1392 Processor - ok
21:39:53.0165 1392 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:39:53.0181 1392 ProfSvc - ok
21:39:53.0181 1392 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:39:53.0228 1392 ProtectedStorage - ok
21:39:53.0290 1392 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:39:53.0337 1392 Psched - ok
21:39:53.0368 1392 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:39:53.0368 1392 PSI_SVC_2 - ok
21:39:53.0415 1392 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:39:53.0446 1392 ql2300 - ok
21:39:53.0477 1392 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:39:53.0493 1392 ql40xx - ok
21:39:53.0540 1392 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:39:53.0571 1392 QWAVE - ok
21:39:53.0586 1392 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:39:53.0602 1392 QWAVEdrv - ok
21:39:53.0618 1392 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:39:53.0649 1392 RasAcd - ok
21:39:53.0664 1392 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:39:53.0696 1392 RasAgileVpn - ok
21:39:53.0711 1392 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:39:53.0742 1392 RasAuto - ok
21:39:53.0758 1392 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:39:53.0789 1392 Rasl2tp - ok
21:39:53.0836 1392 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:39:53.0867 1392 RasMan - ok
21:39:53.0883 1392 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:39:53.0898 1392 RasPppoe - ok
21:39:53.0914 1392 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:39:54.0008 1392 RasSstp - ok
21:39:54.0023 1392 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:39:54.0039 1392 rdbss - ok
21:39:54.0070 1392 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:39:54.0086 1392 rdpbus - ok
21:39:54.0117 1392 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:39:54.0164 1392 RDPCDD - ok
21:39:54.0195 1392 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:39:54.0210 1392 RDPENCDD - ok
21:39:54.0226 1392 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:39:54.0242 1392 RDPREFMP - ok
21:39:54.0288 1392 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:39:54.0304 1392 RDPWD - ok
21:39:54.0351 1392 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:39:54.0366 1392 rdyboost - ok
21:39:54.0398 1392 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:39:54.0491 1392 RemoteAccess - ok
21:39:54.0507 1392 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:39:54.0538 1392 RemoteRegistry - ok
21:39:54.0554 1392 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:39:54.0585 1392 RpcEptMapper - ok
21:39:54.0600 1392 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:39:54.0616 1392 RpcLocator - ok
21:39:54.0632 1392 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:39:54.0710 1392 RpcSs - ok
21:39:54.0725 1392 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:39:54.0756 1392 rspndr - ok
21:39:54.0788 1392 [ E38B785802C666782D2880738D01AC10 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
21:39:54.0788 1392 RTHDMIAzAudService - ok
21:39:54.0834 1392 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
21:39:54.0850 1392 RTL8167 - ok
21:39:54.0912 1392 [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
21:39:54.0959 1392 rtl8192se - ok
21:39:54.0975 1392 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:39:54.0975 1392 SamSs - ok
21:39:55.0022 1392 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:39:55.0037 1392 sbp2port - ok
21:39:55.0068 1392 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:39:55.0100 1392 SCardSvr - ok
21:39:55.0115 1392 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:39:55.0224 1392 scfilter - ok
21:39:55.0271 1392 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:39:55.0334 1392 Schedule - ok
21:39:55.0349 1392 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:39:55.0380 1392 SCPolicySvc - ok
21:39:55.0396 1392 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
21:39:55.0412 1392 sdbus - ok
21:39:55.0443 1392 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:39:55.0474 1392 SDRSVC - ok
21:39:55.0505 1392 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:39:55.0536 1392 secdrv - ok
21:39:55.0568 1392 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:39:55.0599 1392 seclogon - ok
21:39:55.0614 1392 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:39:55.0646 1392 SENS - ok
21:39:55.0661 1392 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:39:55.0677 1392 SensrSvc - ok
21:39:55.0708 1392 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:39:55.0724 1392 Serenum - ok
21:39:55.0739 1392 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:39:55.0739 1392 Serial - ok
21:39:55.0755 1392 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:39:55.0770 1392 sermouse - ok
21:39:55.0817 1392 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:39:55.0848 1392 SessionEnv - ok
21:39:55.0880 1392 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:39:55.0911 1392 sffdisk - ok
21:39:55.0911 1392 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:39:55.0926 1392 sffp_mmc - ok
21:39:55.0942 1392 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:39:55.0958 1392 sffp_sd - ok
21:39:55.0989 1392 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:39:56.0004 1392 sfloppy - ok
21:39:56.0051 1392 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:39:56.0082 1392 Sftfs - ok
21:39:56.0160 1392 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
21:39:56.0176 1392 sftlist - ok
21:39:56.0223 1392 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:39:56.0238 1392 Sftplay - ok
21:39:56.0254 1392 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:39:56.0270 1392 Sftredir - ok
21:39:56.0285 1392 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:39:56.0301 1392 Sftvol - ok
21:39:56.0316 1392 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
21:39:56.0332 1392 sftvsa - ok
21:39:56.0363 1392 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:39:56.0394 1392 SharedAccess - ok
21:39:56.0426 1392 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:39:56.0457 1392 ShellHWDetection - ok
21:39:56.0488 1392 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:39:56.0488 1392 sisagp - ok
21:39:56.0535 1392 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:39:56.0535 1392 SiSRaid2 - ok
21:39:56.0566 1392 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:39:56.0582 1392 SiSRaid4 - ok
21:39:56.0628 1392 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:39:56.0644 1392 SkypeUpdate - ok
21:39:56.0675 1392 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:39:56.0706 1392 Smb - ok
21:39:56.0738 1392 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:39:56.0769 1392 SNMPTRAP - ok
21:39:56.0769 1392 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:39:56.0784 1392 spldr - ok
21:39:56.0831 1392 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:39:56.0847 1392 Spooler - ok
21:39:56.0940 1392 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:39:57.0003 1392 sppsvc - ok
21:39:57.0050 1392 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:39:57.0065 1392 sppuinotify - ok
21:39:57.0112 1392 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:39:57.0143 1392 srv - ok
21:39:57.0159 1392 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:39:57.0174 1392 srv2 - ok
21:39:57.0190 1392 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:39:57.0206 1392 srvnet - ok
21:39:57.0237 1392 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:39:57.0268 1392 SSDPSRV - ok
21:39:57.0299 1392 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:39:57.0315 1392 ssmdrv - ok
21:39:57.0330 1392 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:39:57.0346 1392 SstpSvc - ok
21:39:57.0377 1392 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:39:57.0393 1392 stexstor - ok
21:39:57.0440 1392 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:39:57.0455 1392 StiSvc - ok
21:39:57.0486 1392 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:39:57.0502 1392 swenum - ok
21:39:57.0533 1392 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:39:57.0580 1392 swprv - ok
21:39:57.0627 1392 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:39:57.0674 1392 SynTP - ok
21:39:57.0720 1392 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:39:57.0752 1392 SysMain - ok
21:39:57.0798 1392 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:39:57.0814 1392 TabletInputService - ok
21:39:57.0861 1392 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:39:57.0908 1392 TapiSrv - ok
21:39:57.0939 1392 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:39:57.0970 1392 TBS - ok
21:39:58.0017 1392 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:39:58.0048 1392 Tcpip - ok
21:39:58.0079 1392 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:39:58.0110 1392 TCPIP6 - ok
21:39:58.0142 1392 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:39:58.0173 1392 tcpipreg - ok
21:39:58.0204 1392 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:39:58.0220 1392 TDPIPE - ok
21:39:58.0266 1392 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:39:58.0266 1392 TDTCP - ok
21:39:58.0298 1392 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:39:58.0360 1392 tdx - ok
21:39:58.0376 1392 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:39:58.0391 1392 TermDD - ok
21:39:58.0438 1392 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:39:58.0469 1392 TermService - ok
21:39:58.0485 1392 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:39:58.0500 1392 Themes - ok
