Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) (https://www.trojaner-board.de/131371-trojan-win32-bublikb-email-casa-mina-blub-blub-freenet-de.html)

fantie 21.02.2013 23:45
Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de)
 
Habe heute eine Email von o.g. Absender bekommen mit einer Rechnung als ZIP-Datei. War über den Rechnungsbetrag so entsetzt, dass ich den Anhang ohne zu überlegen geöffnet habe.
Datei ließ sich aber nicht öffnen. Microsoft Security Essentials zeigt jetzt dauernd an, dass die Bedrohung entfernt wurde und keine weiteren Aktionen notwendig sind. Fundort file:C:\Users\Ralph\AppData\Local\Temp\{11377-4BF4E8-4BF8E8}. Ist mein Computer jetzt wieder in Ordnung?

cosinus 22.02.2013 00:08
Hallo und :hallo:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

fantie 22.02.2013 18:32
OTL Logfile:
Code:
OTL logfile created on: 22.02.2013 18:06:55 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Acer\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 55,49% Memory free
6,37 Gb Paging File | 4,82 Gb Available in Paging File | 75,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 215,35 Gb Free Space | 73,41% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name:*********** Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Acer\Downloads\OTL(5).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ddbbfda715843c275166d3867d28e67a\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (cpuz135) -- D:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys (CPUID)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2625848&SSPV=TB_IESB21
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 58 79 58 C7 4B CD 01  [binary data]
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=homepage
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI"
FF - prefs.js..extensions.enabledAddons: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}:10.13.40.15
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.11 19:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.02 10:59:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.19 12:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2013.02.22 17:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ghp7knlq.default\extensions
[2012.12.25 16:04:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ghp7knlq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2012.12.25 16:04:28 | 000,001,064 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\mozilla\firefox\profiles\ghp7knlq.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2012.06.17 16:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.02 10:59:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\Run: [ASRockIES]  File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\Run: [ASRockOCTuner]  File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [ljyrunnu] C:\Users\Ralph\AppData\Local\Temp\Llrn\fezqkunnu.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [mhwxelle] C:\Users\Ralph\AppData\Local\Temp\Gepy\pgkymfwelle.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [mixerd] C:\Users\Ralph\AppData\Roaming\mixerd.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [Vekiuwule] C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{342748DA-103B-4BD7-9A8D-3A3A35BED687}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0DF9C30-4BA1-41D0-A66F-25C127C5BBFF}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.22 17:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.22 17:25:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.22 17:25:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.18 19:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.18 19:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.18 19:55:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.14 16:40:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 16:40:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 16:40:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 16:40:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 16:40:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 16:40:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 16:40:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 16:40:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 16:40:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 16:40:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 16:40:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 16:40:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 16:40:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 16:40:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 16:40:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.14 15:53:43 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 15:53:41 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.14 15:53:41 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.14 15:53:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.14 15:53:33 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.14 15:53:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.14 15:53:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.14 15:53:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.14 15:53:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.14 15:53:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.14 15:53:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.14 15:53:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.14 15:53:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.14 15:53:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.14 15:53:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.14 15:53:25 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.02.06 20:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.06 20:24:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:24:04 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.22 17:42:54 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.22 17:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.22 17:14:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 17:14:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 17:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.22 17:09:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.02.22 17:09:13 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 16:50:45 | 000,376,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 16:43:33 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 16:43:33 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 16:43:33 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 16:43:33 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 16:43:33 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.11 21:23:02 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.11 19:38:27 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.11 19:38:26 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.06 20:23:58 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.06 20:23:55 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:23:54 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.06 20:23:54 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2013.02.22 17:42:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.22 17:42:54 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.06.17 17:04:16 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.17 12:45:41 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.06.17 12:45:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.11 19:34:32 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoft
[2013.02.11 19:34:04 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.16 16:54:55 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Foxit Software
[2012.06.16 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Iminent
[2012.08.15 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Lexware
[2012.06.16 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\MAGIX
[2012.06.16 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OpenOffice.org
[2012.07.05 13:04:27 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\PhotoScape
[2013.01.22 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoft
[2012.07.10 14:04:19 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Foxit Software
[2012.06.16 17:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Iminent
[2012.08.17 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Lexware
[2012.12.03 12:31:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\MAGIX
[2012.06.17 15:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org
[2012.08.03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PhotoScape
[2013.02.22 09:45:34 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Bafeyz
[2012.12.25 16:11:14 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DVDVideoSoft
[2013.02.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FILEminimizerPictures
[2012.07.28 14:04:23 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Foxit Software
[2012.06.16 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Iminent
[2013.02.22 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Ipidy
[2013.02.22 09:45:34 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Kuev
[2012.08.16 07:49:29 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Lexware
[2012.06.20 21:01:07 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MAGIX
[2012.06.17 14:06:15 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\OpenOffice.org
[2012.08.07 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PhotoScape
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 22.02.2013 18:48:55 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Acer\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 47,59% Memory free
6,37 Gb Paging File | 4,62 Gb Available in Paging File | 72,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 215,34 Gb Free Space | 73,41% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\Ralph\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0102FE8B-254B-40D5-9D7F-FFC79D9A0423}" = lport=10243 | protocol=6 | dir=in | app=system |
"{030F8F94-1BFC-4060-B0D7-9773B22D9D9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{1B5B6CBA-3A90-4582-9089-F332C8F7FB5E}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F2191F4-8B8C-40A1-BDD4-D0210C5644B1}" = lport=139 | protocol=6 | dir=in | app=system |
"{1FE81CE1-7D45-4863-977E-4F56A59BD922}" = rport=138 | protocol=17 | dir=out | app=system |
"{23343BD9-7F28-4BD8-9B71-2DA5DF98FC99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C4D9537-42B2-41A0-A540-F00B0D478D8B}" = rport=139 | protocol=6 | dir=out | app=system |
"{45D77A20-079E-4CFF-95E3-F6D531B2357A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{546471DB-116B-43F9-8C9A-163D9F3AA182}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7567F652-9642-4F0D-A27E-2117E02113AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{76D5E7E9-1522-4AE1-92CB-1100F719D8E1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{843E6327-1BF1-4E4C-8F24-243078861A89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9443823F-99D8-4B01-9AF7-2EA257236E53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD60B028-B1C7-4E0C-8499-0745BF8593DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE666B1D-2997-4481-86C3-5BB39A866F68}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E10A967C-2CAA-4ED0-B532-69ABC9164691}" = rport=445 | protocol=6 | dir=out | app=system |
"{E31E9FBF-DC08-4056-A755-048C26749213}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E48E4404-CA9B-4B50-82FB-643DEE564E48}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC738DD2-8E7D-4443-A517-AC4466EA61AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB9D9FA6-1CB2-4F28-8A0B-927DD02375A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBF73F83-EE14-4ED0-AB08-60D4603159D8}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C929B62-EBAD-447B-9C10-8EE1ED7176DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1050FC65-D7E4-4740-96BB-F7271D20570D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{15514EFE-1234-438D-9616-022E5B0FA596}" = protocol=6 | dir=out | app=system |
"{1B8B3054-CA7B-40B5-8469-FE9BC55449CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{254870A2-465F-4720-920A-CF8CEA628189}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{385D6BCB-099E-45C4-9A3E-FC0369EF956A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40ECCEF8-F147-45C1-AAD7-8F25512F5E60}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{471EA1DA-DEB0-496E-A84D-07EF756AEE5B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4CDFB222-B31A-47B9-AF5E-9C578BE429A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D4309E0-5886-4C60-BE07-978110C24B06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5AE6AA16-D4F1-4B21-AA9A-A264CBAE9171}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{640DB87C-F0F9-4803-B308-67B4C0924A30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ECB6A22-94E7-4442-BFFD-145EDC05B7CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A7177CD-FD0E-4F8A-9752-7DD435895C44}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{8E2ED69D-9376-4CF0-AAA2-00E2E7418A7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{940ACFE7-2CCF-4EF1-9D4B-8E2DFEBE5942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0EE29E8-5CB4-4F91-9D09-B48E99E5CA72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF4876BD-911B-4FF7-BE80-47D7C62ED40B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B27E2BD6-5348-4737-82CC-B68B71C28D57}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B47FC13D-21E4-42A2-9645-D7FE79D25A78}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{BBB45D23-12FA-4993-8E08-4C2F27B488A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BEA9861C-F3C7-477A-97AA-00DE0008C104}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C551BFB8-DD01-4C9D-9975-BA57C1D86103}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFE55414-B6AD-4AD9-A7CE-9A7AD5B33B15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBAB3F01-A59E-4E15-AAEE-2181323F5650}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDDBD26D-603D-435A-B7E0-B19B67CF8562}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E70B622F-ED5E-4409-8070-9FD5C136F25D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF4A51AB-00CD-4F06-9C08-887B215F84CD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{CC4739AF-8724-4CD0-B8F5-DE4AA2DCC808}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=6 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe |
"UDP Query User{BEFDAACB-2D02-4E1F-9904-6E9D3D83D832}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=17 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE89496-456F-4689-9FFE-41AA127B70B3}" = MAGIX Music Maker Silver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D366D527-EE72-42C2-80BC-531BB30D924A}" = MAGIX Photo Manager 10
"{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011
"{E80714D0-951E-4B4F-8716-F24C9CCC27C9}" = CK Gruß- und Einladungskarten Designer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7538994-FA9A-41AC-A390-808A6E26B971}" = MAGIX Screenshare
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES v2.0.8
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.2.93
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"IMBoosterARP" = Iminent
"MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
"MAGIX_MSI_mm17_silver" = MAGIX Music Maker Silver
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.2
"PhotoScape" = PhotoScape
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.02.2013 12:15:45 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a7000a  ID des fehlerhaften
 Prozesses: 0xf44  Startzeit der fehlerhaften Anwendung: 0x01ce1117de6f4cf7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 1c4214ec-7d0b-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:17:05 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x05a3000a  ID des fehlerhaften
 Prozesses: 0xb70  Startzeit der fehlerhaften Anwendung: 0x01ce11180d832bdc  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 4c122797-7d0b-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:17:10 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x02ca000a  ID des fehlerhaften
 Prozesses: 0xb64  Startzeit der fehlerhaften Anwendung: 0x01ce111810def1d0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 4f10f0d1-7d0b-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:28:17 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00b5000a  ID des fehlerhaften
 Prozesses: 0x11a8  Startzeit der fehlerhaften Anwendung: 0x01ce11199df657c6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: dcab4275-7d0c-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:29:07 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x04d3000a  ID des fehlerhaften
 Prozesses: 0x268  Startzeit der fehlerhaften Anwendung: 0x01ce1119bac42b6f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: fa45f386-7d0c-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:31:39 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x030e000a  ID des fehlerhaften
 Prozesses: 0x102c  Startzeit der fehlerhaften Anwendung: 0x01ce111a144a3601  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 551241ae-7d0d-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:35:03 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x04d2000a  ID des fehlerhaften
 Prozesses: 0x474  Startzeit der fehlerhaften Anwendung: 0x01ce111a8eeb9623  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: cea8e0a1-7d0d-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:57:20 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12b8    Startzeit:
 01ce111b04790e01    Endzeit: 130    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 e30db135-7d10-11e2-baf8-002522e80768 
 
Error - 22.02.2013 12:58:26 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x04ed000a  ID des fehlerhaften
 Prozesses: 0xc50  Startzeit der fehlerhaften Anwendung: 0x01ce111dd404eb4d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 12562a52-7d11-11e2-baf8-002522e80768
 
Error - 22.02.2013 13:04:42 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm OTL(4).exe, Version 3.2.69.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: aa4    Startzeit:
01ce111e01eb7d3b    Endzeit: 4    Anwendungspfad: C:\Users\Acer\Downloads\OTL(4).exe    Berichts-ID:
 
 
[ System Events ]
Error - 26.09.2012 11:36:46 | Computer Name = Acer-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 26.09.2012 11:36:47 | Computer Name = Acer-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 24.10.2012 15:29:58 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 17.11.2012 15:06:09 | Computer Name = Acer-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

        Neue
 Signaturversion:      Vorherige Signaturversion: 1.139.2168.0    Aktualisierungsquelle:
%%859    Aktualisierungsphase: %%854    Quellpfad: Microsoft Deutschland | Geräte und Dienste    Signaturtyp:
%%800    Aktualisierungstyp: %%803    Benutzer: NT-AUTORITÄT\SYSTEM    Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8904.0    Fehlercode: 0x80070643    Fehlerbeschreibung: Schwerwiegender
 Fehler bei der Installation.
 
Error - 17.11.2012 15:06:14 | Computer Name = Acer-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials
 – KB2310138 (Definition 1.139.2310.0)
 
Error - 17.11.2012 15:06:56 | Computer Name = Acer-PC | Source = WMPNetworkSvc | ID = 866333
Description =
 
Error - 25.11.2012 14:07:26 | Computer Name = Acer-PC | Source = WMPNetworkSvc | ID = 866333
Description =
 
Error - 03.12.2012 13:28:32 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 03.12.2012 13:28:41 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 03.12.2012 13:29:41 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:  %%1056
 
 
< End of report >
--- --- ---

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 22.02.2013 18:48:55 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Acer\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 47,59% Memory free
6,37 Gb Paging File | 4,62 Gb Available in Paging File | 72,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 215,34 Gb Free Space | 73,41% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\Ralph\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0102FE8B-254B-40D5-9D7F-FFC79D9A0423}" = lport=10243 | protocol=6 | dir=in | app=system |
"{030F8F94-1BFC-4060-B0D7-9773B22D9D9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{1B5B6CBA-3A90-4582-9089-F332C8F7FB5E}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F2191F4-8B8C-40A1-BDD4-D0210C5644B1}" = lport=139 | protocol=6 | dir=in | app=system |
"{1FE81CE1-7D45-4863-977E-4F56A59BD922}" = rport=138 | protocol=17 | dir=out | app=system |
"{23343BD9-7F28-4BD8-9B71-2DA5DF98FC99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C4D9537-42B2-41A0-A540-F00B0D478D8B}" = rport=139 | protocol=6 | dir=out | app=system |
"{45D77A20-079E-4CFF-95E3-F6D531B2357A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{546471DB-116B-43F9-8C9A-163D9F3AA182}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7567F652-9642-4F0D-A27E-2117E02113AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{76D5E7E9-1522-4AE1-92CB-1100F719D8E1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{843E6327-1BF1-4E4C-8F24-243078861A89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9443823F-99D8-4B01-9AF7-2EA257236E53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD60B028-B1C7-4E0C-8499-0745BF8593DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE666B1D-2997-4481-86C3-5BB39A866F68}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E10A967C-2CAA-4ED0-B532-69ABC9164691}" = rport=445 | protocol=6 | dir=out | app=system |
"{E31E9FBF-DC08-4056-A755-048C26749213}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E48E4404-CA9B-4B50-82FB-643DEE564E48}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC738DD2-8E7D-4443-A517-AC4466EA61AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB9D9FA6-1CB2-4F28-8A0B-927DD02375A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBF73F83-EE14-4ED0-AB08-60D4603159D8}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C929B62-EBAD-447B-9C10-8EE1ED7176DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1050FC65-D7E4-4740-96BB-F7271D20570D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{15514EFE-1234-438D-9616-022E5B0FA596}" = protocol=6 | dir=out | app=system |
"{1B8B3054-CA7B-40B5-8469-FE9BC55449CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{254870A2-465F-4720-920A-CF8CEA628189}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{385D6BCB-099E-45C4-9A3E-FC0369EF956A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40ECCEF8-F147-45C1-AAD7-8F25512F5E60}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{471EA1DA-DEB0-496E-A84D-07EF756AEE5B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4CDFB222-B31A-47B9-AF5E-9C578BE429A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D4309E0-5886-4C60-BE07-978110C24B06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5AE6AA16-D4F1-4B21-AA9A-A264CBAE9171}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{640DB87C-F0F9-4803-B308-67B4C0924A30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ECB6A22-94E7-4442-BFFD-145EDC05B7CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A7177CD-FD0E-4F8A-9752-7DD435895C44}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{8E2ED69D-9376-4CF0-AAA2-00E2E7418A7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{940ACFE7-2CCF-4EF1-9D4B-8E2DFEBE5942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0EE29E8-5CB4-4F91-9D09-B48E99E5CA72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF4876BD-911B-4FF7-BE80-47D7C62ED40B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B27E2BD6-5348-4737-82CC-B68B71C28D57}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B47FC13D-21E4-42A2-9645-D7FE79D25A78}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{BBB45D23-12FA-4993-8E08-4C2F27B488A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BEA9861C-F3C7-477A-97AA-00DE0008C104}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C551BFB8-DD01-4C9D-9975-BA57C1D86103}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFE55414-B6AD-4AD9-A7CE-9A7AD5B33B15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBAB3F01-A59E-4E15-AAEE-2181323F5650}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDDBD26D-603D-435A-B7E0-B19B67CF8562}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E70B622F-ED5E-4409-8070-9FD5C136F25D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF4A51AB-00CD-4F06-9C08-887B215F84CD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{CC4739AF-8724-4CD0-B8F5-DE4AA2DCC808}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=6 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe |
"UDP Query User{BEFDAACB-2D02-4E1F-9904-6E9D3D83D832}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=17 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE89496-456F-4689-9FFE-41AA127B70B3}" = MAGIX Music Maker Silver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D366D527-EE72-42C2-80BC-531BB30D924A}" = MAGIX Photo Manager 10
"{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011
"{E80714D0-951E-4B4F-8716-F24C9CCC27C9}" = CK Gruß- und Einladungskarten Designer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7538994-FA9A-41AC-A390-808A6E26B971}" = MAGIX Screenshare
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES v2.0.8
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.2.93
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"IMBoosterARP" = Iminent
"MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
"MAGIX_MSI_mm17_silver" = MAGIX Music Maker Silver
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.2
"PhotoScape" = PhotoScape
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.02.2013 12:15:45 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a7000a  ID des fehlerhaften
 Prozesses: 0xf44  Startzeit der fehlerhaften Anwendung: 0x01ce1117de6f4cf7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 1c4214ec-7d0b-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:17:05 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x05a3000a  ID des fehlerhaften
 Prozesses: 0xb70  Startzeit der fehlerhaften Anwendung: 0x01ce11180d832bdc  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 4c122797-7d0b-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:17:10 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x02ca000a  ID des fehlerhaften
 Prozesses: 0xb64  Startzeit der fehlerhaften Anwendung: 0x01ce111810def1d0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 4f10f0d1-7d0b-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:28:17 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00b5000a  ID des fehlerhaften
 Prozesses: 0x11a8  Startzeit der fehlerhaften Anwendung: 0x01ce11199df657c6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: dcab4275-7d0c-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:29:07 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x04d3000a  ID des fehlerhaften
 Prozesses: 0x268  Startzeit der fehlerhaften Anwendung: 0x01ce1119bac42b6f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: fa45f386-7d0c-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:31:39 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x030e000a  ID des fehlerhaften
 Prozesses: 0x102c  Startzeit der fehlerhaften Anwendung: 0x01ce111a144a3601  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 551241ae-7d0d-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:35:03 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x04d2000a  ID des fehlerhaften
 Prozesses: 0x474  Startzeit der fehlerhaften Anwendung: 0x01ce111a8eeb9623  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: cea8e0a1-7d0d-11e2-baf8-002522e80768
 