21:39:58.0516 1392 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:39:58.0547 1392 THREADORDER - ok
21:39:58.0563 1392 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:39:58.0594 1392 TrkWks - ok
21:39:58.0641 1392 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:39:58.0656 1392 TrustedInstaller - ok
21:39:58.0689 1392 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:58.0720 1392 tssecsrv - ok
21:39:58.0782 1392 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:39:58.0782 1392 TsUsbFlt - ok
21:39:58.0845 1392 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:39:58.0907 1392 tunnel - ok
21:39:58.0923 1392 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:39:58.0938 1392 uagp35 - ok
21:39:58.0969 1392 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:39:59.0063 1392 udfs - ok
21:39:59.0157 1392 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:39:59.0172 1392 UI0Detect - ok
21:39:59.0235 1392 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:39:59.0250 1392 uliagpkx - ok
21:39:59.0266 1392 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:39:59.0281 1392 umbus - ok
21:39:59.0328 1392 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:39:59.0328 1392 UmPass - ok
21:39:59.0359 1392 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:39:59.0391 1392 upnphost - ok
21:39:59.0437 1392 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:39:59.0453 1392 USBAAPL - ok
21:39:59.0531 1392 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:39:59.0531 1392 usbccgp - ok
21:39:59.0547 1392 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:39:59.0578 1392 usbcir - ok
21:39:59.0609 1392 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:39:59.0625 1392 usbehci - ok
21:39:59.0656 1392 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:39:59.0671 1392 usbhub - ok
21:39:59.0687 1392 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:39:59.0687 1392 usbohci - ok
21:39:59.0718 1392 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:39:59.0734 1392 usbprint - ok
21:39:59.0765 1392 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:59.0781 1392 USBSTOR - ok
21:39:59.0796 1392 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:39:59.0812 1392 usbuhci - ok
21:39:59.0859 1392 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:39:59.0874 1392 usbvideo - ok
21:39:59.0890 1392 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:39:59.0921 1392 UxSms - ok
21:39:59.0937 1392 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:39:59.0952 1392 VaultSvc - ok
21:39:59.0968 1392 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:39:59.0968 1392 vdrvroot - ok
21:40:00.0030 1392 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:40:00.0061 1392 vds - ok
21:40:00.0093 1392 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:40:00.0108 1392 vga - ok
21:40:00.0124 1392 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:40:00.0139 1392 VgaSave - ok
21:40:00.0186 1392 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:40:00.0202 1392 vhdmp - ok
21:40:00.0217 1392 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:40:00.0233 1392 viaagp - ok
21:40:00.0249 1392 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:40:00.0264 1392 ViaC7 - ok
21:40:00.0280 1392 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:40:00.0295 1392 viaide - ok
21:40:00.0311 1392 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:40:00.0327 1392 volmgr - ok
21:40:00.0358 1392 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:40:00.0389 1392 volmgrx - ok
21:40:00.0389 1392 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:40:00.0405 1392 volsnap - ok
21:40:00.0436 1392 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:40:00.0451 1392 vsmraid - ok
21:40:00.0514 1392 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:40:00.0545 1392 VSS - ok
21:40:00.0561 1392 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:40:00.0576 1392 vwifibus - ok
21:40:00.0607 1392 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:40:00.0623 1392 vwififlt - ok
21:40:00.0654 1392 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:40:00.0670 1392 vwifimp - ok
21:40:00.0685 1392 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:40:00.0732 1392 W32Time - ok
21:40:00.0748 1392 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:40:00.0763 1392 WacomPen - ok
21:40:00.0810 1392 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:40:00.0857 1392 WANARP - ok
21:40:00.0857 1392 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:40:00.0919 1392 Wanarpv6 - ok
21:40:00.0935 1392 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:40:00.0966 1392 wbengine - ok
21:40:00.0982 1392 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:40:00.0997 1392 WbioSrvc - ok
21:40:01.0044 1392 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:40:01.0075 1392 wcncsvc - ok
21:40:01.0091 1392 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:40:01.0107 1392 WcsPlugInService - ok
21:40:01.0122 1392 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:40:01.0138 1392 Wd - ok
21:40:01.0169 1392 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:40:01.0200 1392 Wdf01000 - ok
21:40:01.0216 1392 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:40:01.0231 1392 WdiServiceHost - ok
21:40:01.0231 1392 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:40:01.0263 1392 WdiSystemHost - ok
21:40:01.0294 1392 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:40:01.0325 1392 WebClient - ok
21:40:01.0341 1392 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:40:01.0372 1392 Wecsvc - ok
21:40:01.0387 1392 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:40:01.0419 1392 wercplsupport - ok
21:40:01.0434 1392 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:40:01.0497 1392 WerSvc - ok
21:40:01.0528 1392 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:40:01.0559 1392 WfpLwf - ok
21:40:01.0575 1392 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:40:01.0590 1392 WIMMount - ok
21:40:01.0653 1392 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:40:01.0668 1392 WinDefend - ok
21:40:01.0684 1392 WinHttpAutoProxySvc - ok
21:40:01.0732 1392 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:40:01.0778 1392 Winmgmt - ok
21:40:01.0825 1392 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:40:01.0903 1392 WinRM - ok
21:40:01.0950 1392 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:40:01.0997 1392 WinUsb - ok
21:40:02.0028 1392 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:40:02.0075 1392 Wlansvc - ok
21:40:02.0184 1392 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:40:02.0215 1392 wlidsvc - ok
21:40:02.0262 1392 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:40:02.0293 1392 WmiAcpi - ok
21:40:02.0340 1392 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:40:02.0356 1392 wmiApSrv - ok
21:40:02.0465 1392 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:40:02.0496 1392 WMPNetworkSvc - ok
21:40:02.0512 1392 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:40:02.0527 1392 WPCSvc - ok
21:40:02.0574 1392 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:40:02.0590 1392 WPDBusEnum - ok
21:40:02.0605 1392 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:40:02.0636 1392 ws2ifsl - ok
21:40:02.0652 1392 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:40:02.0668 1392 wscsvc - ok
21:40:02.0668 1392 WSearch - ok
21:40:02.0747 1392 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:40:02.0793 1392 wuauserv - ok
21:40:02.0825 1392 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:40:02.0840 1392 WudfPf - ok
21:40:02.0856 1392 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:40:02.0871 1392 WUDFRd - ok
21:40:02.0887 1392 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:40:02.0918 1392 wudfsvc - ok
21:40:02.0949 1392 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:40:02.0965 1392 WwanSvc - ok
21:40:02.0996 1392 ================ Scan global ===============================
21:40:03.0027 1392 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:40:03.0059 1392 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
21:40:03.0074 1392 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
21:40:03.0105 1392 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:40:03.0105 1392 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:40:03.0121 1392 [Global] - ok
21:40:03.0121 1392 ================ Scan MBR ==================================
21:40:03.0137 1392 [ 2E0FE7FC299470E30383716B164CF901 ] \Device\Harddisk0\DR0
21:40:07.0381 1392 \Device\Harddisk0\DR0 - ok
21:40:07.0381 1392 ================ Scan VBR ==================================
21:40:07.0396 1392 [ D51E3885486D3F793FC796685F9AFC79 ] \Device\Harddisk0\DR0\Partition1
21:40:07.0396 1392 \Device\Harddisk0\DR0\Partition1 - ok
21:40:07.0412 1392 [ 15C1F1574BA8C96D6717B9AB4AABB176 ] \Device\Harddisk0\DR0\Partition2
21:40:07.0412 1392 \Device\Harddisk0\DR0\Partition2 - ok
21:40:07.0443 1392 [ 61375CEDF3F16A0F785B2177108CDCAE ] \Device\Harddisk0\DR0\Partition3
21:40:07.0443 1392 \Device\Harddisk0\DR0\Partition3 - ok
21:40:07.0443 1392 ============================================================
21:40:07.0443 1392 Scan finished
21:40:07.0443 1392 ============================================================
21:40:07.0459 2264 Detected object count: 1
21:40:07.0459 2264 Actual detected object count: 1
21:41:09.0641 2264 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
21:41:09.0641 2264 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip

Hi
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Combofix Logfile:

Code:

ComboFix 12-12-22.02 - Alice 23.12.2012  15:04:53.1.2 - x86

Microsoft Windows 7 Home Premium   6.1.7600.1.1252.49.1031.18.3839.2698 [GMT 1:00]

ausgeführt von:: c:\users\Alice\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Alice\AppData\Local\4GB_EN.exe

c:\users\Alice\AppData\Local\4GB_GER.exe

c:\users\Alice\AppData\Local\gui.exe

c:\users\Alice\AppData\Local\ntkrlICE.exe

c:\users\Alice\AppData\Local\Wtrmrk.exe

c:\windows\system32\ntkrlICE.exe

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-11-23 bis 2012-12-23  ))))))))))))))))))))))))))))))

.

.

2012-12-23 14:28 . 2012-12-23 14:29        --------        d-----w-        c:\users\Alice\AppData\Local\temp

2012-12-23 14:28 . 2012-12-23 14:28        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-12-23 14:07 . 2012-12-23 14:07        60872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A3EE6DA-E753-43C1-9554-4F2C0AD4D8FC}\offreg.dll

2012-12-22 02:53 . 2012-11-08 18:00        6812136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A3EE6DA-E753-43C1-9554-4F2C0AD4D8FC}\mpengine.dll

2012-12-21 18:51 . 2012-12-21 18:53        --------        d-----w-        c:\program files\OpenVPN

2012-12-21 09:02 . 2012-12-16 14:13        295424        ----a-w-        c:\windows\system32\atmfd.dll

2012-12-21 09:02 . 2012-12-16 14:13        34304        ----a-w-        c:\windows\system32\atmlib.dll

2012-12-20 22:31 . 2012-12-20 22:31        --------        d-----w-        c:\program files\CCleaner

2012-12-20 15:31 . 2012-12-20 15:41        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0

2012-12-20 14:10 . 2012-12-20 14:10        242240        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2012-12-20 14:10 . 2012-12-20 14:12        --------        d-----w-        c:\users\Alice\AppData\Roaming\DAEMON Tools Lite

2012-12-20 14:10 . 2012-12-20 14:10        --------        d-----w-        c:\program files\DAEMON Tools Lite