Error - 22.02.2013 12:57:20 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12b8    Startzeit:
 01ce111b04790e01    Endzeit: 130    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 e30db135-7d10-11e2-baf8-002522e80768 
 
Error - 22.02.2013 12:58:26 | Computer Name = Acer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x04ed000a  ID des fehlerhaften
 Prozesses: 0xc50  Startzeit der fehlerhaften Anwendung: 0x01ce111dd404eb4d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 12562a52-7d11-11e2-baf8-002522e80768
 
Error - 22.02.2013 13:04:42 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm OTL(4).exe, Version 3.2.69.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: aa4    Startzeit:
01ce111e01eb7d3b    Endzeit: 4    Anwendungspfad: C:\Users\Acer\Downloads\OTL(4).exe    Berichts-ID:
 
 
[ System Events ]
Error - 26.09.2012 11:36:46 | Computer Name = Acer-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 26.09.2012 11:36:47 | Computer Name = Acer-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 24.10.2012 15:29:58 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 17.11.2012 15:06:09 | Computer Name = Acer-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

        Neue
 Signaturversion:      Vorherige Signaturversion: 1.139.2168.0    Aktualisierungsquelle:
%%859    Aktualisierungsphase: %%854    Quellpfad: Microsoft Deutschland | Geräte und Dienste    Signaturtyp:
%%800    Aktualisierungstyp: %%803    Benutzer: NT-AUTORITÄT\SYSTEM    Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8904.0    Fehlercode: 0x80070643    Fehlerbeschreibung: Schwerwiegender
 Fehler bei der Installation.
 
Error - 17.11.2012 15:06:14 | Computer Name = Acer-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials
 – KB2310138 (Definition 1.139.2310.0)
 
Error - 17.11.2012 15:06:56 | Computer Name = Acer-PC | Source = WMPNetworkSvc | ID = 866333
Description =
 
Error - 25.11.2012 14:07:26 | Computer Name = Acer-PC | Source = WMPNetworkSvc | ID = 866333
Description =
 
Error - 03.12.2012 13:28:32 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 03.12.2012 13:28:41 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 03.12.2012 13:29:41 | Computer Name = Acer-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:  %%1056
 
 
< End of report >
--- --- ---

fantie 22.02.2013 18:57
OTL Logfile:
Code:
OTL logfile created on: 22.02.2013 18:48:55 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Acer\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 47,59% Memory free
6,37 Gb Paging File | 4,62 Gb Available in Paging File | 72,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 215,34 Gb Free Space | 73,41% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Acer\Downloads\OTL(5).exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ddbbfda715843c275166d3867d28e67a\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (cpuz135) -- D:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys (CPUID)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 58 79 58 C7 4B CD 01  [binary data]
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=homepage
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI"
FF - prefs.js..extensions.enabledAddons: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}:10.13.40.15
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.11 19:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.02 10:59:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.19 12:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2013.02.22 17:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ghp7knlq.default\extensions
[2012.12.25 16:04:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ghp7knlq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2012.12.25 16:04:28 | 000,001,064 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\mozilla\firefox\profiles\ghp7knlq.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2012.06.17 16:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.02 10:59:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-370788336-4045942230-824405379-1003\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\Run: [ASRockIES]  File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\Run: [ASRockOCTuner]  File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [ljyrunnu] C:\Users\Ralph\AppData\Local\Temp\Llrn\fezqkunnu.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [mhwxelle] C:\Users\Ralph\AppData\Local\Temp\Gepy\pgkymfwelle.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [mixerd] C:\Users\Ralph\AppData\Roaming\mixerd.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1003..\Run: [Vekiuwule] C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{342748DA-103B-4BD7-9A8D-3A3A35BED687}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0DF9C30-4BA1-41D0-A66F-25C127C5BBFF}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.22 17:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.22 17:25:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.22 17:25:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.18 19:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.18 19:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.18 19:55:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.14 16:40:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 16:40:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 16:40:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 16:40:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 16:40:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 16:40:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 16:40:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 16:40:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 16:40:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 16:40:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 16:40:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 16:40:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 16:40:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 16:40:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 16:40:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.14 15:53:43 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 15:53:41 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.14 15:53:41 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.14 15:53:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.14 15:53:33 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.14 15:53:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.14 15:53:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.14 15:53:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.14 15:53:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.14 15:53:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.14 15:53:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.14 15:53:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.14 15:53:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.14 15:53:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.14 15:53:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.14 15:53:25 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.02.06 20:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.06 20:24:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:24:04 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.22 18:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.22 17:42:54 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.22 17:14:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 17:14:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 17:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.22 17:09:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.02.22 17:09:13 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 16:50:45 | 000,376,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 16:43:33 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 16:43:33 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 16:43:33 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 16:43:33 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 16:43:33 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.11 21:23:02 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.11 19:38:27 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.11 19:38:26 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.06 20:23:58 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.06 20:23:55 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:23:54 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.06 20:23:54 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2013.02.22 17:42:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.22 17:42:54 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.06.17 17:04:16 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.17 12:45:41 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.06.17 12:45:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.11 19:34:32 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoft
[2013.02.11 19:34:04 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.16 16:54:55 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Foxit Software
[2012.06.16 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Iminent
[2012.08.15 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Lexware
[2012.06.16 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\MAGIX
[2012.06.16 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OpenOffice.org
[2012.07.05 13:04:27 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\PhotoScape
[2013.01.22 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoft
[2012.07.10 14:04:19 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Foxit Software
[2012.06.16 17:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Iminent
[2012.08.17 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Lexware
[2012.12.03 12:31:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\MAGIX
[2012.06.17 15:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org
[2012.08.03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PhotoScape
[2013.02.22 09:45:34 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Bafeyz
[2012.12.25 16:11:14 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DVDVideoSoft
[2013.02.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FILEminimizerPictures
[2012.07.28 14:04:23 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Foxit Software
[2012.06.16 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Iminent
[2013.02.22 13:16:32 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Ipidy
[2013.02.22 09:45:34 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Kuev
[2012.08.16 07:49:29 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Lexware
[2012.06.20 21:01:07 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MAGIX
[2012.06.17 14:06:15 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\OpenOffice.org
[2012.08.07 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PhotoScape
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Sorry, falls ich etwas doppelt gemacht habe, bin leider nur Buchhalterin und computertechnisch nicht so bewandert. Ist keine böse Absicht

cosinus 22.02.2013 22:51
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?



Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

fantie 23.02.2013 00:43
Vielen Dankk für deine schnelle Antwort. Es handelt sich um meinen privaten Computer zu Hause.
Habe im Moment Probleme mit Modzilla Firefox. Kann nur im abgesicherten Modus arbeiten.
Beim Starten des Computers erscheint jetzt immer eine Fehlermeldung:

fezqkunnu.exe Anwendungsfehler: Die Anwendung konnte nicht korrekt gestartet werden
(0xc0000018). Klicken Sie auf "OK", um die Anwendung zu schließen:

cosinus 23.02.2013 01:00
Zitat:
fezqkunnu.exe Anwendungsfehler: Die Anwendung konnte nicht korrekt gestartet werden
(0xc0000018). Klicken Sie auf "OK", um die Anwendung zu schließen:
Und? Schön, ist Teil des Problems, was ist mit den weiteren Logs von GMER und MBAR?

fantie 23.02.2013 02:43
---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 4 bytes [68, 93, 5C, 17]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000770208b1 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 4 bytes [68, FA, B0, 16]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007617724b 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 4 bytes [68, 39, B1, 16]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000761779dd 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 4 bytes [68, 5F, B0, 16]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076180e9f 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 4 bytes [68, EF, AF, 16]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076180ebf 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 4 bytes [68, EE, 59, 17]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076182ed6 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 4 bytes [68, 9F, B0, 16]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076183006 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 4 bytes [68, 68, FC, 16]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761d8960 1 byte [C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 17, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 16, 00, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 35, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 34, 05, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 34, 05, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\KERNEL32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\KERNEL32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 1B, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 1A, 02, C3]
.text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 1A, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\crypt32.DLL!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 1F, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\WINMM.dll!PlaySoundW 0000000072072d12 6 bytes [68, E2, 60, 20, 02, C3]
.text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\WINMM.dll!PlaySound 0000000072093dad 6 bytes [68, BB, 60, 20, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 89, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 88, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 88, 02, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 4 bytes [68, 93, 5C, 33]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000770208b1 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 4 bytes [68, FA, B0, 32]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007617724b 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 4 bytes [68, 39, B1, 32]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000761779dd 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 4 bytes [68, 5F, B0, 32]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076180e9f 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 4 bytes [68, EF, AF, 32]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076180ebf 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 4 bytes [68, EE, 59, 33]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076182ed6 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 4 bytes [68, 9F, B0, 32]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076183006 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 4 bytes [68, 68, FC, 32]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761d8960 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 32, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 33, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 32, 00, C3]
.text C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe[3116] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 42, 00, C3]
.text C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe[3116] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 42, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 4 bytes [68, 93, 5C, B3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000770208b1 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 4 bytes [68, FA, B0, B2]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007617724b 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 4 bytes [68, 39, B1, B2]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000761779dd 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 4 bytes [68, 5F, B0, B2]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076180e9f 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 4 bytes [68, EF, AF, B2]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076180ebf 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 4 bytes [68, EE, 59, B3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076182ed6 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 4 bytes [68, 9F, B0, B2]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076183006 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 4 bytes [68, 68, FC, B2]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761d8960 1 byte [C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, B2, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, B3, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007701f941 8 bytes {MOV EDX, 0xd03e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007701f94b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007701f9bd 8 bytes {MOV EDX, 0xd01a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007701f9c7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007701fad5 8 bytes {MOV EDX, 0xd0168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007701fadf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007701fb85 8 bytes {MOV EDX, 0xd0428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007701fb8f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007701fbb5 8 bytes {MOV EDX, 0xd0368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007701fbbf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007701fbcd 8 bytes {MOV EDX, 0xd0128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007701fbd7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007701fbe5 8 bytes {MOV EDX, 0xd04e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007701fbef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007701fc15 8 bytes {MOV EDX, 0xd0528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007701fc1f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007701fc95 8 bytes {MOV EDX, 0xd04a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007701fc9f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007701fcad 8 bytes {MOV EDX, 0xd0468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007701fcb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007701fcf9 8 bytes {MOV EDX, 0xd0068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007701fd03 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007701fd5d 8 bytes {MOV EDX, 0xd02e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007701fd67 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007701fdf1 8 bytes {MOV EDX, 0xd00a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007701fdfb 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007701ff39 8 bytes {MOV EDX, 0xd02a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007701ff43 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077020049 8 bytes {MOV EDX, 0xd0028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077020053 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077020731 8 bytes {MOV EDX, 0xd0268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007702073b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077020fad 8 bytes {MOV EDX, 0xd01e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077020fb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007702100d 8 bytes {MOV EDX, 0xd0228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077021017 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077021055 8 bytes {MOV EDX, 0xd03a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 000000007702105f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000770210cd 8 bytes {MOV EDX, 0xd0328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 00000000770210d7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000770212d1 8 bytes {MOV EDX, 0xd00e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 00000000770212db 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074e8102d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000074e81062 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 000000007533119f 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000753311cf 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000753d4df0 5 bytes JMP 00000001000f03b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000753d4eb0 5 bytes JMP 00000001000f05f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000753d50eb 5 bytes JMP 00000001000f08f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000753d5176 5 bytes JMP 00000001000f0a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000753d5689 5 bytes JMP 00000001000f01b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000753d5876 5 bytes JMP 00000001000f0170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000753d6abf 5 bytes JMP 00000001000f0370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000753d6e3b 5 bytes JMP 00000001000f0570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000753d6ee3 5 bytes JMP 00000001000f0530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000753d6fb9 5 bytes JMP 00000001000f06b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000753d726e 5 bytes JMP 00000001000f0770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000753d7a94 5 bytes JMP 00000001000f03f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000753d7ca5 5 bytes JMP 00000001000f0d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000753d7e47 5 bytes JMP 00000001000f0e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000753d8080 5 bytes JMP 00000001000f09f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000753d834a 5 bytes JMP 00000001000f0970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000753d86b6 5 bytes JMP 00000001000f0470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000753d89e9 5 bytes JMP 00000001000f02f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000753d8c0d 5 bytes JMP 00000001000f05b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000753d95f4 5 bytes JMP 00000001000f00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000753d988e 5 bytes JMP 00000001000f0330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000753dac0a 5 bytes JMP 00000001000f0d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000753daf37 5 bytes JMP 00000001000f0c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000753db7c5 5 bytes JMP 00000001000f09b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!LineTo 00000000753dbba5 5 bytes JMP 00000001000f0430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000753dbf60 5 bytes JMP 00000001000f0db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000753dc208 5 bytes JMP 00000001000f0130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000753dc4db 5 bytes JMP 00000001000f0670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000753dc6f6 5 bytes JMP 00000001000f06f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000753dcfb9 5 bytes JMP 00000001000f0df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000753dd0d5 5 bytes JMP 00000001000f0630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000753dd8bf 5 bytes JMP 00000001000f0930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000753de45d 5 bytes JMP 00000001000f00f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000753dfd24 5 bytes JMP 00000001000f02b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!Escape 00000000753e13bd 5 bytes JMP 00000001000f0270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000753e18d0 5 bytes JMP 00000001000f0cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000753e4bd0 5 bytes JMP 00000001000f0b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000753e4d07 5 bytes JMP 00000001000f0b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!EndPage 00000000753e6665 5 bytes JMP 00000001000f0230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000753ee135 5 bytes JMP 00000001000f0ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000753f93cd 5 bytes JMP 00000001000f0cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000753fc5d9 5 bytes JMP 00000001000f0bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000753fd26a 5 bytes JMP 00000001000f0bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000753fd8d1 5 bytes JMP 00000001000f0c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000075403acc 5 bytes JMP 00000001000f0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000075403f19 5 bytes JMP 00000001000f01f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StartPage 000000007540400a 5 bytes JMP 00000001000f0730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000075404c41 5 bytes JMP 00000001000f07f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000754053ed 5 bytes JMP 00000001000f0830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000075405444 5 bytes JMP 00000001000f0af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CloseFigure 000000007540549f 5 bytes JMP 00000001000f0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!EndPath 00000000754054f6 5 bytes JMP 00000001000f0a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007540572f 5 bytes JMP 00000001000f07b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!FillPath 00000000754057c2 5 bytes JMP 00000001000f0870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000075405c34 5 bytes JMP 00000001000f04f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000075405cc5 5 bytes JMP 00000001000f04b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000075405d77 5 bytes JMP 00000001000f08b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!MapWindowPoints 000000007617819d 5 bytes JMP 0000000100100570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 000000007617c55d 5 bytes JMP 00000001001002b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000761805ff 5 bytes JMP 00000001001002f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000761808e5 7 bytes JMP 00000001001005b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetParent 0000000076180b0e 7 bytes JMP 00000001001006f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000076180cd5 7 bytes JMP 00000001001006b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076180f14 5 bytes JMP 00000001001005f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000761827db 7 bytes JMP 0000000100100630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007618361b 7 bytes JMP 0000000100100670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076184076 5 bytes JMP 0000000100100530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000076187a54 7 bytes JMP 0000000100100730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000761887c9 5 bytes JMP 00000001001000f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000761887e9 5 bytes JMP 0000000100100330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764]

fantie 23.02.2013 02:49
C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000761891f4 5 bytes JMP 00000001001000b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000076189232 5 bytes JMP 0000000100100070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000076189485 5 bytes JMP 00000001001004f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 000000007618b779 5 bytes JMP 00000001001001b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007618b798 5 bytes JMP 00000001001003f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 000000007618b7b6 5 bytes JMP 00000001001001f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007618b7e6 5 bytes JMP 00000001001004b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 000000007618cee9 5 bytes JMP 0000000100100370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000076190880 5 bytes JMP 0000000100100230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007619ec67 5 bytes JMP 0000000100100430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 000000007619f66f 5 bytes JMP 0000000100100270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000761b8de7 5 bytes JMP 0000000100100170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 5 bytes JMP 00000001037859b1
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 5 bytes JMP 000000010377b9db
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!EmptyClipboard 00000000761d7e49 5 bytes JMP 0000000100100130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000761d82a1 5 bytes JMP 0000000100100470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000761d84bf 5 bytes JMP 00000001001003b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000746f9556 5 bytes JMP 00000001002100f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 00000000747004d3 5 bytes JMP 0000000100210130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074700b0b 5 bytes JMP 0000000100210270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074700b80 5 bytes JMP 00000001002101b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074700e80 5 bytes JMP 0000000100210070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074700fe8 5 bytes JMP 00000001002100b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000747011a0 5 bytes JMP 00000001002101f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000747011ef 5 bytes JMP 0000000100210230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074701479 5 bytes JMP 0000000100210030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 00000000747014e2 5 bytes JMP 0000000100210170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000074d6f2fe 5 bytes JMP 0000000100220030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000074d72489 5 bytes JMP 0000000100220070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000074d9f825 5 bytes JMP 00000001002200b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 77, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 78, 03, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 78, 03, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\svchost.exe [1492:2764] 000007fef6f72888
Thread C:\Windows\SysWOW64\svchost.exe [3020:2792] 000000007ef90000
Thread C:\Windows\SysWOW64\svchost.exe [3020:2788] 000000007ef93177
Thread C:\Windows\SysWOW64\svchost.exe [3020:3112] 000000007ef96b9b
Thread C:\Windows\SysWOW64\svchost.exe [3020:4064] 000000007efa1486
Thread C:\Windows\SysWOW64\svchost.exe [3020:4068] 000000007ef95538
Thread C:\Windows\SysWOW64\svchost.exe [3020:3924] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:3896] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:236] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:3488] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:616] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4076] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:3304] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:2292] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4184] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4208] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4216] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4240] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4252] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4268] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4288] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4300] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4320] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4412] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4448] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4488] 000000007ef95ab0
Thread C:\Windows\SysWOW64\svchost.exe [3020:4508] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4516] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4532] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4548] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4572] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4648] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4652] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4656] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4756] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4780] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4824] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4844] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4852] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4856] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4936] 000000007ef95beb
Thread C:\Windows\SysWOW64\svchost.exe [3020:4912] 000000007ef98a3d
Thread C:\Windows\SysWOW64\svchost.exe [3020:2536] 000000007ef98a3d
Thread C:\Windows\SysWOW64\svchost.exe [3020:4616] 000000007ef98a3d

---- EOF - GMER 2.1 ----

cosinus 23.02.2013 03:31
Die Logs sollten in CODE-Tags gepostet werden! Wenn zu groß dann nur das zu große Log zippen und hier anhängen
außerdem fehlt das Log von MBAR

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

fantie 23.02.2013 04:04
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.22.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Acer :: ACER-PC [administrator]

23.02.2013 03:30:24
mbar-log-2013-02-23 (03-30-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28297
Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Ralph\Downloads\7 zip.exe (PUP.Offerware) -> Delete on reboot.

(end)

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
Malwarebytes : Free anti-malware download

Database version: v2013.02.22.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Acer :: ACER-PC [administrator]

23.02.2013 03:30:24
mbar-log-2013-02-23 (03-30-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28297
Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Ralph\Downloads\7 zip.exe (PUP.Offerware) -> Delete on reboot.

(end)

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
Malwarebytes : Free anti-malware download

Database version: v2013.02.23.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Acer :: ACER-PC [administrator]

23.02.2013 03:47:31
mbar-log-2013-02-23 (03-47-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28292
Time elapsed: 10 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Es tut mir wirklich sehr leid, wenn ich dir Umstände bereite, aber als unerfahrene 50jährige Frau habe ich mein Bestes gegeben und bin jetzt auch vollkommen mit durch. Ich hoffe, du kannst trotzdem etwas damit anfangen und übst etwas Nachsicht. Habe auch versucht, Codes-Tags hinzubekommen, ist mir leider nicht geglückt, da fehlt dann doch einiges an Fachwissen. Wusste bis gestern nicht mal was Log-files sind und wie sie erstellt werden. Habe mich da auch durch das Forum gewurschtelt. Aber jetzt sehe ich auch nicht mehr durch und hoffe, du hilfst mir trotzdem weiter. Dafür schon mal vielen Dank im Voraus.

cosinus 23.02.2013 04:48
aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

fantie 23.02.2013 12:50
Hallo, habe jetzt ein Riesenproblem. Mein Computer ist jetzt angeblich vom Bundesamt für Sicherheit gesperrt worden und ich soll 100 € sofort bezahlen. Kann an meinem Rechner nichts mehr machen. Empfänge meine Emails übers IPhone. Ist noch was zu retten??

Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-23 15:50:56
-----------------------------
15:50:56.638    OS Version: Windows x64 6.1.7600
15:50:56.638    Number of processors: 4 586 0xF0B
15:50:56.638    ComputerName: ACER-PC  UserName: Acer
15:50:57.408    Initialize success
15:52:21.472    AVAST engine defs: 13022300
15:52:44.045    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:52:44.045    Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
15:52:44.060    Disk 0 MBR read successfully
15:52:44.060    Disk 0 MBR scan
15:52:44.076    Disk 0 Windows 7 default MBR code
15:52:44.076    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        9993 MB offset 63
15:52:44.091    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      300374 MB offset 20467712
15:52:44.107    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      300111 MB offset 635633664
15:52:44.123    Disk 0 scanning C:\Windows\system32\drivers
15:52:50.193    Service scanning
15:53:03.495    Modules scanning
15:53:03.495    Disk 0 trace - called modules:
15:53:03.515    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
15:53:03.525    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800377e060]
15:53:03.525    3 CLASSPNP.SYS[fffff8800196043f] -> nt!IofCallDriver -> [0xfffffa8003528520]
15:53:03.535    5 ACPI.sys[fffff88000f3b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8003525060]
15:53:04.625    AVAST engine scan C:\Windows
15:53:06.010    AVAST engine scan C:\Windows\system32
15:54:54.602    AVAST engine scan C:\Windows\system32\drivers
15:55:01.700    AVAST engine scan C:\Users\Acer
15:55:37.707    AVAST engine scan C:\ProgramData
15:57:20.125    Disk 0 MBR has been saved successfully to "C:\Users\Acer\Documents\MBR.dat"
15:57:20.125    The log file has been saved successfully to "C:\Users\Acer\Documents\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-23 15:50:56
-----------------------------
15:50:56.638    OS Version: Windows x64 6.1.7600
15:50:56.638    Number of processors: 4 586 0xF0B
15:50:56.638    ComputerName: ACER-PC  UserName: Acer
15:50:57.408    Initialize success
15:52:21.472    AVAST engine defs: 13022300
15:52:44.045    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:52:44.045    Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
15:52:44.060    Disk 0 MBR read successfully
15:52:44.060    Disk 0 MBR scan
15:52:44.076    Disk 0 Windows 7 default MBR code
15:52:44.076    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        9993 MB offset 63
15:52:44.091    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      300374 MB offset 20467712
15:52:44.107    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      300111 MB offset 635633664
15:52:44.123    Disk 0 scanning C:\Windows\system32\drivers
15:52:50.193    Service scanning
15:53:03.495    Modules scanning
15:53:03.495    Disk 0 trace - called modules:
15:53:03.515    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
15:53:03.525    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800377e060]
15:53:03.525    3 CLASSPNP.SYS[fffff8800196043f] -> nt!IofCallDriver -> [0xfffffa8003528520]
15:53:03.535    5 ACPI.sys[fffff88000f3b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8003525060]
15:53:04.625    AVAST engine scan C:\Windows
15:53:06.010    AVAST engine scan C:\Windows\system32
15:54:54.602    AVAST engine scan C:\Windows\system32\drivers
15:55:01.700    AVAST engine scan C:\Users\Acer
15:55:37.707    AVAST engine scan C:\ProgramData
15:57:20.125    Disk 0 MBR has been saved successfully to "C:\Users\Acer\Documents\MBR.dat"
15:57:20.125    The log file has been saved successfully to "C:\Users\Acer\Documents\aswMBR.txt"
15:57:22.090    Scan finished successfully
15:57:37.243    Disk 0 MBR has been saved successfully to "C:\Users\Acer\Documents\MBR.dat"
15:57:37.259    The log file has been saved successfully to "C:\Users\Acer\Documents\aswMBR.txt"
Code:
16:31:52.0920 4584  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:31:53.0091 4584  ============================================================
16:31:53.0091 4584  Current date / time: 2013/02/23 16:31:53.0091
16:31:53.0091 4584  SystemInfo:
16:31:53.0091 4584 
16:31:53.0091 4584  OS Version: 6.1.7600 ServicePack: 0.0
16:31:53.0091 4584  Product type: Workstation
16:31:53.0091 4584  ComputerName: ACER-PC
16:31:53.0091 4584  UserName: Acer
16:31:53.0091 4584  Windows directory: C:\Windows
16:31:53.0091 4584  System windows directory: C:\Windows
16:31:53.0091 4584  Running under WOW64
16:31:53.0091 4584  Processor architecture: Intel x64
16:31:53.0091 4584  Number of processors: 4
16:31:53.0091 4584  Page size: 0x1000
16:31:53.0091 4584  Boot type: Normal boot
16:31:53.0091 4584  ============================================================
16:31:54.0261 4584  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:31:54.0480 4584  ============================================================
16:31:54.0480 4584  \Device\Harddisk0\DR0:
16:31:54.0480 4584  MBR partitions:
16:31:54.0480 4584  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1385000, BlocksNum 0x24AAB000
16:31:54.0480 4584  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25E30000, BlocksNum 0x24A27800
16:31:54.0480 4584  ============================================================
16:31:54.0511 4584  C: <-> \Device\Harddisk0\DR0\Partition1
16:31:54.0558 4584  D: <-> \Device\Harddisk0\DR0\Partition2
16:31:54.0558 4584  ============================================================
16:31:54.0558 4584  Initialize success
16:31:54.0558 4584  ============================================================
16:32:27.0125 1916  ============================================================
16:32:27.0125 1916  Scan started
16:32:27.0125 1916  Mode: Manual; SigCheck; TDLFS;
16:32:27.0125 1916  ============================================================
16:32:27.0561 1916  ================ Scan system memory ========================
16:32:27.0561 1916  System memory - ok
16:32:27.0561 1916  ================ Scan services =============================
16:32:27.0671 1916  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
16:32:27.0717 1916  1394ohci - ok
16:32:27.0733 1916  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
16:32:27.0749 1916  ACPI - ok
16:32:27.0749 1916  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi        C:\Windows\system32\DRIVERS\acpipmi.sys
16:32:27.0764 1916  AcpiPmi - ok
16:32:27.0842 1916  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:32:27.0858 1916  AdobeARMservice - ok
16:32:27.0920 1916  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:32:27.0936 1916  AdobeFlashPlayerUpdateSvc - ok
16:32:27.0967 1916  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
16:32:27.0998 1916  adp94xx - ok
16:32:28.0014 1916  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
16:32:28.0029 1916  adpahci - ok
16:32:28.0045 1916  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
16:32:28.0061 1916  adpu320 - ok
16:32:28.0076 1916  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
16:32:28.0107 1916  AeLookupSvc - ok
16:32:28.0139 1916  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD            C:\Windows\system32\drivers\afd.sys
16:32:28.0154 1916  AFD - ok
16:32:28.0170 1916  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
16:32:28.0185 1916  agp440 - ok
16:32:28.0201 1916  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
16:32:28.0217 1916  ALG - ok
16:32:28.0217 1916  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
16:32:28.0232 1916  aliide - ok
16:32:28.0232 1916  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
16:32:28.0248 1916  amdide - ok
16:32:28.0263 1916  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
16:32:28.0279 1916  AmdK8 - ok
16:32:28.0295 1916  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:32:28.0295 1916  AmdPPM - ok
16:32:28.0326 1916  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
16:32:28.0341 1916  amdsata - ok
16:32:28.0341 1916  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:32:28.0357 1916  amdsbs - ok
16:32:28.0373 1916  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata        C:\Windows\system32\drivers\amdxata.sys
16:32:28.0388 1916  amdxata - ok
16:32:28.0404 1916  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID          C:\Windows\system32\drivers\appid.sys
16:32:28.0419 1916  AppID - ok
16:32:28.0419 1916  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:32:28.0466 1916  AppIDSvc - ok
16:32:28.0466 1916  [ D065BE66822847B7F127D1F90158376E ] Appinfo        C:\Windows\System32\appinfo.dll
16:32:28.0482 1916  Appinfo - ok
16:32:28.0529 1916  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:32:28.0544 1916  Apple Mobile Device - ok
16:32:28.0560 1916  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt        C:\Windows\System32\appmgmts.dll
16:32:28.0575 1916  AppMgmt - ok
16:32:28.0591 1916  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
16:32:28.0607 1916  arc - ok
16:32:28.0622 1916  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:32:28.0622 1916  arcsas - ok
16:32:28.0653 1916  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:32:28.0685 1916  AsyncMac - ok
16:32:28.0685 1916  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\DRIVERS\atapi.sys
16:32:28.0700 1916  atapi - ok
16:32:28.0716 1916  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:32:28.0763 1916  AudioEndpointBuilder - ok
16:32:28.0778 1916  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:32:28.0809 1916  AudioSrv - ok
16:32:28.0825 1916  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:32:28.0841 1916  AxInstSV - ok
16:32:28.0856 1916  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
16:32:28.0872 1916  b06bdrv - ok
16:32:28.0903 1916  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:32:28.0919 1916  b57nd60a - ok
16:32:28.0919 1916  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:32:28.0934 1916  BDESVC - ok
16:32:28.0965 1916  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:32:28.0997 1916  Beep - ok
16:32:29.0028 1916  [ 4992C609A6315671463E30F6512BC022 ] BFE            C:\Windows\System32\bfe.dll
16:32:29.0059 1916  BFE - ok
16:32:29.0090 1916  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
16:32:29.0121 1916  BITS - ok
16:32:29.0137 1916  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:32:29.0153 1916  blbdrive - ok
16:32:29.0199 1916  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:32:29.0215 1916  Bonjour Service - ok
16:32:29.0231 1916  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:32:29.0246 1916  bowser - ok
16:32:29.0246 1916  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:32:29.0262 1916  BrFiltLo - ok
16:32:29.0277 1916  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:32:29.0293 1916  BrFiltUp - ok
16:32:29.0324 1916  [ 6B054C67AAA87843504E8E3C09102009 ] Browser        C:\Windows\System32\browser.dll
16:32:29.0340 1916  Browser - ok
16:32:29.0355 1916  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
16:32:29.0371 1916  Brserid - ok
16:32:29.0371 1916  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:32:29.0387 1916  BrSerWdm - ok
16:32:29.0402 1916  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:32:29.0418 1916  BrUsbMdm - ok
16:32:29.0418 1916  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:32:29.0433 1916  BrUsbSer - ok
16:32:29.0433 1916  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:32:29.0449 1916  BTHMODEM - ok
16:32:29.0465 1916  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
16:32:29.0496 1916  bthserv - ok
16:32:29.0511 1916  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:32:29.0543 1916  cdfs - ok
16:32:29.0558 1916  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
16:32:29.0558 1916  cdrom - ok
16:32:29.0589 1916  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc    C:\Windows\System32\certprop.dll
16:32:29.0621 1916  CertPropSvc - ok
16:32:29.0621 1916  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:32:29.0636 1916  circlass - ok
16:32:29.0652 1916  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:32:29.0667 1916  CLFS - ok
16:32:29.0714 1916  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:32:29.0730 1916  clr_optimization_v2.0.50727_32 - ok
16:32:29.0761 1916  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:32:29.0777 1916  clr_optimization_v2.0.50727_64 - ok
16:32:29.0823 1916  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:32:29.0839 1916  clr_optimization_v4.0.30319_32 - ok
16:32:29.0855 1916  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:32:29.0870 1916  clr_optimization_v4.0.30319_64 - ok
16:32:29.0886 1916  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:32:29.0901 1916  CmBatt - ok
16:32:29.0917 1916  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
16:32:29.0933 1916  cmdide - ok
16:32:29.0979 1916  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG            C:\Windows\system32\Drivers\cng.sys
16:32:30.0011 1916  CNG - ok
16:32:30.0026 1916  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:32:30.0042 1916  Compbatt - ok
16:32:30.0073 1916  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:32:30.0104 1916  CompositeBus - ok
16:32:30.0104 1916  COMSysApp - ok
16:32:30.0182 1916  [ 8F5B84350BFC4FE3A65D921B4BD0E737 ] cpuz135        D:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys
16:32:30.0213 1916  cpuz135 - ok
16:32:30.0229 1916  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
16:32:30.0245 1916  crcdisk - ok
16:32:30.0260 1916  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:32:30.0276 1916  CryptSvc - ok
16:32:30.0291 1916  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC            C:\Windows\system32\drivers\csc.sys
16:32:30.0307 1916  CSC - ok
16:32:30.0338 1916  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
16:32:30.0354 1916  CscService - ok
16:32:30.0385 1916  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:32:30.0416 1916  DcomLaunch - ok
16:32:30.0447 1916  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
16:32:30.0479 1916  defragsvc - ok
16:32:30.0510 1916  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:32:30.0525 1916  DfsC - ok
16:32:30.0541 1916  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:32:30.0557 1916  Dhcp - ok
16:32:30.0572 1916  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:32:30.0603 1916  discache - ok
16:32:30.0635 1916  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:32:30.0635 1916  Disk - ok
16:32:30.0666 1916  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:32:30.0681 1916  Dnscache - ok
16:32:30.0697 1916  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc        C:\Windows\System32\dot3svc.dll
16:32:30.0728 1916  dot3svc - ok
16:32:30.0744 1916  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS            C:\Windows\system32\dps.dll
16:32:30.0775 1916  DPS - ok
16:32:30.0791 1916  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
16:32:30.0806 1916  drmkaud - ok
16:32:30.0837 1916  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
16:32:30.0853 1916  DXGKrnl - ok
16:32:30.0869 1916  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
16:32:30.0900 1916  EapHost - ok
16:32:30.0978 1916  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
16:32:31.0025 1916  ebdrv - ok
16:32:31.0040 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS            C:\Windows\System32\lsass.exe
16:32:31.0056 1916  EFS - ok
16:32:31.0103 1916  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
16:32:31.0118 1916  ehRecvr - ok
16:32:31.0149 1916  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
16:32:31.0149 1916  ehSched - ok
16:32:31.0196 1916  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
16:32:31.0212 1916  elxstor - ok
16:32:31.0227 1916  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
16:32:31.0227 1916  ErrDev - ok
16:32:31.0259 1916  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
16:32:31.0290 1916  EventSystem - ok
16:32:31.0305 1916  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
16:32:31.0337 1916  exfat - ok
16:32:31.0368 1916  Fabs - ok
16:32:31.0383 1916  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
16:32:31.0415 1916  fastfat - ok
16:32:31.0446 1916  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax            C:\Windows\system32\fxssvc.exe
16:32:31.0461 1916  Fax - ok
16:32:31.0477 1916  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
16:32:31.0477 1916  fdc - ok
16:32:31.0493 1916  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
16:32:31.0524 1916  fdPHost - ok
16:32:31.0539 1916  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:32:31.0571 1916  FDResPub - ok
16:32:31.0586 1916  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:32:31.0586 1916  FileInfo - ok
16:32:31.0602 1916  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
16:32:31.0633 1916  Filetrace - ok
16:32:31.0695 1916  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:32:31.0742 1916  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
16:32:31.0742 1916  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
16:32:31.0758 1916  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:32:31.0773 1916  flpydisk - ok
16:32:31.0805 1916  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:32:31.0820 1916  FltMgr - ok
16:32:31.0945 1916  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache      C:\Windows\system32\FntCache.dll
16:32:31.0976 1916  FontCache - ok
16:32:32.0007 1916  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:32:32.0023 1916  FontCache3.0.0.0 - ok
16:32:32.0039 1916  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
16:32:32.0054 1916  FsDepends - ok
16:32:32.0070 1916  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:32:32.0085 1916  Fs_Rec - ok
16:32:32.0117 1916  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:32:32.0132 1916  fvevol - ok
16:32:32.0148 1916  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:32:32.0163 1916  gagp30kx - ok
16:32:32.0179 1916  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:32:32.0195 1916  GEARAspiWDM - ok
16:32:32.0226 1916  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc          C:\Windows\System32\gpsvc.dll
16:32:32.0241 1916  gpsvc - ok
16:32:32.0257 1916  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:32:32.0273 1916  hcw85cir - ok
16:32:32.0288 1916  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:32:32.0304 1916  HDAudBus - ok
16:32:32.0304 1916  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
16:32:32.0319 1916  HidBatt - ok
16:32:32.0319 1916  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:32:32.0335 1916  HidBth - ok
16:32:32.0351 1916  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
16:32:32.0366 1916  HidIr - ok
16:32:32.0382 1916  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
16:32:32.0413 1916  hidserv - ok
16:32:32.0444 1916  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:32:32.0460 1916  HidUsb - ok
16:32:32.0475 1916  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:32:32.0507 1916  hkmsvc - ok
16:32:32.0507 1916  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:32:32.0522 1916  HomeGroupListener - ok
16:32:32.0553 1916  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:32:32.0569 1916  HomeGroupProvider - ok
16:32:32.0585 1916  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
16:32:32.0600 1916  HpSAMD - ok
16:32:32.0616 1916  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:32:32.0663 1916  HTTP - ok
16:32:32.0678 1916  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:32:32.0678 1916  hwpolicy - ok
16:32:32.0709 1916  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:32:32.0725 1916  i8042prt - ok
16:32:32.0756 1916  [ B75E45C564E944A2657167D197AB29DA ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
16:32:32.0772 1916  iaStorV - ok
16:32:32.0803 1916  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:32:32.0819 1916  idsvc - ok
16:32:32.0850 1916  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
16:32:32.0850 1916  iirsp - ok
16:32:32.0881 1916  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
16:32:32.0928 1916  IKEEXT - ok
16:32:32.0975 1916  [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:32:33.0021 1916  IntcAzAudAddService - ok
16:32:33.0037 1916  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
16:32:33.0053 1916  intelide - ok
16:32:33.0053 1916  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:32:33.0068 1916  intelppm - ok
16:32:33.0084 1916  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
16:32:33.0115 1916  IPBusEnum - ok
16:32:33.0131 1916  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:32:33.0162 1916  IpFilterDriver - ok
16:32:33.0177 1916  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:32:33.0224 1916  iphlpsvc - ok
16:32:33.0224 1916  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV        C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:32:33.0240 1916  IPMIDRV - ok
16:32:33.0255 1916  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
16:32:33.0287 1916  IPNAT - ok
16:32:33.0318 1916  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:32:33.0349 1916  iPod Service - ok
16:32:33.0365 1916  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:32:33.0380 1916  IRENUM - ok
16:32:33.0380 1916  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
16:32:33.0396 1916  isapnp - ok
16:32:33.0411 1916  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:32:33.0411 1916  iScsiPrt - ok
16:32:33.0427 1916  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:32:33.0443 1916  kbdclass - ok
16:32:33.0458 1916  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:32:33.0474 1916  kbdhid - ok
16:32:33.0474 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
16:32:33.0489 1916  KeyIso - ok
16:32:33.0505 1916  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:32:33.0521 1916  KSecDD - ok
16:32:33.0536 1916  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
16:32:33.0552 1916  KSecPkg - ok
16:32:33.0567 1916  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
16:32:33.0599 1916  ksthunk - ok
16:32:33.0614 1916  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
16:32:33.0661 1916  KtmRm - ok
16:32:33.0677 1916  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:32:33.0692 1916  LanmanServer - ok
16:32:33.0708 1916  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:32:33.0755 1916  LanmanWorkstation - ok
16:32:33.0770 1916  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:32:33.0801 1916  lltdio - ok
16:32:33.0817 1916  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
16:32:33.0848 1916  lltdsvc - ok
16:32:33.0879 1916  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
16:32:33.0911 1916  lmhosts - ok
16:32:33.0942 1916  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:32:33.0942 1916  LSI_FC - ok
16:32:33.0957 1916  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
16:32:33.0973 1916  LSI_SAS - ok
16:32:33.0989 1916  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:32:34.0004 1916  LSI_SAS2 - ok
16:32:34.0004 1916  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:32:34.0020 1916  LSI_SCSI - ok
16:32:34.0051 1916  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
16:32:34.0082 1916  luafv - ok
16:32:34.0191 1916  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64        C:\Windows\system32\DRIVERS\lvuvc64.sys
16:32:34.0269 1916  LVUVC64 - ok
16:32:34.0285 1916  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
16:32:34.0301 1916  Mcx2Svc - ok
16:32:34.0316 1916  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
16:32:34.0316 1916  megasas - ok
16:32:34.0332 1916  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:32:34.0347 1916  MegaSR - ok
16:32:34.0379 1916  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
16:32:34.0410 1916  MMCSS - ok
16:32:34.0425 1916  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
16:32:34.0457 1916  Modem - ok
16:32:34.0472 1916  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
16:32:34.0488 1916  monitor - ok
16:32:34.0488 1916  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:32:34.0503 1916  mouclass - ok
16:32:34.0519 1916  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:32:34.0535 1916  mouhid - ok
16:32:34.0550 1916  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:32:34.0550 1916  mountmgr - ok
16:32:34.0581 1916  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:32:34.0597 1916  MozillaMaintenance - ok
16:32:34.0628 1916  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
16:32:34.0644 1916  MpFilter - ok
16:32:34.0659 1916  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
16:32:34.0675 1916  mpio - ok
16:32:34.0691 1916  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:32:34.0722 1916  mpsdrv - ok
16:32:34.0737 1916  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:32:34.0784 1916  MpsSvc - ok
16:32:34.0800 1916  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:32:34.0815 1916  MRxDAV - ok
16:32:34.0831 1916  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:32:34.0847 1916  mrxsmb - ok
16:32:34.0878 1916  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:32:34.0893 1916  mrxsmb10 - ok
16:32:34.0893 1916  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:32:34.0909 1916  mrxsmb20 - ok
16:32:34.0925 1916  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
16:32:34.0940 1916  msahci - ok
16:32:34.0940 1916  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm          C:\Windows\system32\DRIVERS\msdsm.sys
16:32:34.0956 1916  msdsm - ok
16:32:34.0971 1916  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
16:32:34.0987 1916  MSDTC - ok
16:32:35.0003 1916  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:32:35.0034 1916  Msfs - ok
16:32:35.0049 1916  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
16:32:35.0081 1916  mshidkmdf - ok
16:32:35.0096 1916  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
16:32:35.0112 1916  msisadrv - ok
16:32:35.0127 1916  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
16:32:35.0159 1916  MSiSCSI - ok
16:32:35.0174 1916  msiserver - ok
16:32:35.0190 1916  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