2012-12-20 14:10 . 2012-12-20 14:12        --------        d-----w-        c:\programdata\DAEMON Tools Lite

2012-12-15 15:54 . 2012-12-15 16:19        --------        d-----w-        C:\Star Wars-The Old Republic

2012-12-15 15:54 . 2012-12-15 15:54        --------        d-----w-        c:\users\hedev

2012-12-11 19:29 . 2012-11-02 05:11        376832        ----a-w-        c:\windows\system32\dpnet.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-16 07:39 . 2012-11-27 19:31        561664        ----a-w-        c:\windows\apppatch\AcLayers.dll

2012-09-25 22:47 . 2012-11-15 18:01        78336        ----a-w-        c:\windows\system32\synceng.dll

2012-09-24 21:16 . 2012-10-20 19:35        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

2012-12-07 23:12 . 2012-10-12 18:28        262112        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 14:54        175912        ----a-w-        c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2011-01-17 14:54        175912        ----a-w-        c:\program files\DVDVideoSoftTB\prxtbDVDV.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-08 9267816]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-06-08 1481320]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2010-06-22 2478080]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^Users^Alice^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]

path=c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

backup=c:\windows\pss\CurseClientStartup.ccip.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2009-11-02 12:21        103720        ------w-        c:\program files\CyberLink\Power2Go\CLMLSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08        1259376        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

2011-11-02 16:50        127040        ----a-w-        c:\program files\ICQ7.6\ICQ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2012-03-08 16:50        4280184        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2012-06-11 13:00        641704        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 07:04        252848        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2011-12-09 17:22        74752        ----a-w-        c:\program files\Winamp\winampa.exe

.

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R4 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [x]

R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]

S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050

uInternet Settings,ProxyOverride = *.local

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites

IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\

FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-BsScanner

AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe

AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe

AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1877026290-1340578905-802739823-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1877026290-1340578905-802739823-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-12-23  15:36:28

ComboFix-quarantined-files.txt  2012-12-23 14:36

.

Vor Suchlauf: 9 Verzeichnis(se), 162.035.388.416 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 165.672.513.536 Bytes frei

.

- - End Of File - - CC329792D0F1D88B379F9DD903F373D5

--- --- ---

die page ist zwischenzeitig wieder aufgetaucht und bin wieder nach

Reveton.C (GVU-Trojaner mit Webcam) entfernen (Vista/Win7) | Evild3ad

vorgegangen...

Reveton.C (GVU-Trojaner mit Webcam) entfernen (Vista/Win7) | Evild3ad

keine ahnung warum ich hier nicht den link einfach posten kann, aber hatte den ja auch im ersten beitrag angegeben...

seit dem geht das inet wieder...

hoffe auf eine baldige lösung

Surfe nicht im Netz, außer auf von mir genannten seiten.
Finger weg von illegalem mist, wie kinox.to das sind Malwareschläudern.

Poste bitte ein neues otl log

OTL Logfile:

Code:

OTL logfile created on: 28.12.2012 15:00:32 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alice\Desktop

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,37% Memory free

6,00 Gb Paging File | 4,85 Gb Available in Paging File | 80,83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 256,99 Gb Total Space | 151,09 Gb Free Space | 58,79% Space Free | Partition Type: NTFS

Drive D: | 40,00 Gb Total Space | 26,19 Gb Free Space | 65,47% Space Free | Partition Type: NTFS

 

Computer Name: BUNSE | User Name: Alice | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.12.20 17:33:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe

PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2012.08.08 21:35:42 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.06.11 12:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

PRC - [2012.05.08 21:00:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 21:00:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.08 21:00:51 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011.01.07 15:55:40 | 001,797,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe

PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2010.06.22 14:07:46 | 002,478,080 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MGSysCtrl.exe

PRC - [2010.06.08 21:52:30 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2010.06.08 21:52:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2010.06.08 16:19:14 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.12.08 00:12:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.06.11 12:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV - [2012.05.08 21:00:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.08 21:00:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)

SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.06.08 21:52:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.07.09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Disabled | Stopped] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM)

SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.12.20 15:10:38 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)

DRV - [2012.05.08 21:00:52 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.08 21:00:52 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.03.05 15:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)

DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.06.09 00:53:34 | 005,551,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2010.06.08 21:19:18 | 000,176,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2010.05.26 16:59:52 | 000,136,304 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2010.05.06 04:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2010.04.01 09:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)

DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)

DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)

DRV - [2009.12.02 14:01:06 | 000,168,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {84965E3F-D633-47BA-B913-9A0B223490E8}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\..\SearchScopes\{84965E3F-D633-47BA-B913-9A0B223490E8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Plasmoo"

FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"

FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledAddons: engine%40plasmoo.com:1.0.0.32

FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.16.0.3

FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Alice\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.20 20:38:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.25 12:51:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.25 12:51:11 | 000,000,000 | ---D | M]

 

[2010.08.03 13:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\Extensions

[2012.11.06 18:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions

[2012.07.25 08:26:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.11.06 18:17:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2011.03.26 02:59:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\engine@conduit.com

[2011.07.07 12:44:06 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\engine@plasmoo.com

[2010.10.17 12:59:56 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\vshare@toolbar

[2011.08.14 17:01:25 | 000,090,118 | ---- | M] () (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi

[2011.03.05 15:04:57 | 000,000,873 | ---- | M] () -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\searchplugins\conduit.xml

[2012.12.25 16:17:27 | 000,001,056 | ---- | M] () -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\searchplugins\icqplugin.xml

[2011.04.28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\searchplugins\plasmoo.xml

[2012.10.12 19:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.12.08 00:12:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll

[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2012.02.12 17:58:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.09 20:47:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.12 17:58:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.12 17:58:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.12 17:58:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.12 17:58:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)

O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found

O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3419D85-E322-4433-9B6A-C9BB26D39093}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^Users^Alice^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip -  - File not found

MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

MsConfig - State: "startup" - 2

MsConfig - State: "services" - 2

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.28 14:54:23 | 000,000,000 | ---D | C] -- C:\Users\Alice\Desktop\alt

[2012.12.25 13:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.12.25 13:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012.12.25 13:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.12.25 13:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2012.12.25 12:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.12.25 12:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2012.12.25 12:42:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.12.23 15:36:39 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012.12.23 15:01:10 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.12.23 15:00:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012.12.21 19:52:15 | 000,000,000 | ---D | C] -- C:\Users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN

[2012.12.21 19:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN

[2012.12.21 19:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN

[2012.12.20 23:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.12.20 23:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.12.20 17:33:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe

[2012.12.20 16:31:49 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2012.12.20 15:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

[2012.12.20 15:10:38 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2012.12.20 15:10:35 | 000,000,000 | ---D | C] -- C:\Users\Alice\AppData\Roaming\DAEMON Tools Lite

[2012.12.20 15:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite

[2012.12.20 15:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite

[2012.12.15 16:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA

[2012.12.15 16:54:59 | 000,000,000 | ---D | C] -- C:\Star Wars-The Old Republic

[2012.12.13 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\Alice\AppData\Local\{0713CD0A-E4E0-4A94-8286-FEBC7F98148C}

[2012.01.01 18:42:16 | 000,021,504 | ---- | C] (deepxw) -- C:\Users\Alice\AppData\Local\Wtrmrk.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.28 15:04:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.28 15:04:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.28 15:02:08 | 000,680,058 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.12.28 15:02:08 | 000,629,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.12.28 15:02:08 | 000,115,058 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.12.28 15:02:07 | 000,139,880 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.12.28 14:56:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.28 14:56:45 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys

[2012.12.25 13:24:01 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.12.21 19:52:16 | 000,001,071 | ---- | M] () -- C:\Users\Alice\Desktop\OpenVPN GUI.lnk

[2012.12.21 19:40:25 | 000,333,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.12.20 17:33:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe

[2012.12.20 15:11:38 | 000,001,900 | ---- | M] () -- C:\Users\Alice\DAEMON Tools Lite.lnk

[2012.12.20 15:10:38 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2012.12.20 14:50:14 | 381,210,453 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.12.15 16:55:02 | 000,000,736 | ---- | M] () -- C:\Users\Alice\Star Wars - The Old Republic.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.12.25 13:24:01 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.12.21 19:52:16 | 000,001,071 | ---- | C] () -- C:\Users\Alice\Desktop\OpenVPN GUI.lnk

[2012.12.20 15:11:38 | 000,001,900 | ---- | C] () -- C:\Users\Alice\DAEMON Tools Lite.lnk

[2012.12.15 16:55:02 | 000,000,736 | ---- | C] () -- C:\Users\Alice\Star Wars - The Old Republic.lnk

[2012.09.05 09:41:32 | 000,000,224 | ---- | C] () -- C:\Users\Alice\AppData\Roaming\wklnhst.dat

[2012.09.02 09:20:55 | 000,000,908 | ---- | C] () -- C:\Users\Alice\World of Warcraft.lnk

[2012.07.23 09:24:59 | 000,001,993 | ---- | C] () -- C:\Users\Alice\Adobe Reader X.lnk

[2012.06.11 12:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe

[2012.05.14 17:52:46 | 000,000,941 | ---- | C] () -- C:\Users\Alice\Diablo III.lnk

[2012.04.14 11:54:47 | 000,000,366 | ---- | C] () -- C:\Users\Alice\WoW.lnk

[2012.04.08 12:27:50 | 000,002,187 | ---- | C] () -- C:\Users\Alice\AION.lnk

[2012.03.09 05:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat

[2012.03.09 05:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat

[2012.02.17 21:59:32 | 000,000,093 | ---- | C] () -- C:\Users\Alice\AppData\Local\fusioncache.dat

[2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll

[2012.01.14 19:59:13 | 000,001,055 | ---- | C] () -- C:\Users\Alice\PokerStars.net.lnk

[2012.01.01 18:42:16 | 002,076,309 | ---- | C] () -- C:\Users\Alice\AppData\Local\ntkrlICE.exe

[2012.01.01 18:42:16 | 000,570,073 | ---- | C] () -- C:\Users\Alice\AppData\Local\gui.exe

[2012.01.01 18:42:16 | 000,397,900 | ---- | C] () -- C:\Users\Alice\AppData\Local\4GB_GER.exe

[2012.01.01 18:42:16 | 000,397,900 | ---- | C] () -- C:\Users\Alice\AppData\Local\4GB_EN.exe

[2012.01.01 18:42:16 | 000,000,518 | ---- | C] () -- C:\Users\Alice\AppData\Local\UNAWAVE_EN.url

[2012.01.01 18:42:16 | 000,000,240 | ---- | C] () -- C:\Users\Alice\AppData\Local\UPDATE.url

[2012.01.01 18:42:16 | 000,000,216 | ---- | C] () -- C:\Users\Alice\AppData\Local\UNAWAVE_GER.url

[2012.01.01 17:52:31 | 000,007,597 | ---- | C] () -- C:\Users\Alice\AppData\Local\Resmon.ResmonCfg

[2011.12.25 03:21:52 | 000,001,586 | ---- | C] () -- C:\Users\Alice\DivX Movies.lnk

[2011.12.25 03:21:37 | 000,001,086 | ---- | C] () -- C:\Users\Alice\DivX Plus Player.lnk

[2011.10.18 18:02:10 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011.10.06 20:35:16 | 000,411,744 | ---- | C] () -- C:\Users\Alice\Dok1.odt

[2011.10.03 14:28:23 | 000,001,586 | ---- | C] () -- C:\Users\Alice\DivX Movies (2).lnk

[2011.08.13 11:03:20 | 000,001,360 | ---- | C] () -- C:\Users\Alice\Free YouTube to MP3 Converter.lnk

[2011.08.13 11:03:20 | 000,001,257 | ---- | C] () -- C:\Users\Alice\Free Audio CD Burner.lnk

[2011.08.13 11:03:20 | 000,001,201 | ---- | C] () -- C:\Users\Alice\DVDVideoSoft Free Studio.lnk

[2011.08.13 10:57:52 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2011.06.10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2011.04.05 13:36:29 | 000,002,066 | ---- | C] () -- C:\Users\Alice\DivX Plus Converter.lnk

[2011.01.28 21:45:56 | 000,001,085 | ---- | C] () -- C:\Users\Alice\Audiograbber.lnk

[2011.01.15 16:53:50 | 000,000,550 | ---- | C] () -- C:\Windows\cdplayer.ini

[2010.08.28 16:10:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.06.23 03:04:00 | 000,002,690 | ---- | C] () -- C:\Users\Alice\Medion MediaPack.lnk

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.12.20 15:12:10 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\DAEMON Tools Lite

[2012.10.05 17:43:55 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Dropbox

[2012.11.03 13:18:35 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\DVDVideoSoft

[2010.10.02 10:57:35 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Electronic Arts

[2012.10.19 21:35:55 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\ICQ

[2011.11.15 14:52:10 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Mumble

[2012.10.20 12:22:11 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\SoftGrid Client

[2012.09.05 09:41:34 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Template

[2011.05.17 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\TP

[2012.11.06 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\TS3Client

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2012.12.23 16:02:07 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2012.04.22 10:28:19 | 000,000,000 | ---D | M] -- C:\AMD

[2012.12.25 13:53:49 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2012.05.14 18:15:20 | 000,000,000 | ---D | M] -- C:\Diablo 3

[2010.08.03 10:25:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2012.12.20 16:41:42 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0

[2012.12.25 13:20:22 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.12.27 01:03:56 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2010.08.03 10:25:53 | 000,000,000 | -HSD | M] -- C:\Programme

[2012.12.23 15:36:44 | 000,000,000 | ---D | M] -- C:\Qoobox

[2010.08.03 10:25:53 | 000,000,000 | ---D | M] -- C:\Recovery

[2012.12.15 17:19:24 | 000,000,000 | ---D | M] -- C:\Star Wars-The Old Republic

[2012.12.28 15:03:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012.12.23 16:01:58 | 000,000,000 | R--D | M] -- C:\Users

[2012.12.25 14:07:22 | 000,000,000 | ---D | M] -- C:\Windows

[2012.11.01 15:05:59 | 000,000,000 | ---D | M] -- C:\World of Warcraft

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

[2012.01.01 18:51:28 | 000,397,900 | ---- | M] () -- C:\Users\Alice\AppData\Local\4GB_EN.exe

[2012.01.01 18:51:28 | 000,397,900 | ---- | M] () -- C:\Users\Alice\AppData\Local\4GB_GER.exe

[2012.01.01 18:51:28 | 000,570,073 | ---- | M] () -- C:\Users\Alice\AppData\Local\gui.exe

[2012.01.01 18:51:28 | 002,076,309 | ---- | M] () -- C:\Users\Alice\AppData\Local\ntkrlICE.exe

[2012.01.01 18:51:28 | 000,021,504 | ---- | M] (deepxw) -- C:\Users\Alice\AppData\Local\Wtrmrk.exe

 
 < %systemroot%\*. /mp /s >

 
 < C:\Windows\system32\*.tsp >

[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp

[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp

[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp

[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp

[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp

[2009.07.14 05:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll

 
 < %USERPROFILE%\*.* >

[2012.07.23 09:24:59 | 000,001,993 | ---- | M] () -- C:\Users\Alice\Adobe Reader X.lnk

[2012.04.08 12:27:50 | 000,002,187 | ---- | M] () -- C:\Users\Alice\AION.lnk

[2012.02.27 16:49:40 | 000,000,016 | ---- | M] () -- C:\Users\Alice\andre.txt

[2011.01.28 21:45:56 | 000,001,085 | ---- | M] () -- C:\Users\Alice\Audiograbber.lnk

[2012.12.20 15:11:38 | 000,001,900 | ---- | M] () -- C:\Users\Alice\DAEMON Tools Lite.lnk

[2012.05.14 18:15:23 | 000,000,941 | ---- | M] () -- C:\Users\Alice\Diablo III.lnk

[2011.10.03 14:28:23 | 000,001,586 | ---- | M] () -- C:\Users\Alice\DivX Movies (2).lnk

[2011.12.25 03:21:52 | 000,001,586 | ---- | M] () -- C:\Users\Alice\DivX Movies.lnk

[2011.04.05 13:36:29 | 000,002,066 | ---- | M] () -- C:\Users\Alice\DivX Plus Converter.lnk

[2011.12.25 03:21:37 | 000,001,086 | ---- | M] () -- C:\Users\Alice\DivX Plus Player.lnk

[2011.10.06 20:35:23 | 000,411,744 | ---- | M] () -- C:\Users\Alice\Dok1.odt

[2011.08.13 11:03:20 | 000,001,201 | ---- | M] () -- C:\Users\Alice\DVDVideoSoft Free Studio.lnk

[2011.08.13 11:03:20 | 000,001,257 | ---- | M] () -- C:\Users\Alice\Free Audio CD Burner.lnk

[2011.08.13 11:03:20 | 000,001,360 | ---- | M] () -- C:\Users\Alice\Free YouTube to MP3 Converter.lnk

[2010.06.23 03:05:13 | 000,002,690 | ---- | M] () -- C:\Users\Alice\Medion MediaPack.lnk

[2012.12.28 15:10:35 | 002,359,296 | -HS- | M] () -- C:\Users\Alice\ntuser.dat

[2012.12.28 15:10:35 | 000,262,144 | -HS- | M] () -- C:\Users\Alice\ntuser.dat.LOG1

[2012.11.19 17:15:59 | 000,262,144 | -HS- | M] () -- C:\Users\Alice\ntuser.dat.LOG2

[2010.08.03 10:26:32 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2010.08.03 10:26:32 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2010.08.03 10:26:32 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2012.08.29 18:10:34 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{b638a02c-f1f4-11e1-8a5c-406186af99e2}.TM.blf