16:32:35.0221 1916  MSKSSRV - ok
16:32:35.0283 1916  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc        c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:32:35.0299 1916  MsMpSvc - ok
16:32:35.0299 1916  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:32:35.0346 1916  MSPCLOCK - ok
16:32:35.0361 1916  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
16:32:35.0393 1916  MSPQM - ok
16:32:35.0393 1916  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
16:32:35.0408 1916  MsRPC - ok
16:32:35.0424 1916  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:32:35.0439 1916  mssmbios - ok
16:32:35.0439 1916  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
16:32:35.0471 1916  MSTEE - ok
16:32:35.0486 1916  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:32:35.0502 1916  MTConfig - ok
16:32:35.0502 1916  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
16:32:35.0517 1916  Mup - ok
16:32:35.0549 1916  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
16:32:35.0580 1916  napagent - ok
16:32:35.0595 1916  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
16:32:35.0611 1916  NativeWifiP - ok
16:32:35.0642 1916  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:32:35.0673 1916  NDIS - ok
16:32:35.0689 1916  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
16:32:35.0720 1916  NdisCap - ok
16:32:35.0736 1916  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:32:35.0767 1916  NdisTapi - ok
16:32:35.0767 1916  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
16:32:35.0798 1916  Ndisuio - ok
16:32:35.0814 1916  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
16:32:35.0845 1916  NdisWan - ok
16:32:35.0861 1916  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
16:32:35.0892 1916  NDProxy - ok
16:32:35.0939 1916  [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl        C:\Windows\system32\DRIVERS\netaapl64.sys
16:32:35.0939 1916  Netaapl - ok
16:32:35.0954 1916  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
16:32:35.0985 1916  NetBIOS - ok
16:32:36.0017 1916  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
16:32:36.0048 1916  NetBT - ok
16:32:36.0063 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
16:32:36.0063 1916  Netlogon - ok
16:32:36.0095 1916  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:32:36.0126 1916  Netman - ok
16:32:36.0141 1916  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:32:36.0188 1916  netprofm - ok
16:32:36.0204 1916  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:32:36.0204 1916  NetTcpPortSharing - ok
16:32:36.0235 1916  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
16:32:36.0251 1916  nfrd960 - ok
16:32:36.0282 1916  [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:32:36.0297 1916  NisDrv - ok
16:32:36.0329 1916  [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
16:32:36.0344 1916  NisSrv - ok
16:32:36.0360 1916  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:32:36.0407 1916  NlaSvc - ok
16:32:36.0422 1916  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:32:36.0453 1916  Npfs - ok
16:32:36.0453 1916  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
16:32:36.0500 1916  nsi - ok
16:32:36.0500 1916  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:32:36.0531 1916  nsiproxy - ok
16:32:36.0563 1916  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:32:36.0609 1916  Ntfs - ok
16:32:36.0609 1916  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:32:36.0641 1916  Null - ok
16:32:36.0859 1916  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:32:37.0062 1916  nvlddmkm - ok
16:32:37.0093 1916  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:32:37.0109 1916  nvraid - ok
16:32:37.0124 1916  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:32:37.0124 1916  nvstor - ok
16:32:37.0171 1916  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc          C:\Windows\system32\nvvsvc.exe
16:32:37.0187 1916  nvsvc - ok
16:32:37.0233 1916  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:32:37.0265 1916  nvUpdatusService - ok
16:32:37.0296 1916  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
16:32:37.0296 1916  nv_agp - ok
16:32:37.0311 1916  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
16:32:37.0327 1916  ohci1394 - ok
16:32:37.0343 1916  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:32:37.0358 1916  p2pimsvc - ok
16:32:37.0374 1916  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:32:37.0389 1916  p2psvc - ok
16:32:37.0405 1916  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
16:32:37.0421 1916  Parport - ok
16:32:37.0436 1916  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
16:32:37.0452 1916  partmgr - ok
16:32:37.0467 1916  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:32:37.0483 1916  PcaSvc - ok
16:32:37.0499 1916  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci            C:\Windows\system32\DRIVERS\pci.sys
16:32:37.0514 1916  pci - ok
16:32:37.0530 1916  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
16:32:37.0530 1916  pciide - ok
16:32:37.0545 1916  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:32:37.0561 1916  pcmcia - ok
16:32:37.0577 1916  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
16:32:37.0577 1916  pcw - ok
16:32:37.0608 1916  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:32:37.0639 1916  PEAUTH - ok
16:32:37.0670 1916  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
16:32:37.0686 1916  PeerDistSvc - ok
16:32:37.0733 1916  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:32:37.0748 1916  PerfHost - ok
16:32:37.0795 1916  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla            C:\Windows\system32\pla.dll
16:32:37.0842 1916  pla - ok
16:32:37.0857 1916  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:32:37.0873 1916  PlugPlay - ok
16:32:37.0889 1916  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
16:32:37.0904 1916  PNRPAutoReg - ok
16:32:37.0904 1916  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
16:32:37.0920 1916  PNRPsvc - ok
16:32:37.0951 1916  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
16:32:37.0982 1916  PolicyAgent - ok
16:32:38.0013 1916  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
16:32:38.0045 1916  Power - ok
16:32:38.0060 1916  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:32:38.0091 1916  PptpMiniport - ok
16:32:38.0107 1916  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
16:32:38.0123 1916  Processor - ok
16:32:38.0154 1916  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc        C:\Windows\system32\profsvc.dll
16:32:38.0169 1916  ProfSvc - ok
16:32:38.0185 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:32:38.0185 1916  ProtectedStorage - ok
16:32:38.0201 1916  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:32:38.0232 1916  Psched - ok
16:32:38.0279 1916  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:32:38.0310 1916  ql2300 - ok
16:32:38.0310 1916  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:32:38.0325 1916  ql40xx - ok
16:32:38.0341 1916  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
16:32:38.0357 1916  QWAVE - ok
16:32:38.0372 1916  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:32:38.0388 1916  QWAVEdrv - ok
16:32:38.0388 1916  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:32:38.0419 1916  RasAcd - ok
16:32:38.0435 1916  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
16:32:38.0481 1916  RasAgileVpn - ok
16:32:38.0481 1916  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
16:32:38.0528 1916  RasAuto - ok
16:32:38.0528 1916  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
16:32:38.0575 1916  Rasl2tp - ok
16:32:38.0591 1916  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
16:32:38.0622 1916  RasMan - ok
16:32:38.0637 1916  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:32:38.0669 1916  RasPppoe - ok
16:32:38.0669 1916  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
16:32:38.0700 1916  RasSstp - ok
16:32:38.0715 1916  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
16:32:38.0747 1916  rdbss - ok
16:32:38.0762 1916  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:32:38.0778 1916  rdpbus - ok
16:32:38.0793 1916  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:32:38.0825 1916  RDPCDD - ok
16:32:38.0840 1916  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
16:32:38.0856 1916  RDPDR - ok
16:32:38.0871 1916  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:32:38.0903 1916  RDPENCDD - ok
16:32:38.0918 1916  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:32:38.0949 1916  RDPREFMP - ok
16:32:38.0965 1916  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
16:32:38.0981 1916  RDPWD - ok
16:32:38.0981 1916  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:32:38.0996 1916  rdyboost - ok
16:32:39.0012 1916  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:32:39.0059 1916  RemoteAccess - ok
16:32:39.0074 1916  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:32:39.0105 1916  RemoteRegistry - ok
16:32:39.0137 1916  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:32:39.0168 1916  RpcEptMapper - ok
16:32:39.0183 1916  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:32:39.0199 1916  RpcLocator - ok
16:32:39.0215 1916  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs          C:\Windows\system32\rpcss.dll
16:32:39.0246 1916  RpcSs - ok
16:32:39.0261 1916  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:32:39.0293 1916  rspndr - ok
16:32:39.0308 1916  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
16:32:39.0324 1916  RTL8167 - ok
16:32:39.0339 1916  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap          C:\Windows\system32\DRIVERS\vms3cap.sys
16:32:39.0355 1916  s3cap - ok
16:32:39.0371 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs          C:\Windows\system32\lsass.exe
16:32:39.0371 1916  SamSs - ok
16:32:39.0386 1916  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
16:32:39.0402 1916  sbp2port - ok
16:32:39.0417 1916  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:32:39.0449 1916  SCardSvr - ok
16:32:39.0527 1916  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:32:39.0573 1916  scfilter - ok
16:32:39.0605 1916  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
16:32:39.0620 1916  Schedule - ok
16:32:39.0651 1916  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc    C:\Windows\System32\certprop.dll
16:32:39.0683 1916  SCPolicySvc - ok
16:32:39.0698 1916  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:32:39.0714 1916  SDRSVC - ok
16:32:39.0714 1916  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:32:39.0745 1916  secdrv - ok
16:32:39.0761 1916  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
16:32:39.0792 1916  seclogon - ok
16:32:39.0823 1916  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:32:39.0854 1916  SENS - ok
16:32:39.0870 1916  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:32:39.0870 1916  SensrSvc - ok
16:32:39.0885 1916  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
16:32:39.0901 1916  Serenum - ok
16:32:39.0901 1916  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:32:39.0917 1916  Serial - ok
16:32:39.0932 1916  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:32:39.0932 1916  sermouse - ok
16:32:39.0948 1916  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
16:32:39.0995 1916  SessionEnv - ok
16:32:39.0995 1916  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
16:32:40.0010 1916  sffdisk - ok
16:32:40.0026 1916  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:32:40.0026 1916  sffp_mmc - ok
16:32:40.0041 1916  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
16:32:40.0057 1916  sffp_sd - ok
16:32:40.0057 1916  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
16:32:40.0073 1916  sfloppy - ok
16:32:40.0088 1916  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:32:40.0119 1916  SharedAccess - ok
16:32:40.0135 1916  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:32:40.0151 1916  ShellHWDetection - ok
16:32:40.0166 1916  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:32:40.0166 1916  SiSRaid2 - ok
16:32:40.0182 1916  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:32:40.0197 1916  SiSRaid4 - ok
16:32:40.0229 1916  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
16:32:40.0244 1916  SkypeUpdate - ok
16:32:40.0275 1916  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
16:32:40.0322 1916  Smb - ok
16:32:40.0338 1916  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:32:40.0353 1916  SNMPTRAP - ok
16:32:40.0369 1916  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
16:32:40.0369 1916  spldr - ok
16:32:40.0400 1916  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler        C:\Windows\System32\spoolsv.exe
16:32:40.0416 1916  Spooler - ok
16:32:40.0478 1916  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:32:40.0525 1916  sppsvc - ok
16:32:40.0541 1916  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
16:32:40.0572 1916  sppuinotify - ok
16:32:40.0603 1916  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv            C:\Windows\system32\DRIVERS\srv.sys
16:32:40.0619 1916  srv - ok
16:32:40.0650 1916  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:32:40.0650 1916  srv2 - ok
16:32:40.0681 1916  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:32:40.0697 1916  srvnet - ok
16:32:40.0712 1916  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
16:32:40.0743 1916  SSDPSRV - ok
16:32:40.0759 1916  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
16:32:40.0790 1916  SstpSvc - ok
16:32:40.0821 1916  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:32:40.0837 1916  Stereo Service - ok
16:32:40.0853 1916  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:32:40.0868 1916  stexstor - ok
16:32:40.0899 1916  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
16:32:40.0931 1916  stisvc - ok
16:32:40.0931 1916  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt        C:\Windows\system32\DRIVERS\vmstorfl.sys
16:32:40.0946 1916  storflt - ok
16:32:40.0946 1916  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc        C:\Windows\system32\DRIVERS\storvsc.sys
16:32:40.0962 1916  storvsc - ok
16:32:40.0977 1916  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:32:40.0993 1916  swenum - ok
16:32:41.0024 1916  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
16:32:41.0055 1916  swprv - ok
16:32:41.0087 1916  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain        C:\Windows\system32\sysmain.dll
16:32:41.0133 1916  SysMain - ok
16:32:41.0133 1916  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:32:41.0149 1916  TabletInputService - ok
16:32:41.0165 1916  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv        C:\Windows\System32\tapisrv.dll
16:32:41.0211 1916  TapiSrv - ok
16:32:41.0211 1916  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
16:32:41.0243 1916  TBS - ok
16:32:41.0305 1916  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
16:32:41.0352 1916  Tcpip - ok
16:32:41.0399 1916  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:32:41.0430 1916  TCPIP6 - ok
16:32:41.0445 1916  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:32:41.0477 1916  tcpipreg - ok
16:32:41.0492 1916  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:32:41.0508 1916  TDPIPE - ok
16:32:41.0523 1916  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
16:32:41.0539 1916  TDTCP - ok
16:32:41.0555 1916  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
16:32:41.0586 1916  tdx - ok
16:32:41.0601 1916  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:32:41.0601 1916  TermDD - ok
16:32:41.0633 1916  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService    C:\Windows\System32\termsrv.dll
16:32:41.0664 1916  TermService - ok
16:32:41.0679 1916  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:32:41.0695 1916  Themes - ok
16:32:41.0695 1916  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
16:32:41.0726 1916  THREADORDER - ok
16:32:41.0742 1916  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:32:41.0773 1916  TrkWks - ok
16:32:41.0804 1916  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:32:41.0820 1916  TrustedInstaller - ok
16:32:41.0835 1916  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:32:41.0867 1916  tssecsrv - ok
16:32:41.0882 1916  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:32:41.0913 1916  tunnel - ok
16:32:41.0929 1916  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:32:41.0945 1916  uagp35 - ok
16:32:41.0960 1916  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:32:41.0991 1916  udfs - ok
16:32:42.0007 1916  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
16:32:42.0023 1916  UI0Detect - ok
16:32:42.0054 1916  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
16:32:42.0069 1916  uliagpkx - ok
16:32:42.0085 1916  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
16:32:42.0101 1916  umbus - ok
16:32:42.0116 1916  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:32:42.0132 1916  UmPass - ok
16:32:42.0147 1916  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:32:42.0147 1916  UmRdpService - ok
16:32:42.0179 1916  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:32:42.0210 1916  UMVPFSrv - ok
16:32:42.0225 1916  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:32:42.0257 1916  upnphost - ok
16:32:42.0288 1916  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
16:32:42.0303 1916  USBAAPL64 - ok
16:32:42.0335 1916  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:32:42.0350 1916  usbaudio - ok
16:32:42.0366 1916  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
16:32:42.0366 1916  usbccgp - ok
16:32:42.0381 1916  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
16:32:42.0397 1916  usbcir - ok
16:32:42.0428 1916  [ 92969BA5AC44E229C55A332864F79677 ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
16:32:42.0444 1916  usbehci - ok
16:32:42.0459 1916  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:32:42.0475 1916  usbhub - ok
16:32:42.0475 1916  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci        C:\Windows\system32\drivers\usbohci.sys
16:32:42.0491 1916  usbohci - ok
16:32:42.0506 1916  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:32:42.0522 1916  usbprint - ok
16:32:42.0537 1916  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
16:32:42.0553 1916  usbscan - ok
16:32:42.0569 1916  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:32:42.0584 1916  USBSTOR - ok
16:32:42.0584 1916  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
16:32:42.0600 1916  usbuhci - ok
16:32:42.0615 1916  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:32:42.0631 1916  usbvideo - ok
16:32:42.0647 1916  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
16:32:42.0678 1916  UxSms - ok
16:32:42.0678 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
16:32:42.0693 1916  VaultSvc - ok
16:32:42.0709 1916  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
16:32:42.0725 1916  vdrvroot - ok
16:32:42.0740 1916  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds            C:\Windows\System32\vds.exe
16:32:42.0756 1916  vds - ok
16:32:42.0771 1916  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
16:32:42.0787 1916  vga - ok
16:32:42.0787 1916  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
16:32:42.0818 1916  VgaSave - ok
16:32:42.0834 1916  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp          C:\Windows\system32\DRIVERS\vhdmp.sys
16:32:42.0834 1916  vhdmp - ok
16:32:42.0849 1916  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
16:32:42.0865 1916  viaide - ok
16:32:42.0881 1916  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus          C:\Windows\system32\DRIVERS\vmbus.sys
16:32:42.0896 1916  vmbus - ok
16:32:42.0896 1916  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
16:32:42.0912 1916  VMBusHID - ok
16:32:42.0927 1916  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
16:32:42.0927 1916  volmgr - ok
16:32:42.0959 1916  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
16:32:42.0990 1916  volmgrx - ok
16:32:43.0005 1916  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
16:32:43.0021 1916  volsnap - ok
16:32:43.0052 1916  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
16:32:43.0052 1916  vsmraid - ok
16:32:43.0099 1916  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS            C:\Windows\system32\vssvc.exe
16:32:43.0115 1916  VSS - ok
16:32:43.0130 1916  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:32:43.0146 1916  vwifibus - ok
16:32:43.0161 1916  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
16:32:43.0208 1916  W32Time - ok
16:32:43.0208 1916  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:32:43.0224 1916  WacomPen - ok
16:32:43.0239 1916  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:32:43.0271 1916  WANARP - ok
16:32:43.0271 1916  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:32:43.0302 1916  Wanarpv6 - ok
16:32:43.0333 1916  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
16:32:43.0364 1916  wbengine - ok
16:32:43.0380 1916  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:32:43.0395 1916  WbioSrvc - ok
16:32:43.0427 1916  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
16:32:43.0442 1916  wcncsvc - ok
16:32:43.0442 1916  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:32:43.0458 1916  WcsPlugInService - ok
16:32:43.0473 1916  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:32:43.0489 1916  Wd - ok
16:32:43.0520 1916  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:32:43.0536 1916  Wdf01000 - ok
16:32:43.0551 1916  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:32:43.0567 1916  WdiServiceHost - ok
16:32:43.0567 1916  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
16:32:43.0583 1916  WdiSystemHost - ok
16:32:43.0614 1916  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient      C:\Windows\System32\webclnt.dll
16:32:43.0629 1916  WebClient - ok
16:32:43.0629 1916  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:32:43.0676 1916  Wecsvc - ok
16:32:43.0676 1916  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
16:32:43.0723 1916  wercplsupport - ok
16:32:43.0739 1916  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:32:43.0770 1916  WerSvc - ok
16:32:43.0785 1916  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:32:43.0817 1916  WfpLwf - ok
16:32:43.0832 1916  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:32:43.0832 1916  WIMMount - ok
16:32:43.0848 1916  WinDefend - ok
16:32:43.0848 1916  WinHttpAutoProxySvc - ok
16:32:43.0895 1916  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
16:32:43.0941 1916  Winmgmt - ok
16:32:44.0004 1916  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM          C:\Windows\system32\WsmSvc.dll
16:32:44.0066 1916  WinRM - ok
16:32:44.0097 1916  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:32:44.0113 1916  WinUsb - ok
16:32:44.0144 1916  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
16:32:44.0175 1916  Wlansvc - ok
16:32:44.0175 1916  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
16:32:44.0191 1916  WmiAcpi - ok
16:32:44.0207 1916  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:32:44.0222 1916  wmiApSrv - ok
16:32:44.0238 1916  WMPNetworkSvc - ok
16:32:44.0253 1916  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:32:44.0253 1916  WPCSvc - ok
16:32:44.0269 1916  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:32:44.0285 1916  WPDBusEnum - ok
16:32:44.0300 1916  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
16:32:44.0331 1916  ws2ifsl - ok
16:32:44.0347 1916  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:32:44.0363 1916  wscsvc - ok
16:32:44.0363 1916  WSearch - ok
16:32:44.0425 1916  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:32:44.0472 1916  wuauserv - ok
16:32:44.0487 1916  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:32:44.0503 1916  WudfPf - ok
16:32:44.0519 1916  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:32:44.0534 1916  WUDFRd - ok
16:32:44.0550 1916  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
16:32:44.0565 1916  wudfsvc - ok
16:32:44.0581 1916  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
16:32:44.0597 1916  WwanSvc - ok
16:32:44.0612 1916  ================ Scan global ===============================
16:32:44.0643 1916  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:32:44.0659 1916  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
16:32:44.0675 1916  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
16:32:44.0690 1916  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:32:44.0721 1916  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:32:44.0721 1916  [Global] - ok
16:32:44.0721 1916  ================ Scan MBR ==================================
16:32:44.0737 1916  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:32:44.0924 1916  \Device\Harddisk0\DR0 - ok
16:32:44.0924 1916  ================ Scan VBR ==================================
16:32:44.0940 1916  [ 270BAC60E90E625133D4A3F09F8934D3 ] \Device\Harddisk0\DR0\Partition1
16:32:44.0940 1916  \Device\Harddisk0\DR0\Partition1 - ok
16:32:44.0955 1916  [ 18C1231D4A1D6AF78B7D9838869EB9CC ] \Device\Harddisk0\DR0\Partition2
16:32:44.0955 1916  \Device\Harddisk0\DR0\Partition2 - ok
16:32:44.0955 1916  ============================================================
16:32:44.0955 1916  Scan finished
16:32:44.0955 1916  ============================================================
16:32:44.0971 1444  Detected object count: 1
16:32:44.0971 1444  Actual detected object count: 1
16:33:13.0881 1444  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:33:13.0881 1444  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:33:22.0383 4516  Deinitialize success
Habe jetzt über das Konto meiner Tochter gearbeitet. Bevor ich deine Anweisungen ausgeführt habe, habe ich noch eine Virenscan mit MSE durchgeführt. Hat aber keine Bedrohungen gefunden. Auf meinem Konto ist das Bild vom BKA Virus verschwunden, kann aber nicht damit arbeiten.
Hoffe, das ich jetzt alles richtig gemacht habe und du mir weiterhelfen kannst und ich den Computer nicht platt machen muss.