[2012.08.29 18:10:34 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{b638a02c-f1f4-11e1-8a5c-406186af99e2}.TMContainer00000000000000000001.regtrans-ms

[2012.08.29 18:10:34 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{b638a02c-f1f4-11e1-8a5c-406186af99e2}.TMContainer00000000000000000002.regtrans-ms

[2011.04.11 16:15:05 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{bf7a6eef-643f-11e0-b7b9-406186af99e2}.TM.blf

[2011.04.11 16:15:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{bf7a6eef-643f-11e0-b7b9-406186af99e2}.TMContainer00000000000000000001.regtrans-ms

[2011.04.11 16:15:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{bf7a6eef-643f-11e0-b7b9-406186af99e2}.TMContainer00000000000000000002.regtrans-ms

[2012.09.05 16:10:05 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{c76e392b-f72d-11e1-841c-406186af99e2}.TM.blf

[2012.09.05 16:10:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{c76e392b-f72d-11e1-841c-406186af99e2}.TMContainer00000000000000000001.regtrans-ms

[2012.09.05 16:10:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{c76e392b-f72d-11e1-841c-406186af99e2}.TMContainer00000000000000000002.regtrans-ms

[2012.12.25 13:52:46 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{da759d90-4d11-11e2-8bd4-406186af99e2}.TM.blf

[2012.12.25 13:52:46 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{da759d90-4d11-11e2-8bd4-406186af99e2}.TMContainer00000000000000000001.regtrans-ms

[2012.12.25 13:52:46 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{da759d90-4d11-11e2-8bd4-406186af99e2}.TMContainer00000000000000000002.regtrans-ms

[2011.11.03 16:37:13 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{fac46e5f-0613-11e1-be1f-406186af99e2}.TM.blf

[2011.11.03 16:37:13 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{fac46e5f-0613-11e1-be1f-406186af99e2}.TMContainer00000000000000000001.regtrans-ms

[2011.11.03 16:37:13 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{fac46e5f-0613-11e1-be1f-406186af99e2}.TMContainer00000000000000000002.regtrans-ms

[2010.08.03 10:26:33 | 000,000,020 | -HS- | M] () -- C:\Users\Alice\ntuser.ini

[2012.01.14 19:59:13 | 000,001,055 | ---- | M] () -- C:\Users\Alice\PokerStars.net.lnk

[2012.12.15 16:55:02 | 000,000,736 | ---- | M] () -- C:\Users\Alice\Star Wars - The Old Republic.lnk

[2012.04.21 18:20:47 | 000,035,328 | -HS- | M] () -- C:\Users\Alice\Thumbs.db

[2012.09.02 09:21:25 | 000,000,908 | ---- | M] () -- C:\Users\Alice\World of Warcraft.lnk

[2012.04.14 11:54:47 | 000,000,366 | ---- | M] () -- C:\Users\Alice\WoW.lnk

[2012.04.14 16:47:14 | 000,000,016 | ---- | M] () -- C:\Users\Alice\Zuhause.txt

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 

< End of report >

--- --- ---

Update bitte Malwarebytes und füre einen vollständigen Scan aus, log posten

Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free anti-malware download

Datenbank Version: v2013.01.03.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Alice :: BUNSE [Administrator]

03.01.2013 22:56:10
mbam-log-2013-01-03 (22-56-10).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216345
Laufzeit: 5 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-1877026290-1340578905-802739823-1000\$RDN18P9.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-1877026290-1340578905-802739823-1000\$RZT6YIJ.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

7-Zip 9.20 09.01.2011 nötig
Acrobat.com Adobe Systems Incorporated 22.06.2010 1,60MB 1.6.65 nötig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 05.08.2012 6,00MB 11.3.300.268 nötig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 23.07.2012 6,00MB 11.3.300.265 nötig
Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 15.08.2012 121MB 10.1.4 nötig
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 23.07.2012 11.6.5.635 nötig
AION Free-To-Play Gameforge 08.04.2012 22,6MB 2.70.0000 unnötig
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 08.07.2012 20,2MB 8.0.881.0 nötig
Apple Application Support Apple Inc. 25.12.2012 65,0MB 2.3.2 nötig
Apple Mobile Device Support Apple Inc. 25.12.2012 24,5MB 6.0.1.3 nötig
Apple Software Update Apple Inc. 06.11.2012 2,38MB 2.1.3.127 nötig
Ashampoo Burning Studio ashampoo GmbH & Co. KG 22.06.2010 129MB 9.23.0 nötig
Ashampoo Photo Commander ashampoo GmbH & Co. KG 22.06.2010 113MB 8.1.0 unnötig
Ashampoo Snap ashampoo GmbH & Co. KG 22.06.2010 27,3MB 3.4.0 unnötig
Audiograbber 1.83 SE Audiograbber 28.01.2011 1.83 SE nötig
Audiograbber MP3-Plugin AG 28.01.2011 1.0 unbekannt
Avira Free Antivirus Avira 14.11.2012 108MB 12.1.9.1236 nötig
Bonjour Apple Inc. 06.11.2012 1,02MB 3.0.0.10 unbekannt
CCleaner Piriform 19.12.2012 3.26 nötig
Cisco EAP-FAST Module Cisco Systems, Inc. 22.06.2010 1,15MB 2.2.14 unbekannt
Cisco LEAP Module Cisco Systems, Inc. 22.06.2010 492KB 1.0.19 unbekannt
Cisco PEAP Module Cisco Systems, Inc. 22.06.2010 924KB 1.1.6 unbekannt
Compatibility Pack für 2007 Office System Microsoft Corporation 12.12.2012 117MB 12.0.6612.1000 nötig
Conduit Engine Conduit Ltd. 13.08.2011 unbekannt
CorelDRAW Essentials 4 Corel Corporation 22.06.2010 nötig
CorelDRAW Essentials 4 - Windows Shell Extension Corel Corporation 22.06.2010 2,93MB nötig
CyberLink LabelPrint CyberLink Corp. 22.06.2010 143MB 2.5.2602 unnötig
CyberLink Power2Go CyberLink Corp. 22.06.2010 104MB 6.1.3602c nötig
CyberLink PowerDVD Copy CyberLink Corp. 22.06.2010 30,7MB 1.5.1306 nötig
CyberLink YouCam CyberLink Corp. 22.06.2010 132MB 3.0.2626 nötig
DAEMON Tools Lite DT Soft Ltd 20.12.2012 4.46.1.0327 nötig
Diablo III Blizzard Entertainment 04.11.2012 1.0.5.12811 unnötig
DivX-Setup DivX, LLC 20.03.2012 2.6.1.8 nötig
Dropbox Dropbox, Inc. 21.08.2012 1.4.12 nötig
DVDVideoSoftTB Toolbar DVDVideoSoftTB 13.08.2011 6.3.3.3 unnötig
EA SPORTS Game Face Browser Plugin 1.5.3.0 Electronic Arts 16.12.2011 1.5.3.0 unnötig
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 05.03.2011 10,3MB unnötig
ICQ7.6 ICQ 02.11.2011 7.6 nötig
iTunes Apple Inc. 25.12.2012 189MB 11.0.1.12 nötig
Java 7 Update 9 Oracle 06.09.2012 128MB 7.0.90 nötig
JavaFX 2.1.1 Oracle Corporation 14.06.2012 20,8MB 2.1.1 nötig
JMicron Flash Media Controller Driver JMicron Technology Corp. 03.08.2010 1.0.45.0 unbekannt
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 03.01.2013 18,4MB 1.70.0.1100 nötig
Medion Home Cinema CyberLink Corp. 22.06.2010 36,4MB 8.0.1505 nötig
Microsoft .NET Framework 1.1 17.02.2012 unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 23.06.2010 38,8MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 23.06.2010 2,93MB 4.0.30319 unbekannt
Microsoft IntelliPoint 8.0 Microsoft 24.03.2011 32,1MB 8.01.249.0 unbekannt
Microsoft Office 2010 Microsoft Corporation 22.06.2010 6,31MB 14.0.4763.1000 nötig
Microsoft Office Klick-und-Los 2010 Microsoft Corporation 17.05.2011 14.0.4763.1000 unnekannt
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 15.11.2012 73,8MB 12.0.6612.1000 nötig
Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 17.05.2011 14.0.4763.1000 unnötig
Microsoft Silverlight Microsoft Corporation 22.05.2012 241MB 5.1.10411.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [DEU] Microsoft Corporation 22.06.2010 333KB 3.1.0000 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 04.12.2011 1,72MB 3.1.0000 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 22.06.2010 252KB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 300KB 8.0.56336 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 15.04.2011 598KB 9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 22.06.2010 240KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 22.06.2010 596KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 600KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 08.03.2012 12,2MB 10.0.40219 unbekannt
Microsoft Works Microsoft Corporation 10.10.2012 711MB 9.7.0621 nötig
Mozilla Firefox 17.0.1 (x86 de) Mozilla 08.12.2012 42,4MB 17.0.1 nötig
Mozilla Maintenance Service Mozilla 08.12.2012 329KB 17.0.1 unnötig
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 22.06.2010 1,35MB 4.20.9876.0 unbekannt
NC Launcher (GameForge) NCsoft 08.04.2012 unbekannt
Pando Media Booster Pando Networks Inc. 26.01.2012 5,46MB 2.6.0.1 unbekannt
PlayReady PC Runtime x86 Microsoft Corporation 03.08.2010 1,65MB 1.3.0 unbekannt
PokerStars.net PokerStars.net 14.01.2012 unnötig
QuickTime Apple Inc. 25.12.2012 73,1MB 7.73.80.64 nötig
Realtek Ethernet Controller Driver For Windows 7 Realtek 22.06.2010 7.18.322.2010 nötig
Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 05.08.2010 6.0.1.5992 nötig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 05.08.2010 6.0.1.6132 nötig
REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 03.08.2010 1.00.0148 unbekannt
Skype™ 5.10 Skype Technologies S.A. 13.09.2012 19,4MB 5.10.116 nötig
Star Wars: The Old Republic Electronic Arts, Inc. 15.12.2012 27,2MB 1.00 unnötig
Synaptics Pointing Device Driver Synaptics Incorporated 22.06.2010 46,4MB 15.0.18.0 nötig
System Control Manager Micro-Star International Co., Ltd. 23.06.2010 2.210.0622.OE006.16.M04 nötig
TeamSpeak 3 Client TeamSpeak Systems GmbH 04.11.2012 3.0.9.2 nötig
Uninstall 1.0.0.1 05.03.2011 10,4MB unbekannt
Unity Web Player Unity Technologies ApS 02.10.2010 12,0MB unbekannt
Veetle TV 0.9.18 Veetle, Inc 19.10.2010 0.9.18 unbekannt
VLC media player 1.1.2 VideoLAN 03.08.2010 1.1.2 unbekannt
vShare.tv plugin 1.3 vShare.tv, Inc. 27.08.2011 1.3 unbekannt
Winamp Nullsoft, Inc 26.04.2012 5.623 nötig
Winamp Erkennungs-Plug-in Nullsoft, Inc 26.04.2012 75,0KB 1.0.0.1 unbekannt
Windows Driver Package - Broadcom Bluetooth (05/27/2009 6.1.7100.0) Broadcom 03.08.2010 05/27/2009 6.1.7100.0 unbekannt
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) Broadcom 03.08.2010 09/11/2009 6.2.0.9407 unbekannt
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 03.08.2010 07/28/2009 6.2.0.9800 unbekannt
Windows Live Essentials Microsoft Corporation 29.06.2012 15.4.3555.0308 nötig
Windows Live Sync Microsoft Corporation 03.08.2010 2,79MB 14.0.8117.416 unbekannt
Windows Media Encoder 9 Series 22.06.2010 unbekannt
WinRAR 4.20 (32-Bit) win.rar GmbH 15.09.2012 4.20.0 nötig
World of Warcraft Blizzard Entertainment 26.10.2012 14,2GB 5.0.5.16135 unnötig

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
AION
Ashampoo : alle unnötigen
Bonjour
Conduit
Diablo
DVDVideoSoftTB
EA
Free Audio
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
PokerStars
Star Wars:
Unity
Veetle
VLC
vShare
World of

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste
mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

# AdwCleaner v2.105 - Datei am 10/01/2013 um 18:21:09 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Alice - BUNSE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alice\Desktop\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\searchplugins\Conduit.xml
Datei Gefunden : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\searchplugins\plasmoo.xml
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\Alice\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Alice\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\Alice\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Alice\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Alice\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\Conduit
Ordner Gefunden : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\ConduitEngine
Ordner Gefunden : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\CT2269050
Ordner Gefunden : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gefunden : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gefunden : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\extensions\engine@conduit.com
Ordner Gefunden : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\extensions\engine@plasmoo.com
Ordner Gefunden : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\extensions\vshare@toolbar
Ordner Gefunden : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-1877026290-1340578905-802739823-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-1877026290-1340578905-802739823-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\prefs.js

Gefunden : user_pref("CT2269050..clientLogIsEnabled", true);
Gefunden : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gefunden : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gefunden : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gefunden : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Gefunden : user_pref("CT2269050.CTID", "CT2269050");
Gefunden : user_pref("CT2269050.CurrentServerDate", "10-1-2013");
Gefunden : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2269050.DialogsGetterLastCheckTime", "Tue Jan 08 2013 22:44:00 GMT+0100");
Gefunden : user_pref("CT2269050.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2269050.EMailNotifierPollDate", "Wed Mar 09 2011 16:16:37 GMT+0100");
Gefunden : user_pref("CT2269050.FirstServerDate", "5-3-2011");
Gefunden : user_pref("CT2269050.FirstTime", true);
Gefunden : user_pref("CT2269050.FirstTimeFF3", true);
Gefunden : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gefunden : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2269050.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2269050.Initialize", true);
Gefunden : user_pref("CT2269050.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gefunden : user_pref("CT2269050.InstalledDate", "Sat Mar 05 2011 15:04:57 GMT+0100");
Gefunden : user_pref("CT2269050.InvalidateCache", false);
Gefunden : user_pref("CT2269050.IsGrouping", false);
Gefunden : user_pref("CT2269050.IsMulticommunity", false);
Gefunden : user_pref("CT2269050.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2269050.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2269050.LanguagePackLastCheckTime", "Thu Jan 10 2013 17:28:42 GMT+0100");
Gefunden : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2269050.LastLogin_2.7.2.0", "Wed Mar 09 2011 16:03:03 GMT+0100");
Gefunden : user_pref("CT2269050.LastLogin_3.12.0.7", "Wed Apr 25 2012 12:51:21 GMT+0200");
Gefunden : user_pref("CT2269050.LastLogin_3.12.2.3", "Thu May 31 2012 17:32:54 GMT+0200");
Gefunden : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 12:58:21 GMT+0200");
Gefunden : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 15:18:30 GMT+0200");
Gefunden : user_pref("CT2269050.LastLogin_3.15.1.0", "Tue Nov 06 2012 17:18:43 GMT+0100");
Gefunden : user_pref("CT2269050.LastLogin_3.16.0.100", "Thu Jan 10 2013 17:28:42 GMT+0100");
Gefunden : user_pref("CT2269050.LastLogin_3.16.0.3", "Mon Dec 31 2012 15:08:39 GMT+0100");
Gefunden : user_pref("CT2269050.LatestVersion", "3.16.0.3");
Gefunden : user_pref("CT2269050.Locale", "en");
Gefunden : user_pref("CT2269050.LoginCache", 4);
Gefunden : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2269050.RadioIsPodcast", false);
Gefunden : user_pref("CT2269050.RadioLastCheckTime", "Tue Mar 08 2011 16:29:20 GMT+0100");
Gefunden : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gefunden : user_pref("CT2269050.RadioMediaID", "12473383");
Gefunden : user_pref("CT2269050.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gefunden : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gefunden : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gefunden : user_pref("CT2269050.SavedHomepage", "hxxp://www.google.de/");
Gefunden : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gefunden : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Thu Jan 10 2013 17:28:41 GMT+0100");
Gefunden : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2269050.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2269050.ServiceMapLastCheckTime", "Thu Jan 10 2013 17:28:41 GMT+0100");
Gefunden : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2269050.SettingsLastCheckTime", "Thu Jan 10 2013 17:28:41 GMT+0100");
Gefunden : user_pref("CT2269050.SettingsLastUpdate", "1357833316");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Mar 05 2011 15:04:57 GMT+0100");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gefunden : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gefunden : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2269050.UserID", "UN70637683068695933");
Gefunden : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2269050.WeatherNetwork", "");
Gefunden : user_pref("CT2269050.WeatherPollDate", "Wed Mar 09 2011 16:03:04 GMT+0100");
Gefunden : user_pref("CT2269050.WeatherUnit", "C");
Gefunden : user_pref("CT2269050.alertChannelId", "666138");
Gefunden : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "2423");
Gefunden : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6C6C73726D6E6E76");
Gefunden : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473727279787374747C242F4B4947[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e31;cj7;chgjd$nn", "247E61393F236B25717277732A212C6E414F444[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e31;cj?j9=i==f9&qfi", "247E61393F236B25767879787B2B222D6F42[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Gefunden : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3B3B716C3D4143407A71727A4A20484D4B4B2520514E522A56[...]
Gefunden : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Gefunden : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gefunden : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gefunden : user_pref("CT2269050.backendstorage./9b/556,bi5a>g", "6E6D6C6C73726D6D7778777173");
Gefunden : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gefunden : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Gefunden : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "686A6B416B736E6D7A73777349787D79494B4B4F24");
Gefunden : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C6C73726D6E6F7773727A");
Gefunden : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Gefunden : user_pref("CT2269050.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Gefunden : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Gefunden : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Gefunden : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gefunden : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Gefunden : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gefunden : user_pref("CT2269050.backendstorage.cbcountry_001", "4445");
Gefunden : user_pref("CT2269050.backendstorage.cbfirsttime", "5468752044656320323020323031322031393A34313A32312[...]
Gefunden : user_pref("CT2269050.backendstorage.cbopenmamsettings", "30");
Gefunden : user_pref("CT2269050.backendstorage.ct2269050ads1", "25374225323261647325323225334125354225374225323[...]
Gefunden : user_pref("CT2269050.backendstorage.ct2269050current_term", "426561757479");
Gefunden : user_pref("CT2269050.backendstorage.ct2269050isadsdisabled", "66616C7365");
Gefunden : user_pref("CT2269050.backendstorage.ct2269050sdate", "3130");
Gefunden : user_pref("CT2269050.backendstorage.hxxp://storage_conduit_com/marketplace/83/6d/8399d181-be98-42f2-[...]
Gefunden : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "53756E204A756C20313520323031322032323A[...]
Gefunden : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Gefunden : user_pref("CT2269050.backendstorage.url_history0001", "687474703A2F2F7777772E7370696567656C2E64652F6[...]
Gefunden : user_pref("CT2269050.clientLogIsEnabled", true);
Gefunden : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2269050.initDone", true);
Gefunden : user_pref("CT2269050.myStuffEnabled", true);
Gefunden : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2269050.revertSettingsEnabled", true);
Gefunden : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2269050.testingCtid", "");
Gefunden : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Thu Jan 10 2013 17:28:42 GMT+0100");
Gefunden : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CT2269050.usagesFlag", 2);
Gefunden : user_pref("CT2857572..clientLogIsEnabled", false);
Gefunden : user_pref("CT2857572..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2857572..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2857572.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2857572.CT2857572", "CT2857572");
Gefunden : user_pref("CT2857572.CurrentServerDate", "3-1-2011");
Gefunden : user_pref("CT2857572.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2857572.DialogsGetterLastCheckTime", "Mon Jan 03 2011 15:43:13 GMT+0100");
Gefunden : user_pref("CT2857572.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Gefunden : user_pref("CT2857572.ExternalComponentPollDate129356796046694434", "Mon Jan 03 2011 15:43:14 GMT+010[...]
Gefunden : user_pref("CT2857572.FirstServerDate", "3-1-2011");
Gefunden : user_pref("CT2857572.FirstTime", true);
Gefunden : user_pref("CT2857572.FirstTimeFF3", true);
Gefunden : user_pref("CT2857572.FixPageNotFoundErrors", false);
Gefunden : user_pref("CT2857572.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2857572.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2857572.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2857572.Initialize", true);
Gefunden : user_pref("CT2857572.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2857572.InstallationAndCookieDataSentCount", 1);
Gefunden : user_pref("CT2857572.InstalledDate", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gefunden : user_pref("CT2857572.IsGrouping", false);
Gefunden : user_pref("CT2857572.IsMulticommunity", false);
Gefunden : user_pref("CT2857572.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2857572.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2857572.LanguagePackLastCheckTime", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gefunden : user_pref("CT2857572.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2857572.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2857572.LastLogin_3.3.0.19", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gefunden : user_pref("CT2857572.LatestVersion", "3.2.5.2");
Gefunden : user_pref("CT2857572.Locale", "en");
Gefunden : user_pref("CT2857572.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2857572.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2857572.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2857572.SavedHomepage", "hxxp://www.google.de/");
Gefunden : user_pref("CT2857572.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2857572.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gefunden : user_pref("CT2857572.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2857572.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2857572.SearchInNewTabLastCheckTime", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gefunden : user_pref("CT2857572.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2857572.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2857572.ServiceMapLastCheckTime", "Mon Jan 03 2011 15:43:12 GMT+0100");
Gefunden : user_pref("CT2857572.SettingsLastCheckTime", "Mon Jan 03 2011 15:43:12 GMT+0100");
Gefunden : user_pref("CT2857572.SettingsLastUpdate", "1293717269");
Gefunden : user_pref("CT2857572.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2857572.ThirdPartyComponentsLastCheck", "Mon Jan 03 2011 15:43:12 GMT+0100");
Gefunden : user_pref("CT2857572.ThirdPartyComponentsLastUpdate", "1246790578");
Gefunden : user_pref("CT2857572.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2857572.UserID", "UN79756617775496864");
Gefunden : user_pref("CT2857572.WeatherNetwork", "");
Gefunden : user_pref("CT2857572.WeatherPollDate", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gefunden : user_pref("CT2857572.WeatherUnit", "C");
Gefunden : user_pref("CT2857572.alertChannelId", "1249594");
Gefunden : user_pref("CT2857572.approveUntrustedApps", true);
Gefunden : user_pref("CT2857572.components.129356796047006936", true);
Gefunden : user_pref("CT2857572.globalFirstTimeInfoLastCheckTime", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gefunden : user_pref("CT2857572.isAppTrackingManagerOn", false);
Gefunden : user_pref("CT2857572.myStuffEnabled", true);
Gefunden : user_pref("CT2857572.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2857572.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2857572.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2857572.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2857572.testingCtid", "");
Gefunden : user_pref("CT2857572.toolbarAppMetaDataLastCheckTime", "Mon Jan 03 2011 15:43:13 GMT+0100");
Gefunden : user_pref("CT2857572.toolbarContextMenuLastCheckTime", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gefunden : user_pref("CT2857572.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249594/1245267/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2857572", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2857572",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2857572/CT2857572[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"86a[...]
Gefunden : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Gefunden : user_pref("CommunityToolbar.EngineOwner", "CT2857572");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.12");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", false);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree[...]
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857572");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.12");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/index.htm?SearchMashi[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2857572,CT2269050,ConduitEngine");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2857572,CT2269050");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Mar 26 2011 02:59:48 GMT+01[...]
Gefunden : user_pref("CommunityToolbar.alert.alertEnabled", true);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 23 2011 20:23:02 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 20:22:53 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "0fdaea87-87e1-41fd-8792-3d56bd4d573d");
Gefunden : user_pref("CommunityToolbar.globalUserId", "d587c9a1-4075-408f-a679-300d34805d9d");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gefunden : user_pref("ConduitEngine.FirstTimeFF3", true);
Gefunden : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gefunden : user_pref("ConduitEngine.Initialize", true);
Gefunden : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gefunden : user_pref("ConduitEngine.IsMulticommunity", false);
Gefunden : user_pref("ConduitEngine.engineLocale", "de");
Gefunden : user_pref("ConduitEngine.initDone", true);
Gefunden : user_pref("browser.search.defaultenginename", "Plasmoo");
Gefunden : user_pref("browser.search.defaultthis.engineName", "Plasmoo");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searc[...]
Gefunden : user_pref("extensions.enabledAddons", "engine%40plasmoo.com:1.0.0.32,%7Bdd05fd3d-18df-4ce4-ae53-e795[...]
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Gefunden : user_pref("plasmoo.search.engine.prevkeywordurl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gefunden : user_pref("plasmoo.search.engine.prevsearchdefaultenginename", "ICQ Search");
Gefunden : user_pref("plasmoo.search.engine.prevsearchdefaultthisenginename", "Search");
Gefunden : user_pref("plasmoo.search.engine.prevsearchdefaulturl", "hxxp://search.icq.com/search/afe_results.ph[...]
Gefunden : user_pref("plasmoo.search.engine.prevsearchselectedengine", "Google");
Gefunden : user_pref("plasmoo.search.engine.prevstartuphomepage", "hxxp://www.google.de/");
Gefunden : user_pref("plasmoo.search.engine.status", "INSTALLED");
Gefunden : user_pref("quickstores.toolbar.affid", "2002");
Gefunden : user_pref("quickstores.toolbar.guid", "{6FC7E932-E8B1-CD68-02E8-22857177DDB4}");
Gefunden : user_pref("vshare.install.date", "1287273600000");
Gefunden : user_pref("vshare.install.finished", "1.0.0");
Gefunden : user_pref("vshare.install.guid", "{d0da1a52-af39-47a3-a2e4-820413097172}");
Gefunden : user_pref("vshare.install.isHidden", true);
Gefunden : user_pref("vshare.install.laststatreq", "1305244800000");
Gefunden : user_pref("vshare.install.newtab", false);

*************************

AdwCleaner[R1].txt - [32575 octets] - [10/01/2013 18:21:09]

########## EOF - C:\AdwCleaner[R1].txt - [32636 octets] ##########

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe
alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein
Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den
Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

neustarten, testen, wie der PC + Programme laufen, auch den Internet Explorer.