Noch mal ich, jetzt ist mein Konto wieder total lahm gelegt und es erscheint nur das Bild vom BKA Virus.

cosinus 24.02.2013 21:19
Mit dem anderen Benutzerkonto kannst du aber noch arbeiten?
Wenn ja: Dann bitte jetzt CF ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

fantie 24.02.2013 23:40
Code:
ComboFix 13-02-24.01 - Acer 24.02.2013  23:28:55.2.4 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.3263.1810 [GMT 1:00]
ausgeführt von:: c:\users\Jenny\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IMinent Toolbar\tbHElper.dll
c:\users\Jenny\vlc-0.9.9-win32.exe
c:\users\Ralph\AppData\Roaming\Kuev
c:\users\Ralph\AppData\Roaming\Kuev\hyemo.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-24 bis 2013-02-24  ))))))))))))))))))))))))))))))
.
.
2013-02-24 22:34 . 2013-02-24 22:34        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-02-24 22:34 . 2013-02-24 22:34        --------        d-----w-        c:\users\Ralph\AppData\Local\temp
2013-02-24 22:34 . 2013-02-24 22:34        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-24 22:34 . 2013-02-24 22:34        --------        d-----w-        c:\users\Acer\AppData\Local\temp
2013-02-24 22:18 . 2013-02-08 00:28        9162192        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{977F6861-A8A1-4F1D-979D-466FA646EBD2}\mpengine.dll
2013-02-23 15:36 . 2013-02-08 00:28        9162192        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-23 11:22 . 2013-02-23 11:22        --------        d-----w-        c:\users\Ralph\AppData\Roaming\Rhliz
2013-02-23 02:20 . 2013-02-23 02:20        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-23 02:13 . 2013-02-23 02:13        --------        d-----w-        c:\users\Ralph\AppData\Local\WinZip
2013-02-23 02:13 . 2013-02-23 11:33        --------        d-----w-        c:\programdata\WinZip
2013-02-23 02:13 . 2013-02-23 02:13        --------        d-----w-        c:\program files\WinZip
2013-02-23 00:48 . 2013-02-23 00:48        --------        d-----w-        c:\users\Acer\AppData\Local\ElevatedDiagnostics
2013-02-23 00:32 . 2013-02-19 02:57        9162192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{10533BF5-C9F0-4EBB-BE30-FD0672F70683}\mpengine.dll
2013-02-22 23:28 . 2013-02-22 23:28        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2013-02-22 16:43 . 2013-02-22 16:43        --------        d-----w-        c:\programdata\McAfee
2013-02-22 16:42 . 2013-02-22 16:42        --------        d-----w-        c:\program files (x86)\Common Files\Adobe
2013-02-22 16:25 . 2013-02-22 16:25        --------        d-sh--w-        c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-22 16:25 . 2013-02-22 16:25        --------        d--h--w-        c:\programdata\Common Files
2013-02-22 08:45 . 2013-02-23 11:37        --------        d-----w-        c:\users\Ralph\AppData\Roaming\Ipidy
2013-02-22 08:45 . 2013-02-22 08:45        --------        d-----w-        c:\users\Ralph\AppData\Roaming\Bafeyz
2013-02-18 18:55 . 2013-02-18 18:55        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2013-02-18 18:55 . 2013-02-18 18:55        --------        d-----r-        c:\program files (x86)\Skype
2013-02-14 15:42 . 2013-01-09 01:10        996352        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 15:42 . 2013-01-08 22:01        768000        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 14:53 . 2013-01-05 05:57        5500776        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-02-11 18:34 . 2013-02-11 18:34        --------        d-----w-        c:\program files (x86)\DVDVideoSoft
2013-02-11 18:34 . 2013-02-11 18:34        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft
2013-02-06 19:26 . 2013-02-06 19:26        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-02-06 19:24 . 2013-02-06 19:23        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-06 19:19 . 2013-02-22 23:35        --------        d-----w-        c:\users\Ralph\AppData\Local\Mozilla Firefox
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 15:44 . 2012-06-15 21:15        70004024        ----a-w-        c:\windows\system32\MRT.exe
2013-02-11 18:38 . 2012-06-15 21:38        697712        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-11 18:38 . 2012-06-15 21:38        74096        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-06 19:23 . 2012-06-16 14:34        861088        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2013-02-06 19:23 . 2012-06-16 14:16        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2012-06-15 20:56        273840        ------w-        c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 14:53        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-12-16 16:52 . 2012-12-21 13:08        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-21 13:08        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-21 13:08        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-21 13:08        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-07 05:41 . 2013-01-09 11:51        441856        ----a-w-        c:\windows\system32\Wpc.dll
2012-12-07 05:35 . 2013-01-09 11:51        2745856        ----a-w-        c:\windows\system32\gameux.dll
2012-12-07 05:04 . 2013-01-09 11:51        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll
2012-12-07 04:57 . 2013-01-09 11:51        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll
2012-12-07 03:45 . 2013-01-09 11:51        43520        ----a-w-        c:\windows\system32\csrr.rs
2012-12-07 03:45 . 2013-01-09 11:51        45568        ----a-w-        c:\windows\system32\oflc-nz.rs
2012-12-07 03:45 . 2013-01-09 11:51        30720        ----a-w-        c:\windows\system32\usk.rs
2012-12-07 03:45 . 2013-01-09 11:51        23552        ----a-w-        c:\windows\system32\oflc.rs
2012-12-07 03:45 . 2013-01-09 11:51        44544        ----a-w-        c:\windows\system32\pegibbfc.rs
2012-12-07 03:45 . 2013-01-09 11:51        40960        ----a-w-        c:\windows\system32\cob-au.rs
2012-12-07 03:45 . 2013-01-09 11:51        21504        ----a-w-        c:\windows\system32\grb.rs
2012-12-07 03:45 . 2013-01-09 11:51        20480        ----a-w-        c:\windows\system32\pegi-pt.rs
2012-12-07 03:45 . 2013-01-09 11:51        20480        ----a-w-        c:\windows\system32\pegi-fi.rs
2012-12-07 03:45 . 2013-01-09 11:51        46592        ----a-w-        c:\windows\system32\fpb.rs
2012-12-07 03:45 . 2013-01-09 11:51        20480        ----a-w-        c:\windows\system32\pegi.rs
2012-12-07 03:45 . 2013-01-09 11:51        15360        ----a-w-        c:\windows\system32\djctq.rs
2012-12-07 03:45 . 2013-01-09 11:51        55296        ----a-w-        c:\windows\system32\cero.rs
2012-12-07 03:45 . 2013-01-09 11:51        51712        ----a-w-        c:\windows\system32\esrb.rs
2012-12-07 03:21 . 2013-01-09 11:51        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 11:51        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 11:51        43520        ----a-w-        c:\windows\SysWow64\csrr.rs
2012-12-07 03:21 . 2013-01-09 11:51        30720        ----a-w-        c:\windows\SysWow64\usk.rs
2012-12-07 03:21 . 2013-01-09 11:51        23552        ----a-w-        c:\windows\SysWow64\oflc.rs
2012-12-07 03:21 . 2013-01-09 11:51        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 11:51        20480        ----a-w-        c:\windows\SysWow64\pegi.rs
2012-12-07 03:21 . 2013-01-09 11:51        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 11:51        46592        ----a-w-        c:\windows\SysWow64\fpb.rs
2012-12-07 03:21 . 2013-01-09 11:51        21504        ----a-w-        c:\windows\SysWow64\grb.rs
2012-12-07 03:21 . 2013-01-09 11:51        55296        ----a-w-        c:\windows\SysWow64\cero.rs
2012-12-07 03:21 . 2013-01-09 11:51        51712        ----a-w-        c:\windows\SysWow64\esrb.rs
2012-12-07 03:21 . 2013-01-09 11:51        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs
2012-12-07 03:21 . 2013-01-09 11:51        15360        ----a-w-        c:\windows\SysWow64\djctq.rs
2012-11-28 18:58 . 2012-11-28 18:58        972264        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CCA90CA-3916-4274-8AB4-3BCB58578075}\gapaengine.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-12-23 618904]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2012-12-23 09:42        618904        ----a-w-        c:\users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54        2607872        ----a-w-        c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49        281760        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-12-23 618904]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2012-04-27 1073744]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2012-04-27 884816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 cpuz135;cpuz135;d:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys [2012-06-16 23816]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 18:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49        342176        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2625848&SSPV=TB_IESB21
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB DE Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=
FF - ExtSQL: 2012-12-25 16:03; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2012-12-25 16:04; {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}; c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Wow6432Node-HKCU-Run-ASRockOCTuner - (no file)
Wow6432Node-HKCU-Run-ASRockIES - (no file)
Wow6432Node-HKLM-RunOnce-Z1 - c:\users\Ralph\Desktop\mbar\mbar.exe
Wow6432Node-HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\users\Ralph\Desktop\mbar\Data\cleanup.dll
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
AddRemove-FILEminimizer Pictures_is1 - c:\fileminimizer pictures\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-24  23:36:22
ComboFix-quarantined-files.txt  2013-02-24 22:36
.
Vor Suchlauf: 9 Verzeichnis(se), 233.539.796.992 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 233.763.012.608 Bytes frei
.
- - End Of File - - 7D4C0121F694A5407B7A582F458DFB75

cosinus 25.02.2013 10:16
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    Folder::
    c:\users\Ralph\AppData\Roaming\Rhliz
    c:\users\Ralph\AppData\Roaming\Ipidy
    c:\users\Ralph\AppData\Roaming\Bafeyz
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

fantie 25.02.2013 15:30
Code:
ComboFix 13-02-24.01 - Acer 25.02.2013  15:16:39.3.4 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.3263.2037 [GMT 1:00]
ausgeführt von:: c:\users\Jenny\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Jenny\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ralph\AppData\Roaming\Bafeyz
c:\users\Ralph\AppData\Roaming\Bafeyz\vaqal.lap
c:\users\Ralph\AppData\Roaming\Ipidy
c:\users\Ralph\AppData\Roaming\Rhliz
c:\users\Ralph\AppData\Roaming\Rhliz\brhliznunnu.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-25 bis 2013-02-25  ))))))))))))))))))))))))))))))
.
.
2013-02-25 14:21 . 2013-02-25 14:21        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-02-25 14:21 . 2013-02-25 14:21        --------        d-----w-        c:\users\Ralph\AppData\Local\temp
2013-02-25 14:21 . 2013-02-25 14:21        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-25 14:21 . 2013-02-25 14:21        --------        d-----w-        c:\users\Acer\AppData\Local\temp
2013-02-25 14:11 . 2013-02-08 00:28        9162192        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{987F99D2-9909-439C-BE53-4184415893CA}\mpengine.dll
2013-02-24 22:42 . 2013-02-08 00:28        9162192        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-23 02:20 . 2013-02-23 02:20        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-23 02:13 . 2013-02-23 02:13        --------        d-----w-        c:\users\Ralph\AppData\Local\WinZip
2013-02-23 02:13 . 2013-02-23 11:33        --------        d-----w-        c:\programdata\WinZip
2013-02-23 02:13 . 2013-02-23 02:13        --------        d-----w-        c:\program files\WinZip
2013-02-23 00:48 . 2013-02-23 00:48        --------        d-----w-        c:\users\Acer\AppData\Local\ElevatedDiagnostics
2013-02-23 00:32 . 2013-02-19 02:57        9162192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{10533BF5-C9F0-4EBB-BE30-FD0672F70683}\mpengine.dll
2013-02-22 23:28 . 2013-02-22 23:28        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2013-02-22 16:43 . 2013-02-22 16:43        --------        d-----w-        c:\programdata\McAfee
2013-02-22 16:42 . 2013-02-22 16:42        --------        d-----w-        c:\program files (x86)\Common Files\Adobe
2013-02-22 16:25 . 2013-02-22 16:25        --------        d-sh--w-        c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-22 16:25 . 2013-02-22 16:25        --------        d--h--w-        c:\programdata\Common Files
2013-02-18 18:55 . 2013-02-18 18:55        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2013-02-18 18:55 . 2013-02-18 18:55        --------        d-----r-        c:\program files (x86)\Skype
2013-02-14 15:42 . 2013-01-09 01:10        996352        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 15:42 . 2013-01-08 22:01        768000        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 14:53 . 2013-01-05 05:57        5500776        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-02-11 18:34 . 2013-02-11 18:34        --------        d-----w-        c:\program files (x86)\DVDVideoSoft
2013-02-11 18:34 . 2013-02-11 18:34        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft
2013-02-06 19:26 . 2013-02-06 19:26        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-02-06 19:24 . 2013-02-06 19:23        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-06 19:19 . 2013-02-22 23:35        --------        d-----w-        c:\users\Ralph\AppData\Local\Mozilla Firefox
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 15:44 . 2012-06-15 21:15        70004024        ----a-w-        c:\windows\system32\MRT.exe
2013-02-11 18:38 . 2012-06-15 21:38        697712        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-11 18:38 . 2012-06-15 21:38        74096        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-06 19:23 . 2012-06-16 14:34        861088        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2013-02-06 19:23 . 2012-06-16 14:16        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2012-06-15 20:56        273840        ------w-        c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 14:53        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-12-16 16:52 . 2012-12-21 13:08        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-21 13:08        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-21 13:08        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-21 13:08        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-07 05:41 . 2013-01-09 11:51        441856        ----a-w-        c:\windows\system32\Wpc.dll
2012-12-07 05:35 . 2013-01-09 11:51        2745856        ----a-w-        c:\windows\system32\gameux.dll
2012-12-07 05:04 . 2013-01-09 11:51        308736        ----a-w-        c:\windows\SysWow64\Wpc.dll
2012-12-07 04:57 . 2013-01-09 11:51        2576384        ----a-w-        c:\windows\SysWow64\gameux.dll
2012-12-07 03:45 . 2013-01-09 11:51        43520        ----a-w-        c:\windows\system32\csrr.rs
2012-12-07 03:45 . 2013-01-09 11:51        45568        ----a-w-        c:\windows\system32\oflc-nz.rs
2012-12-07 03:45 . 2013-01-09 11:51        30720        ----a-w-        c:\windows\system32\usk.rs
2012-12-07 03:45 . 2013-01-09 11:51        23552        ----a-w-        c:\windows\system32\oflc.rs
2012-12-07 03:45 . 2013-01-09 11:51        44544        ----a-w-        c:\windows\system32\pegibbfc.rs
2012-12-07 03:45 . 2013-01-09 11:51        40960        ----a-w-        c:\windows\system32\cob-au.rs
2012-12-07 03:45 . 2013-01-09 11:51        21504        ----a-w-        c:\windows\system32\grb.rs
2012-12-07 03:45 . 2013-01-09 11:51        20480        ----a-w-        c:\windows\system32\pegi-pt.rs
2012-12-07 03:45 . 2013-01-09 11:51        20480        ----a-w-        c:\windows\system32\pegi-fi.rs
2012-12-07 03:45 . 2013-01-09 11:51        46592        ----a-w-        c:\windows\system32\fpb.rs
2012-12-07 03:45 . 2013-01-09 11:51        20480        ----a-w-        c:\windows\system32\pegi.rs
2012-12-07 03:45 . 2013-01-09 11:51        15360        ----a-w-        c:\windows\system32\djctq.rs
2012-12-07 03:45 . 2013-01-09 11:51        55296        ----a-w-        c:\windows\system32\cero.rs
2012-12-07 03:45 . 2013-01-09 11:51        51712        ----a-w-        c:\windows\system32\esrb.rs
2012-12-07 03:21 . 2013-01-09 11:51        45568        ----a-w-        c:\windows\SysWow64\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 11:51        44544        ----a-w-        c:\windows\SysWow64\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 11:51        43520        ----a-w-        c:\windows\SysWow64\csrr.rs
2012-12-07 03:21 . 2013-01-09 11:51        30720        ----a-w-        c:\windows\SysWow64\usk.rs
2012-12-07 03:21 . 2013-01-09 11:51        23552        ----a-w-        c:\windows\SysWow64\oflc.rs
2012-12-07 03:21 . 2013-01-09 11:51        20480        ----a-w-        c:\windows\SysWow64\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 11:51        20480        ----a-w-        c:\windows\SysWow64\pegi.rs
2012-12-07 03:21 . 2013-01-09 11:51        20480        ----a-w-        c:\windows\SysWow64\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 11:51        46592        ----a-w-        c:\windows\SysWow64\fpb.rs
2012-12-07 03:21 . 2013-01-09 11:51        21504        ----a-w-        c:\windows\SysWow64\grb.rs
2012-12-07 03:21 . 2013-01-09 11:51        55296        ----a-w-        c:\windows\SysWow64\cero.rs
2012-12-07 03:21 . 2013-01-09 11:51        51712        ----a-w-        c:\windows\SysWow64\esrb.rs
2012-12-07 03:21 . 2013-01-09 11:51        40960        ----a-w-        c:\windows\SysWow64\cob-au.rs
2012-12-07 03:21 . 2013-01-09 11:51        15360        ----a-w-        c:\windows\SysWow64\djctq.rs
2012-11-28 18:58 . 2012-11-28 18:58        972264        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CCA90CA-3916-4274-8AB4-3BCB58578075}\gapaengine.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-12-23 618904]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2012-12-23 09:42        618904        ----a-w-        c:\users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54        2607872        ----a-w-        c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49        281760        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-12-23 618904]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2012-04-27 1073744]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2012-04-27 884816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 cpuz135;cpuz135;d:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys [2012-06-16 23816]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 18:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49        342176        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2625848&SSPV=TB_IESB21
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB DE Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=
FF - ExtSQL: 2012-12-25 16:03; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2012-12-25 16:04; {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}; c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
AddRemove-FILEminimizer Pictures_is1 - c:\fileminimizer pictures\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-25  15:23:30
ComboFix-quarantined-files.txt  2013-02-25 14:23
ComboFix2.txt  2013-02-24 22:36
.
Vor Suchlauf: 13 Verzeichnis(se), 233.622.351.872 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 233.186.643.968 Bytes frei
.
- - End Of File - - 61EF29BC930AE7C8B454D5BECC0F61DE
Die Anweisungen Suspect:: und Collect erschienen nicht und es erschien auch keine Message-Box.

cosinus 25.02.2013 16:04
Zitat:
Die Anweisungen Suspect:: und Collect erschienen nicht und es erschien auch keine Message-Box.
Das weiß ich selber, denn ich hab diese Schalter auch nicht angewiesen

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

fantie 25.02.2013 17:07
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Ultimate x64
Ran by Acer on 25.02.2013 at 16:57:34,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\iminent
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\iminentmessenger
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{977ae9cc-af83-45e8-9e03-e2798216e2d5}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{977ae9cc-af83-45e8-9e03-e2798216e2d5}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-370788336-4045942230-824405379-1000\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\iminent.webbooster.internetexplorer.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.downloadargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.linktopromoteargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.rawdataargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.tinyurlargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.virallinkargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.clientcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.contractbase
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.addtousercontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.checkloginstatuscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.cleancachecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.gameovercallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getcreditcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getinstallationcontextcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getloginstatuscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getloginstatusresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getvariablecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getvariableresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.installationcontextresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loadcontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loadcontentcommandresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.logincommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loginstatuschangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.logoutcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.mergeidentitycommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.myaccountcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.playcontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.postcontentcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.recycleviewscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.setvariablecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showbrowserwindowcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showcontrolcentercommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showpluginwindowcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.usercontentchangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.variablechangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.warmupcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.welcomecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.servercommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.serverresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.lightcontent
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.lighturi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.mediatorserviceproxy
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.activecontenthandle.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.activecontenthandler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.browserhelperobject
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.browserhelperobject.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.scriptextender
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.scriptextender.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.tinyurlhandler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.tinyurlhandler.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\482aa67ad25e6e74e9f48bd5fbe8533c
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\482aa67ad25e6e74e9f48bd5fbe8533c
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{58124a0b-dc32-4180-9bff-e0e21ae34026}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{58124a0b-dc32-4180-9bff-e0e21ae34026}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a09ab6eb-31b5-454c-97ec-9b294d92ee2a}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a09ab6eb-31b5-454c-97ec-9b294d92ee2a}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{bffed5ca-8bdf-47cc-aed0-23f4e6d77732}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\iminent"
Successfully deleted: [Folder] "C:\Users\Acer\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Acer\AppData\Roaming\iminent"
Successfully deleted: [Folder] "C:\Users\Acer\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Acer\appdata\locallow\toolbar4"
Failed to delete: [Folder] "C:\Program Files (x86)\iminent"
Successfully deleted: [Folder] "C:\Program Files (x86)\iminent toolbar"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Acer\AppData\Roaming\mozilla\firefox\profiles\ghp7knlq.default\smartbar
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\Acer\AppData\Roaming\mozilla\firefox\profiles\ghp7knlq.default\prefs.js

user_pref("CT2625848.1000082.isDisplayHidden", "true");
user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
user_pref("CT2625848.2625848a129894023611240511000000paramsGK1.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzYxNTU3MDcxMTEyLCJ1cGRhdGVSZXNwVGltZSI6MTM2MTU1NzA3MTQxMywiZGF0YSI6eyJzZXR0aW5nc
user_pref("CT2625848.CBOpenMAMSettings.enc", "MA==");
user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2625848.FirstTime", "true");
user_pref("CT2625848.FirstTimeFF3", "true");
user_pref("CT2625848.LoginRevertSettingsEnabled", true);
user_pref("CT2625848.RevertSettingsEnabled", true);
user_pref("CT2625848.SearchAppState.enc", "Mw==");
user_pref("CT2625848.SearchAppTracking.enc", "c2VudA==");
user_pref("CT2625848.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=");
user_pref("CT2625848.UserID", "UN39036004136797119");
user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2625848.autoDisableScopes", -1);
user_pref("CT2625848.browser.search.defaultthis.engineName", true);
user_pref("CT2625848.cb_experience_000.enc", "Ng==");
user_pref("CT2625848.cb_firstuse0100.enc", "MQ==");
user_pref("CT2625848.cb_user_id_000.enc", "Q0I2ODY0MDAyNjQwMTVfMTM2MTU1MDc0MDAwNl9GaXJlZm94");
user_pref("CT2625848.cbcountry_001.enc", "REU=");
user_pref("CT2625848.cbfirsttime.enc", "VHVlIERlYyAyNSAyMDEyIDE2OjA0OjM0IEdNVCswMTAw");
user_pref("CT2625848.defaultSearch", "true");
user_pref("CT2625848.embeddedsData", "[{\"appId\":\"129181467799155027\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2625848.enableAlerts", "false");
user_pref("CT2625848.enableSearchFromAddressBar", "true");
user_pref("CT2625848.firstTimeDialogOpened", "true");
user_pref("CT2625848.fixPageNotFoundError", "true");
user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2625848.fixUrls", true);
user_pref("CT2625848.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc", "b3BlbnBvc2l0aW9uPW9mZnNldDo1MDs1MCxzYXZlbG9jYXRpb249MCxyZXNpemFibGU9bm8sc
user_pref("CT2625848.installId", "conduitnsisintegration");
user_pref("CT2625848.installType", "conduitnsisintegration");
user_pref("CT2625848.isCheckedStartAsHidden", true);
user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2625848.isFirstTimeToolbarLoading", "false");
user_pref("CT2625848.isNewTabEnabled", true);
user_pref("CT2625848.isPerformedSmartBarTransition", "true");
user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2625848.keyword", true);
user_pref("CT2625848.migrateAppsAndComponents", true);
user_pref("CT2625848.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://DVDVideoSoftT
user_pref("CT2625848.openThankYouPage", "false");
user_pref("CT2625848.openUninstallPage", "true");
user_pref("CT2625848.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"12\\\\/25\\\\/2012 18\\\"}\"}");
user_pref("CT2625848.price-gong.isManagedApp", "true");
user_pref("CT2625848.revertSettingsEnabled", "false");
user_pref("CT2625848.search.searchAppId", "129181467799155027");
user_pref("CT2625848.search.searchCount", "0");
user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2625848\"}");
user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTBDE.OurToolbar.com//xpi\"}");
user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB DE\"}");
user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361550107213");
user_pref("CT2625848.serviceLayer_services_appTracking_lastUpdate", "1361549868521");
user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1361549987375");
user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361550107022");
user_pref("CT2625848.serviceLayer_services_login_10.13.40.15_lastUpdate", "1361549987433");
user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361550107120");
user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1361550107010");
user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1361549986914");
user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361550107079");
user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1361557187486");
user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1361549987045");
user_pref("CT2625848.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate", "1361549868182");
user_pref("CT2625848.serviceLayer_services_userApps_lastUpdate", "1361549868196");
user_pref("CT2625848.settingsINI", true);
user_pref("CT2625848.shouldFirstTimeDialog", "false");
user_pref("CT2625848.smartbar.CTID", "CT2625848");
user_pref("CT2625848.smartbar.Uninstall", "0");
user_pref("CT2625848.smartbar.homepage", true);
user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
user_pref("CT2625848.toolbarBornServerTime", "25-12-2012");
user_pref("CT2625848.toolbarCurrentServerTime", "22-2-2013");
user_pref("CT2625848.url_history0001.enc", "aHR0cDovL3dlYm1haWwuZnJlZW5ldC5kZS9PdmVydmlldy9WaWV3L0luZGV4Izo6OmNsaWNraGFuZGxlcjo6OjEzNjE1NTc3MjU2MzgsLCxodHRwOi8vd2VibWFpbC5mcmV
user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361558045195,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI");
user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB DE Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT2625848");
user_pref("browser.search.selectedEngine", "DVDVideoSoftTB DE Customized Web Search");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=");
user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("smartbar.originalSearchAddressUrl", "");
user_pref("smartbar.originalSearchEngine", false);



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.02.2013 at 17:04:05,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
# AdwCleaner v2.113 - Datei am 25/02/2013 um 17:12:06 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzer : Acer - ACER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Acer\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : \END
Gelöscht mit Neustart : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\Users\Acer\AppData\LocalLow\CT2625848
Ordner Gelöscht : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\CT2625848
Ordner Gelöscht : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gelöscht : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\Smartbar
Ordner Gelöscht : C:\Users\Jenny\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Jenny\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\Ralph\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Ralph\AppData\Roaming\Iminent

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartBar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{63BEF061-5EFC-4753-9806-ED0573BC7C4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F7CF0E9A-D48B-4942-9537-259ED0568DF4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKU\S-1-5-21-370788336-4045942230-824405379-1004\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\prefs.js

Gelöscht : user_pref("CT2625848.1000082.isDisplayHidden", "true");
Gelöscht : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT2625848.2625848a129894023611240511000000paramsGK1.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzYxOD[...]
Gelöscht : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2625848.FirstTime", "true");
Gelöscht : user_pref("CT2625848.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2625848.LoginRevertSettingsEnabled", true);
Gelöscht : user_pref("CT2625848.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT2625848.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT262[...]
Gelöscht : user_pref("CT2625848.UserID", "UN46451971853229496");
Gelöscht : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2625848.cbfirsttime.enc", "TW9uIEZlYiAyNSAyMDEzIDE3OjA1OjI0IEdNVCswMTAw");
Gelöscht : user_pref("CT2625848.defaultSearch", "true");
Gelöscht : user_pref("CT2625848.embeddedsData", "[{\"appId\":\"129181467799155027\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2625848.enableAlerts", "false");
Gelöscht : user_pref("CT2625848.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2625848.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2625848.fixUrls", true);
Gelöscht : user_pref("CT2625848.installId", "conduitnsisintegration");
Gelöscht : user_pref("CT2625848.installType", "conduitnsisintegration");
Gelöscht : user_pref("CT2625848.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2625848.isNewTabEnabled", true);
Gelöscht : user_pref("CT2625848.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2625848.keyword", true);
Gelöscht : user_pref("CT2625848.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2625848.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Gelöscht : user_pref("CT2625848.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.openThankYouPage", "false");
Gelöscht : user_pref("CT2625848.openUninstallPage", "true");
Gelöscht : user_pref("CT2625848.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Gelöscht : user_pref("CT2625848.revertSettingsEnabled", "false");
Gelöscht : user_pref("CT2625848.search.searchAppId", "129181467799155027");
Gelöscht : user_pref("CT2625848.search.searchCount", "0");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361808558540");
Gelöscht : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1361808438730");
Gelöscht : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361808438693");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.13.40.15_lastUpdate", "1361808438735");
Gelöscht : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361808438660");
Gelöscht : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1361808438768");
Gelöscht : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1361808438255");
Gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361808438627");
Gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1361808438772");
Gelöscht : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1361808438395");
Gelöscht : user_pref("CT2625848.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Gelöscht : user_pref("CT2625848.serviceLayer_services_userApps_lastUpdate", "1361808319752");
Gelöscht : user_pref("CT2625848.settingsINI", true);
Gelöscht : user_pref("CT2625848.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2625848.smartbar.CTID", "CT2625848");
Gelöscht : user_pref("CT2625848.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2625848.smartbar.homepage", true);
Gelöscht : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
Gelöscht : user_pref("CT2625848.toolbarCurrentServerTime", "25-2-2013");
Gelöscht : user_pref("CT2625848.url_history0001.enc", "aHR0cDovL3d3dy50cm9qYW5lci1ib2FyZC5kZS9sb2dpbi5waHA/ZG89[...]
Gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB DE Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2625848");
Gelöscht : user_pref("browser.search.selectedEngine", "DVDVideoSoftTB DE Customized Web Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=[...]
Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13[...]
Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gelöscht : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Gelöscht : user_pref("smartbar.originalSearchAddressUrl", "");
Gelöscht : user_pref("smartbar.originalSearchEngine", false);

Datei : C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\eoi8z4e8.default\prefs.js

C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\eoi8z4e8.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Datei : C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\am8tx67e.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [30438 octets] - [25/02/2013 17:12:06]

########## EOF - \AdwCleaner[S1].txt - [30499 octets] ##########
Code:
# AdwCleaner v2.113 - Datei am 25/02/2013 um 17:12:06 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzer : Acer - ACER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Acer\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : \END
Gelöscht mit Neustart : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\Users\Acer\AppData\LocalLow\CT2625848
Ordner Gelöscht : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\CT2625848
Ordner Gelöscht : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gelöscht : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\Smartbar
Ordner Gelöscht : C:\Users\Jenny\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Jenny\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\Ralph\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Ralph\AppData\Roaming\Iminent

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartBar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{63BEF061-5EFC-4753-9806-ED0573BC7C4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F7CF0E9A-D48B-4942-9537-259ED0568DF4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKU\S-1-5-21-370788336-4045942230-824405379-1004\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ghp7knlq.default\prefs.js

Gelöscht : user_pref("CT2625848.1000082.isDisplayHidden", "true");
Gelöscht : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT2625848.2625848a129894023611240511000000paramsGK1.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzYxOD[...]
Gelöscht : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2625848.FirstTime", "true");
Gelöscht : user_pref("CT2625848.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2625848.LoginRevertSettingsEnabled", true);
Gelöscht : user_pref("CT2625848.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT2625848.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT262[...]
Gelöscht : user_pref("CT2625848.UserID", "UN46451971853229496");
Gelöscht : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2625848.cbfirsttime.enc", "TW9uIEZlYiAyNSAyMDEzIDE3OjA1OjI0IEdNVCswMTAw");
Gelöscht : user_pref("CT2625848.defaultSearch", "true");
Gelöscht : user_pref("CT2625848.embeddedsData", "[{\"appId\":\"129181467799155027\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2625848.enableAlerts", "false");
Gelöscht : user_pref("CT2625848.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2625848.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2625848.fixUrls", true);
Gelöscht : user_pref("CT2625848.installId", "conduitnsisintegration");
Gelöscht : user_pref("CT2625848.installType", "conduitnsisintegration");
Gelöscht : user_pref("CT2625848.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2625848.isNewTabEnabled", true);
Gelöscht : user_pref("CT2625848.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2625848.keyword", true);
Gelöscht : user_pref("CT2625848.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2625848.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Gelöscht : user_pref("CT2625848.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.openThankYouPage", "false");
Gelöscht : user_pref("CT2625848.openUninstallPage", "true");
Gelöscht : user_pref("CT2625848.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Gelöscht : user_pref("CT2625848.revertSettingsEnabled", "false");
Gelöscht : user_pref("CT2625848.search.searchAppId", "129181467799155027");
Gelöscht : user_pref("CT2625848.search.searchCount", "0");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361808558540");
Gelöscht : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1361808438730");
Gelöscht : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361808438693");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.13.40.15_lastUpdate", "1361808438735");
Gelöscht : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361808438660");
Gelöscht : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1361808438768");
Gelöscht : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1361808438255");
Gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361808438627");
Gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1361808438772");
Gelöscht : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1361808438395");
Gelöscht : user_pref("CT2625848.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Gelöscht : user_pref("CT2625848.serviceLayer_services_userApps_lastUpdate", "1361808319752");
Gelöscht : user_pref("CT2625848.settingsINI", true);
Gelöscht : user_pref("CT2625848.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2625848.smartbar.CTID", "CT2625848");
Gelöscht : user_pref("CT2625848.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2625848.smartbar.homepage", true);
Gelöscht : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
Gelöscht : user_pref("CT2625848.toolbarCurrentServerTime", "25-2-2013");
Gelöscht : user_pref("CT2625848.url_history0001.enc", "aHR0cDovL3d3dy50cm9qYW5lci1ib2FyZC5kZS9sb2dpbi5waHA/ZG89[...]
Gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB DE Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2625848");
Gelöscht : user_pref("browser.search.selectedEngine", "DVDVideoSoftTB DE Customized Web Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=[...]
Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13[...]
Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gelöscht : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Gelöscht : user_pref("smartbar.originalSearchAddressUrl", "");
Gelöscht : user_pref("smartbar.originalSearchEngine", false);

Datei : C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\eoi8z4e8.default\prefs.js

C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\eoi8z4e8.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Datei : C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\am8tx67e.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [30438 octets] - [25/02/2013 17:12:06]

########## EOF - \AdwCleaner[S1].txt - [30499 octets] ##########

fantie 25.02.2013 17:40
Code:
OTL logfile created on: 25.02.2013 17:29:25 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jenny\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 60,08% Memory free
6,37 Gb Paging File | 4,96 Gb Available in Paging File | 77,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 217,22 Gb Free Space | 74,05% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jenny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (cpuz135) -- D:\treiber und software\pc-wizard_2012.2.0\pcwiz_x64.sys (CPUID)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 58 79 58 C7 4B CD 01  [binary data]
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=homepage
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1005\..\SearchScopes,DefaultScope =
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.13.40.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.23 00:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.19 12:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2013.02.25 17:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\ghp7knlq.default\extensions
[2013.02.25 17:05:37 | 000,001,064 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\mozilla\firefox\profiles\ghp7knlq.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2013.02.23 00:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GHP7KNLQ.DEFAULT\EXTENSIONS\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
[2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.02.25 15:21:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Acer\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found
O3 - HKU\S-1-5-21-370788336-4045942230-824405379-1004\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1000..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - HKU\S-1-5-21-370788336-4045942230-824405379-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-370788336-4045942230-824405379-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-370788336-4045942230-824405379-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{342748DA-103B-4BD7-9A8D-3A3A35BED687}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0DF9C30-4BA1-41D0-A66F-25C127C5BBFF}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.25 16:57:32 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.25 16:57:26 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.25 16:52:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.25 15:23:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.25 15:23:31 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\temp
[2013.02.24 22:55:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.24 22:55:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.24 22:55:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.24 22:55:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.24 22:55:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.23 03:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.23 03:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013.02.23 03:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013.02.23 03:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013.02.23 01:48:46 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\ElevatedDiagnostics
[2013.02.23 00:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.23 00:27:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.22 17:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.22 17:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.22 17:25:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.22 17:25:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.18 19:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.18 19:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.18 19:55:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.14 16:40:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 16:40:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 16:40:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 16:40:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 16:40:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 16:40:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 16:40:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 16:40:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 16:40:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 16:40:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 16:40:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 16:40:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 16:40:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 16:40:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 16:40:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.14 15:53:43 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 15:53:41 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.14 15:53:41 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.14 15:53:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.14 15:53:33 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.14 15:53:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.14 15:53:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.14 15:53:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.14 15:53:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.14 15:53:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.14 15:53:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.14 15:53:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.14 15:53:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.14 15:53:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 15:53:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.14 15:53:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 15:53:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 15:53:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.14 15:53:25 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.02.11 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.02.06 20:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.06 20:24:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:24:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:24:04 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.25 17:18:49 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.25 17:18:49 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.25 17:13:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.25 17:13:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.02.25 17:13:39 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.25 17:12:31 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.25 17:08:49 | 000,594,019 | ---- | M] () -- C:\Users\Acer\Desktop\adwcleaner.exe
[2013.02.25 15:21:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.24 23:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.24 11:14:20 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.24 11:14:20 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.24 11:14:20 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.24 11:14:20 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.24 11:14:20 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.23 15:57:37 | 000,000,512 | ---- | M] () -- C:\Users\Acer\Documents\MBR.dat
[2013.02.23 12:45:27 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer 2011.lnk
[2013.02.23 03:13:40 | 000,002,200 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013.02.23 00:28:13 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.22 17:42:54 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.14 16:50:45 | 000,376,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.11 21:23:02 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.11 19:38:27 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.11 19:38:26 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.06 20:23:58 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.06 20:23:55 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 20:23:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 20:23:54 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.06 20:23:54 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2013.02.25 17:12:20 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.25 17:08:48 | 000,594,019 | ---- | C] () -- C:\Users\Acer\Desktop\adwcleaner.exe
[2013.02.24 22:55:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.24 22:55:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.24 22:55:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.24 22:55:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.24 22:55:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.23 15:57:20 | 000,000,512 | ---- | C] () -- C:\Users\Acer\Documents\MBR.dat
[2013.02.23 03:13:40 | 000,002,200 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013.02.23 00:28:13 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.23 00:28:12 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.22 17:42:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.22 17:42:54 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.06.17 17:04:16 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.17 12:45:41 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.06.17 12:45:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.11 19:34:32 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoft
[2012.06.16 16:54:55 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Foxit Software
[2012.08.15 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Lexware
[2012.06.16 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\MAGIX
[2012.06.16 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OpenOffice.org
[2012.07.05 13:04:27 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\PhotoScape
[2013.01.22 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoft
[2012.07.10 14:04:19 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Foxit Software
[2012.08.17 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Lexware
[2012.12.03 12:31:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\MAGIX
[2012.06.17 15:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org
[2012.08.03 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PhotoScape
[2012.12.25 16:11:14 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DVDVideoSoft
[2013.02.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FILEminimizerPictures
[2012.07.28 14:04:23 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Foxit Software
[2012.08.16 07:49:29 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Lexware
[2012.06.20 21:01:07 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\MAGIX
[2012.06.17 14:06:15 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\OpenOffice.org
[2012.08.07 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PhotoScape
 
========== Purity Check ==========
 
 

< End of report >
Code:
OTL Extras logfile created on: 25.02.2013 17:29:25 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jenny\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 60,08% Memory free
6,37 Gb Paging File | 4,96 Gb Available in Paging File | 77,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 217,22 Gb Free Space | 74,05% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0102FE8B-254B-40D5-9D7F-FFC79D9A0423}" = lport=10243 | protocol=6 | dir=in | app=system |
"{030F8F94-1BFC-4060-B0D7-9773B22D9D9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{1B5B6CBA-3A90-4582-9089-F332C8F7FB5E}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F2191F4-8B8C-40A1-BDD4-D0210C5644B1}" = lport=139 | protocol=6 | dir=in | app=system |
"{1FE81CE1-7D45-4863-977E-4F56A59BD922}" = rport=138 | protocol=17 | dir=out | app=system |
"{23343BD9-7F28-4BD8-9B71-2DA5DF98FC99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C4D9537-42B2-41A0-A540-F00B0D478D8B}" = rport=139 | protocol=6 | dir=out | app=system |
"{45D77A20-079E-4CFF-95E3-F6D531B2357A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{546471DB-116B-43F9-8C9A-163D9F3AA182}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7567F652-9642-4F0D-A27E-2117E02113AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{76D5E7E9-1522-4AE1-92CB-1100F719D8E1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{843E6327-1BF1-4E4C-8F24-243078861A89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9443823F-99D8-4B01-9AF7-2EA257236E53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD60B028-B1C7-4E0C-8499-0745BF8593DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE666B1D-2997-4481-86C3-5BB39A866F68}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E10A967C-2CAA-4ED0-B532-69ABC9164691}" = rport=445 | protocol=6 | dir=out | app=system |
"{E31E9FBF-DC08-4056-A755-048C26749213}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E48E4404-CA9B-4B50-82FB-643DEE564E48}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC738DD2-8E7D-4443-A517-AC4466EA61AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB9D9FA6-1CB2-4F28-8A0B-927DD02375A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBF73F83-EE14-4ED0-AB08-60D4603159D8}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C929B62-EBAD-447B-9C10-8EE1ED7176DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1050FC65-D7E4-4740-96BB-F7271D20570D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{15514EFE-1234-438D-9616-022E5B0FA596}" = protocol=6 | dir=out | app=system |
"{1B8B3054-CA7B-40B5-8469-FE9BC55449CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{254870A2-465F-4720-920A-CF8CEA628189}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{385D6BCB-099E-45C4-9A3E-FC0369EF956A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40ECCEF8-F147-45C1-AAD7-8F25512F5E60}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{471EA1DA-DEB0-496E-A84D-07EF756AEE5B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4CDFB222-B31A-47B9-AF5E-9C578BE429A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D4309E0-5886-4C60-BE07-978110C24B06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5AE6AA16-D4F1-4B21-AA9A-A264CBAE9171}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{640DB87C-F0F9-4803-B308-67B4C0924A30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ECB6A22-94E7-4442-BFFD-145EDC05B7CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A7177CD-FD0E-4F8A-9752-7DD435895C44}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{8E2ED69D-9376-4CF0-AAA2-00E2E7418A7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{940ACFE7-2CCF-4EF1-9D4B-8E2DFEBE5942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0EE29E8-5CB4-4F91-9D09-B48E99E5CA72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF4876BD-911B-4FF7-BE80-47D7C62ED40B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B27E2BD6-5348-4737-82CC-B68B71C28D57}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B47FC13D-21E4-42A2-9645-D7FE79D25A78}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{BBB45D23-12FA-4993-8E08-4C2F27B488A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BEA9861C-F3C7-477A-97AA-00DE0008C104}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C551BFB8-DD01-4C9D-9975-BA57C1D86103}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFE55414-B6AD-4AD9-A7CE-9A7AD5B33B15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBAB3F01-A59E-4E15-AAEE-2181323F5650}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDDBD26D-603D-435A-B7E0-B19B67CF8562}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E70B622F-ED5E-4409-8070-9FD5C136F25D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF4A51AB-00CD-4F06-9C08-887B215F84CD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{CC4739AF-8724-4CD0-B8F5-DE4AA2DCC808}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=6 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe |
"UDP Query User{BEFDAACB-2D02-4E1F-9904-6E9D3D83D832}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=17 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE89496-456F-4689-9FFE-41AA127B70B3}" = MAGIX Music Maker Silver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D366D527-EE72-42C2-80BC-531BB30D924A}" = MAGIX Photo Manager 10
"{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011
"{E80714D0-951E-4B4F-8716-F24C9CCC27C9}" = CK Gruß- und Einladungskarten Designer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7538994-FA9A-41AC-A390-808A6E26B971}" = MAGIX Screenshare
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES v2.0.8
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.2.93
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
"MAGIX_MSI_mm17_silver" = MAGIX Music Maker Silver
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.2
"PhotoScape" = PhotoScape
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.02.2013 12:26:58 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e40    Startzeit:
01ce137445604281    Endzeit: 15    Anwendungspfad: C:\Users\Jenny\Desktop\OTL.exe    Berichts-ID:
 
 
[ System Events ]
Error - 25.02.2013 12:10:07 | Computer Name = Acer-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
Code:
OTL Extras logfile created on: 25.02.2013 17:29:25 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jenny\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 60,08% Memory free
6,37 Gb Paging File | 4,96 Gb Available in Paging File | 77,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 217,22 Gb Free Space | 74,05% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 215,70 Gb Free Space | 73,60% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0102FE8B-254B-40D5-9D7F-FFC79D9A0423}" = lport=10243 | protocol=6 | dir=in | app=system |
"{030F8F94-1BFC-4060-B0D7-9773B22D9D9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{1B5B6CBA-3A90-4582-9089-F332C8F7FB5E}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F2191F4-8B8C-40A1-BDD4-D0210C5644B1}" = lport=139 | protocol=6 | dir=in | app=system |
"{1FE81CE1-7D45-4863-977E-4F56A59BD922}" = rport=138 | protocol=17 | dir=out | app=system |
"{23343BD9-7F28-4BD8-9B71-2DA5DF98FC99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C4D9537-42B2-41A0-A540-F00B0D478D8B}" = rport=139 | protocol=6 | dir=out | app=system |
"{45D77A20-079E-4CFF-95E3-F6D531B2357A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{546471DB-116B-43F9-8C9A-163D9F3AA182}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7567F652-9642-4F0D-A27E-2117E02113AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{76D5E7E9-1522-4AE1-92CB-1100F719D8E1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{843E6327-1BF1-4E4C-8F24-243078861A89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9443823F-99D8-4B01-9AF7-2EA257236E53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD60B028-B1C7-4E0C-8499-0745BF8593DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE666B1D-2997-4481-86C3-5BB39A866F68}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E10A967C-2CAA-4ED0-B532-69ABC9164691}" = rport=445 | protocol=6 | dir=out | app=system |
"{E31E9FBF-DC08-4056-A755-048C26749213}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E48E4404-CA9B-4B50-82FB-643DEE564E48}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC738DD2-8E7D-4443-A517-AC4466EA61AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB9D9FA6-1CB2-4F28-8A0B-927DD02375A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBF73F83-EE14-4ED0-AB08-60D4603159D8}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C929B62-EBAD-447B-9C10-8EE1ED7176DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1050FC65-D7E4-4740-96BB-F7271D20570D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{15514EFE-1234-438D-9616-022E5B0FA596}" = protocol=6 | dir=out | app=system |
"{1B8B3054-CA7B-40B5-8469-FE9BC55449CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{254870A2-465F-4720-920A-CF8CEA628189}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{385D6BCB-099E-45C4-9A3E-FC0369EF956A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40ECCEF8-F147-45C1-AAD7-8F25512F5E60}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{471EA1DA-DEB0-496E-A84D-07EF756AEE5B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4CDFB222-B31A-47B9-AF5E-9C578BE429A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D4309E0-5886-4C60-BE07-978110C24B06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5AE6AA16-D4F1-4B21-AA9A-A264CBAE9171}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{640DB87C-F0F9-4803-B308-67B4C0924A30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ECB6A22-94E7-4442-BFFD-145EDC05B7CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A7177CD-FD0E-4F8A-9752-7DD435895C44}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{8E2ED69D-9376-4CF0-AAA2-00E2E7418A7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{940ACFE7-2CCF-4EF1-9D4B-8E2DFEBE5942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0EE29E8-5CB4-4F91-9D09-B48E99E5CA72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF4876BD-911B-4FF7-BE80-47D7C62ED40B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B27E2BD6-5348-4737-82CC-B68B71C28D57}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B47FC13D-21E4-42A2-9645-D7FE79D25A78}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{BBB45D23-12FA-4993-8E08-4C2F27B488A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BEA9861C-F3C7-477A-97AA-00DE0008C104}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C551BFB8-DD01-4C9D-9975-BA57C1D86103}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFE55414-B6AD-4AD9-A7CE-9A7AD5B33B15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBAB3F01-A59E-4E15-AAEE-2181323F5650}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDDBD26D-603D-435A-B7E0-B19B67CF8562}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E70B622F-ED5E-4409-8070-9FD5C136F25D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF4A51AB-00CD-4F06-9C08-887B215F84CD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{CC4739AF-8724-4CD0-B8F5-DE4AA2DCC808}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=6 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe |
"UDP Query User{BEFDAACB-2D02-4E1F-9904-6E9D3D83D832}C:\users\ralph\appdata\roaming\kuev\hyemo.exe" = protocol=17 | dir=in | app=c:\users\ralph\appdata\roaming\kuev\hyemo.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE89496-456F-4689-9FFE-41AA127B70B3}" = MAGIX Music Maker Silver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D366D527-EE72-42C2-80BC-531BB30D924A}" = MAGIX Photo Manager 10
"{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011
"{E80714D0-951E-4B4F-8716-F24C9CCC27C9}" = CK Gruß- und Einladungskarten Designer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7538994-FA9A-41AC-A390-808A6E26B971}" = MAGIX Screenshare
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES v2.0.8
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.2.93
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
"MAGIX_MSI_mm17_silver" = MAGIX Music Maker Silver
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.2
"PhotoScape" = PhotoScape
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-370788336-4045942230-824405379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.02.2013 12:26:58 | Computer Name = Acer-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e40    Startzeit:
01ce137445604281    Endzeit: 15    Anwendungspfad: C:\Users\Jenny\Desktop\OTL.exe    Berichts-ID:
 
 
[ System Events ]
Error - 25.02.2013 12:10:07 | Computer Name = Acer-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

cosinus 26.02.2013 00:16

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
IE - HKU\S-1-5-21-370788336-4045942230-824405379-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=e6f5e873-ec9d-47a6-bce3-eaaef6f74c75&lcid=1031&ref=homepage
FF - user.js - File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

fantie 26.02.2013 10:55
Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-370788336-4045942230-824405379-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jenny\Desktop\cmd.bat deleted successfully.
C:\Users\Jenny\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Acer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jenny
->Temp folder emptied: 671 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8618272 bytes
->Flash cache emptied: 685 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Ralph
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 822 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 8,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 02262013_105108

cosinus 26.02.2013 11:22
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


fantie 26.02.2013 13:01
Code:
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.14.11

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Jenny :: ACER-PC [limited]

Protection: Enabled

26.02.2013 12:57:11
mbam-log-2013-02-26 (12-57-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207825
Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus 26.02.2013 13:18
Zitat:
Jenny :: ACER-PC [limited]
Warum hattest du eingeschränkte Rechte beim scannen?

fantie 26.02.2013 13:34
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c50380eb3d2a0e4ba524cf0262a46565
# engine=13243
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-26 12:21:08
# local_time=2013-02-26 01:21:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 304733 114286939 0 0
# scanned=31368
# found=0
# cleaned=0
# scan_time=802
Tut mir leid, ich kann dir deine Frage nicht beantworten, warum unter dem Benutzer Jenny eingeschränkte Rechte zum Scannen sind. Davon habe ich nun absolut keine Ahnung

cosinus 26.02.2013 13:51
Starte Malwarebytes bitte per Rechtsklick => als Administrator ausführen
und wiederhol den Quickscan

fantie 26.02.2013 13:52
Wenn es wichtig ist, können wir das irgendwie zusammen rausbekommen?

Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.26.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Acer :: ACER-PC [Administrator]

Schutz: Deaktiviert

26.02.2013 13:59:32
mbam-log-2013-02-26 (13-59-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 274097
Laufzeit: 1 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 26.02.2013 14:11
Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

fantie 26.02.2013 15:14
Kann von meinem Konto zwar wieder arbeiten, aber alle Dateien und Foto' s sind zerstört und haben ein ganz verrücktes Dateiformat erhalten. Kann man diese wiederherstellen? Es sind ziemlich wichtige dabei?

cosinus 26.02.2013 23:26
Zum Thema Verschlüsselungstrojaner haben wir oben extra einen Hinweis angepinnt!

Eine Entschlüsselung ist unwahrscheinlich bis unmöglich!

Zitat:
3. Bei Dateien wie locked-<DATEINAME>.<ENDUNG>.wxyz entschlüsseln:Übersicht der 8 Entschlüsselungs-Tools
ansonsten Daten retten / Daten wiederherstellen: Daten retten nach Verschlüsselungstrojaner
Wenn das keine einfache Verschlüsselung mit "locked-" im Dateinamen ist, sollte man sich um Datenrettung und nicht um Entschlüsselung kümmern!
Wenn Vista oder Win7 im Einsatz sind, den ShadowExplorer testen! Aber keine unnötige Zeit mit Entschlüsselungsversuchen verschwenden

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html

fantie 27.02.2013 09:18
Hallo cosinus, erstmal vielen dank für Deine Hilfe. Als ganz normaler PC-Benutzer hat man leider von vielen Dingen keine Ahnung, es kann ja nicht jeder PC-Nutzer auch ein PC-Spezialist sein. Daher finde ich es toll, dass es solche prima Leute wie dich gibt, die selbstlos Hilfe bieten. Wenn ich dich jetzt richtig verstanden habe, ist mein Rechner wieder clean und ohne Bedenken einsetzbar? Kann man nachvollziehen, ob eventuell ein Datenklau stattgefunden hat? Welche Maßnahmen kannst du mir empfehlen, um mich vor den Folgen eines eventuellen Datenklaues zu schützen?

cosinus 27.02.2013 11:59
Lesestoff:
Goldene Sicherheitsregeln
Halte Dich am besten grob an diese Regeln:
  1. Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
  2. Halte Windows und alle verwendeten Programme immer aktuell - unterstützen kann dich dabei Secunia PSI
  3. Führe regelmäßig Backups auf externe Medien durch
  4. Arbeite mit eingeschränkten Rechten
  5. automatische Wiedergabe von allen Laufwerken komplett deaktivieren, denn das ist ein unnötiges Sicherheitsrisiko
  6. Bei der Installation von Software möglichst darauf achten, dass die Setups aus offiziellen Quellen stammen und du bei der Installation nach Möglichkeit die benutzerdefinierte Methode wählst - dann hast du die Möglichkeit etwaigen Schrott (wie Toolbars oder sowas wie RegistryBooster) abzuwählen, welcher sonst einfach mitinstalliert wird.
  7. Bösartige bzw. ungewollte Sites von vornherein blockieren lassen mit Hilfe der MVPS Hosts File => Blocking Unwanted Parasites with a Hosts File
  8. Finger weg von: TuneUp, Registry-Cleanern aller Art, Softonic sowie illegalen Cracks/Keygens oder anderen "Tools" um ein kommerzielles Programm ohne Lizenz nutzen zu können
  9. dubiose Seiten bzw. Kinofilm-Streaming-Portale ebenfalls sein lassen, erstens handelt man sich dort schnell Malware ein oder kann in Abofallen geraten und zweitens bewegen sich diese Seiten in einer rechtlichen Grauzone.


Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

fantie 27.02.2013 13:15
Vielen Dank für die goldenen Sicherheitsregeln. Werde mir den ganzen Lesestoff reinziehen und soweit ich es verstehe, werde ich auch deine Empfehlungen umsetzen. Bitte jetzt nicht falsch verstehen, aber meine Fragen an dich sind dadurch nicht beantwortet.

cosinus 27.02.2013 13:31
Was bitte wurde nicht beantwortet?
Wenn der Rechner lt. Logs nicht wieder sauber wäre hätte ich wohl kaum zuvor geschrieben "sieht ok aus"

Was du unter Datenklau verstehst musst du mal genauer definieren

fantie 27.02.2013 14:15
Sorry, aber man hört doch immer soviel über das Ausspionieren von Bankverbindungen, Passwörtern etc. Wollte nur wissen, ob eventuell so etwas passiert sein kann. Vielleicht durch den BKA-Virus. Obwohl er erst aufgetreten ist, nachdem wir schon angefangen haben, den Computer zu überprüfen. Will einfach nur sicher gehen.

cosinus 27.02.2013 14:31
Ja natürlich kann das passiert sein!
Im Nachhinein kann man aber doch nicht heraussehen was über die Leitung gerauscht ist, oder siehst du es einem Telefon an welche Wörter per Sprache gesendet und empfangen wurden wenn kein Gespräch aufgezeichnet wurde?

Damit unautorisierte Personen keinen Zugriff auf deine Konten bekommen müssen ja auch alle Passwörter geändert werden und genau das hätte ich im letzten Schritt noch gepostet weil wir noch nicht durch sind

Also nochmal nachgefragt: Läuft das System jetzt wieder rund abgesehen von den verschlüsselten Daten?

fantie 27.02.2013 15:25
Soweit ich das einschätzen kann, ist alles wieder okay. Habe jetzt aber außer deine Anweisungen auszuführen und meine E-Mails zu checken, nichts weiter mit dem PC gemacht. Es ist mir dabei nichts ungewöhnliches aufgefallen.

cosinus 27.02.2013 15:31
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

fantie 27.02.2013 15:56
Vielen Dank!! Super!! Ich war bestimmt ein etwas anstrengender und etwas sehr begriffsstutziger Patient und daher habe ich auch noch ( für dich bestimmt eine ganz bekloppte) Frage. Sind mit Paswörter, die von Bankkonten, PayPal und eBay usw. (also alle die ich irgendwo mal im Internet angegeben habe) gemeint oder muss am Rechner auch noch was geändert werden?

cosinus 27.02.2013 16:02
Mit alle Passwörter sind wirklich ALLE auch gemeint
Alle für deinen Rechner und sämtliche Online-Konten

fantie 27.02.2013 18:42
:lach:Danke, danke, danke ich konnte alle meine Dateien mit dem ShadowExplorer retten!!👍👍😊😉


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:43 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129