# AdwCleaner v2.105 - Datei am 11/01/2013 um 16:43:53 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Alice - BUNSE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alice\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\searchplugins\plasmoo.xml
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Alice\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Alice\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Alice\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Alice\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Alice\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\Conduit
Ordner Gelöscht : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\ConduitEngine
Ordner Gelöscht : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\CT2269050
Ordner Gelöscht : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\extensions\engine@plasmoo.com
Ordner Gelöscht : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\extensions\vshare@toolbar
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\prefs.js

Gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "11-1-2013");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Tue Jan 08 2013 22:44:00 GMT+0100");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Wed Mar 09 2011 16:16:37 GMT+0100");
Gelöscht : user_pref("CT2269050.FirstServerDate", "5-3-2011");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Sat Mar 05 2011 15:04:57 GMT+0100");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Thu Jan 10 2013 17:28:42 GMT+0100");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.2.0", "Wed Mar 09 2011 16:03:03 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Wed Apr 25 2012 12:51:21 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Thu May 31 2012 17:32:54 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 12:58:21 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 15:18:30 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Tue Nov 06 2012 17:18:43 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.100", "Fri Jan 11 2013 13:28:43 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.3", "Mon Dec 31 2012 15:08:39 GMT+0100");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.16.0.3");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Tue Mar 08 2011 16:29:20 GMT+0100");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://www.google.de/");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Thu Jan 10 2013 17:28:41 GMT+0100");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Thu Jan 10 2013 17:28:41 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Fri Jan 11 2013 16:40:45 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1357915202");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Mar 05 2011 15:04:57 GMT+0100");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2269050.UserID", "UN70637683068695933");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Wed Mar 09 2011 16:03:04 GMT+0100");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "2423");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6C6C73726D6E6E76");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473727279787374747C242F4B4947[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7;chgjd$nn", "247E61393F236B25717277732A212C6E414F444[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj?j9=i==f9&qfi", "247E61393F236B25767879787B2B222D6F42[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3B3B716C3D4143407A71727A4A20484D4B4B2520514E522A56[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b/556,bi5a>g", "6E6D6C6C73726D6D7778777173");
Gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "686A6B416B736E6D7A73777349787D79494B4B4F24");
Gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C6C73726D6E6F7773727A");
Gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2269050.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gelöscht : user_pref("CT2269050.backendstorage.cbcountry_001", "4445");
Gelöscht : user_pref("CT2269050.backendstorage.cbfirsttime", "5468752044656320323020323031322031393A34313A32312[...]
Gelöscht : user_pref("CT2269050.backendstorage.cbopenmamsettings", "30");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050ads1", "25374225323261647325323225334125354225374225323[...]
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050current_term", "426561757479");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050isadsdisabled", "66616C7365");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050sdate", "3130");
Gelöscht : user_pref("CT2269050.backendstorage.hxxp://storage_conduit_com/marketplace/83/6d/8399d181-be98-42f2-[...]
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "53756E204A756C20313520323031322032323A[...]
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Gelöscht : user_pref("CT2269050.backendstorage.url_history0001", "687474703A2F2F7777772E7370696567656C2E64652F6[...]
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.initDone", true);
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.testingCtid", "");
Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Thu Jan 10 2013 17:28:42 GMT+0100");
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2269050.usagesFlag", 2);
Gelöscht : user_pref("CT2857572..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2857572..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2857572..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2857572.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2857572.CT2857572", "CT2857572");
Gelöscht : user_pref("CT2857572.CurrentServerDate", "3-1-2011");
Gelöscht : user_pref("CT2857572.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2857572.DialogsGetterLastCheckTime", "Mon Jan 03 2011 15:43:13 GMT+0100");
Gelöscht : user_pref("CT2857572.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Gelöscht : user_pref("CT2857572.ExternalComponentPollDate129356796046694434", "Mon Jan 03 2011 15:43:14 GMT+010[...]
Gelöscht : user_pref("CT2857572.FirstServerDate", "3-1-2011");
Gelöscht : user_pref("CT2857572.FirstTime", true);
Gelöscht : user_pref("CT2857572.FirstTimeFF3", true);
Gelöscht : user_pref("CT2857572.FixPageNotFoundErrors", false);
Gelöscht : user_pref("CT2857572.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2857572.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2857572.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2857572.Initialize", true);
Gelöscht : user_pref("CT2857572.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2857572.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2857572.InstalledDate", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gelöscht : user_pref("CT2857572.IsGrouping", false);
Gelöscht : user_pref("CT2857572.IsMulticommunity", false);
Gelöscht : user_pref("CT2857572.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2857572.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2857572.LanguagePackLastCheckTime", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gelöscht : user_pref("CT2857572.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2857572.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2857572.LastLogin_3.3.0.19", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gelöscht : user_pref("CT2857572.LatestVersion", "3.2.5.2");
Gelöscht : user_pref("CT2857572.Locale", "en");
Gelöscht : user_pref("CT2857572.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2857572.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2857572.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2857572.SavedHomepage", "hxxp://www.google.de/");
Gelöscht : user_pref("CT2857572.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2857572.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gelöscht : user_pref("CT2857572.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2857572.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2857572.SearchInNewTabLastCheckTime", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gelöscht : user_pref("CT2857572.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2857572.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2857572.ServiceMapLastCheckTime", "Mon Jan 03 2011 15:43:12 GMT+0100");
Gelöscht : user_pref("CT2857572.SettingsLastCheckTime", "Mon Jan 03 2011 15:43:12 GMT+0100");
Gelöscht : user_pref("CT2857572.SettingsLastUpdate", "1293717269");
Gelöscht : user_pref("CT2857572.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2857572.ThirdPartyComponentsLastCheck", "Mon Jan 03 2011 15:43:12 GMT+0100");
Gelöscht : user_pref("CT2857572.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2857572.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2857572.UserID", "UN79756617775496864");
Gelöscht : user_pref("CT2857572.WeatherNetwork", "");
Gelöscht : user_pref("CT2857572.WeatherPollDate", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gelöscht : user_pref("CT2857572.WeatherUnit", "C");
Gelöscht : user_pref("CT2857572.alertChannelId", "1249594");
Gelöscht : user_pref("CT2857572.approveUntrustedApps", true);
Gelöscht : user_pref("CT2857572.components.129356796047006936", true);
Gelöscht : user_pref("CT2857572.globalFirstTimeInfoLastCheckTime", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gelöscht : user_pref("CT2857572.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2857572.myStuffEnabled", true);
Gelöscht : user_pref("CT2857572.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2857572.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2857572.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2857572.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2857572.testingCtid", "");
Gelöscht : user_pref("CT2857572.toolbarAppMetaDataLastCheckTime", "Mon Jan 03 2011 15:43:13 GMT+0100");
Gelöscht : user_pref("CT2857572.toolbarContextMenuLastCheckTime", "Mon Jan 03 2011 15:43:14 GMT+0100");
Gelöscht : user_pref("CT2857572.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249594/1245267/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2857572", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2857572",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2857572/CT2857572[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"86a[...]
Gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "CT2857572");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.12");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree[...]
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857572");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.12");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/index.htm?SearchMashi[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2857572,CT2269050,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2857572,CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Mar 26 2011 02:59:48 GMT+01[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertEnabled", true);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 23 2011 20:23:02 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 20:22:53 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "0fdaea87-87e1-41fd-8792-3d56bd4d573d");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "d587c9a1-4075-408f-a679-300d34805d9d");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("browser.search.defaultenginename", "Plasmoo");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Plasmoo");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searc[...]
Gelöscht : user_pref("extensions.enabledAddons", "engine%40plasmoo.com:1.0.0.32,%7Bdd05fd3d-18df-4ce4-ae53-e795[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Gelöscht : user_pref("plasmoo.search.engine.prevkeywordurl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaultenginename", "ICQ Search");
Gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaultthisenginename", "Search");
Gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaulturl", "hxxp://search.icq.com/search/afe_results.ph[...]
Gelöscht : user_pref("plasmoo.search.engine.prevsearchselectedengine", "Google");
Gelöscht : user_pref("plasmoo.search.engine.prevstartuphomepage", "hxxp://www.google.de/");
Gelöscht : user_pref("plasmoo.search.engine.status", "INSTALLED");
Gelöscht : user_pref("quickstores.toolbar.affid", "2002");
Gelöscht : user_pref("quickstores.toolbar.guid", "{6FC7E932-E8B1-CD68-02E8-22857177DDB4}");
Gelöscht : user_pref("vshare.install.date", "1287273600000");
Gelöscht : user_pref("vshare.install.finished", "1.0.0");
Gelöscht : user_pref("vshare.install.guid", "{d0da1a52-af39-47a3-a2e4-820413097172}");
Gelöscht : user_pref("vshare.install.isHidden", true);
Gelöscht : user_pref("vshare.install.laststatreq", "1305244800000");
Gelöscht : user_pref("vshare.install.newtab", false);

*************************

AdwCleaner[R1].txt - [32706 octets] - [10/01/2013 18:21:09]
AdwCleaner[R2].txt - [32767 octets] - [10/01/2013 18:40:22]
AdwCleaner[S1].txt - [32448 octets] - [11/01/2013 16:43:53]

########## EOF - C:\AdwCleaner[S1].txt - [32509 octets] ##########

Frage noch beantworten die oben steht, danke.

oh,sry.

läuft super. keine beschwerden. danke für die ausführliche hilfe und die geduld.

c

Öffne bitte otl, bereinigen, neustart wird durchgeführt, Remover gelöscht.
Lösche übrig gebliebene Remover, setups, Logs, leere den Papierkorb.
PC absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.

Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten