Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   "Die Webseite konnte nicht aufgerufen werden" - Virus (https://www.trojaner-board.de/123882-webseite-konnte-aufgerufen-virus.html)

Galge 11.09.2012 10:11
"Die Webseite konnte nicht aufgerufen werden" - Virus
 
Hallo liebe Trojaner :)

Wurde leider opfer des o.g. Virus.
Der Bildschirm wurde plötzlich weiß mit der o.g. Fehlermeldung.
Der Taskmanager ging nur für eine sek. auf.

Ich habe danach den abgesicherten-Modus gestartet und eine Systemwiederherstellung gemacht. Danach funktionierte wieder alles.
Nur bin ich mir natürlich nicht sicher, ob der Virus jetzt wirklich weg ist.
PS: Habe [W7] 64-bit System!

defogger_disable:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:50 on 11/09/2012 (Galge)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
OTL
Code:
OTL logfile created on: 11.09.2012 10:53:20 - Run 1
OTL by OldTimer - Version 3.2.61.3    Folder = C:\Users\Galge\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,16 Gb Available Physical Memory | 76,96% Memory free
15,99 Gb Paging File | 14,08 Gb Available in Paging File | 88,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 406,95 Gb Free Space | 43,69% Space Free | Partition Type: NTFS
Drive E: | 698,54 Gb Total Space | 698,42 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: ANIMENIA | User Name: Galge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.10 17:50:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Galge\Desktop\OTL.exe
PRC - [2012.04.08 16:31:12 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.04.05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.07.15 18:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010.07.07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.27 12:41:20 | 001,137,280 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Programme\ASUS\GPU Boost Driver\GpuBoostServer.exe
PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2007.01.05 17:01:34 | 000,135,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
PRC - [2007.01.05 17:00:26 | 001,985,584 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
PRC - [2007.01.05 16:59:44 | 000,030,768 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
PRC - [2006.12.07 17:25:24 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2006.12.07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2010.06.01 10:38:40 | 000,061,440 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\flashobj.dll
MOD - [2010.02.08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.10 17:39:22 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.08.22 15:24:00 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.08 16:31:12 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.04.08 13:31:43 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.31 09:42:06 | 000,210,024 | ---- | M] (DTS) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\DTSAudioService64.exe -- (DTSAudioService)
SRV - [2011.05.04 05:18:00 | 004,137,464 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.01.05 17:00:26 | 001,985,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007.01.05 16:59:44 | 000,030,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006.12.07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006.12.07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.11.08 12:42:27 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV:64bit: - [2012.07.15 23:16:28 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.14 16:36:15 | 000,156,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.01.11 13:28:34 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.11.22 16:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2006.11.22 16:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2006.11.22 16:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2012.08.07 10:56:54 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120907.001\EX64.SYS -- (NAVEX15)
DRV - [2012.08.07 10:56:52 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120907.001\ENG64.SYS -- (NAVENG)
DRV - [2012.08.01 02:34:25 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.01 02:34:21 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010.09.16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.09.25 16:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV - [2006.11.22 16:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2006.11.22 16:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2006.11.22 16:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2004.12.30 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_ss&mntrId=b8578b06000000000000f46d0415880c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 87 08 93 80 57 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {911321B8-17F1-44c1-90A2-E92AF503F9A2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{465F315C-E442-4666-B05B-B06BC249B0DC}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{911321B8-17F1-44c1-90A2-E92AF503F9A2}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT2653012.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_ss&mntrId=b8578b06000000000000f46d0415880c"
FF - prefs.js..extensions.enabledAddons: info@maltegoetz.de:1.0.1
FF - prefs.js..extensions.enabledAddons: youtubeunblocker@unblocker.yt:0.2.0
FF - prefs.js..extensions.enabledAddons: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.0
FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.5
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.27 11:54:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 17:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.27 11:54:03 | 000,000,000 | ---D | M]
 
[2012.05.06 01:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\Extensions
[2012.08.28 10:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\Firefox\Profiles\5ywp62yf.default\extensions
[2012.08.28 10:12:03 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Galge\AppData\Roaming\mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012.08.22 15:26:54 | 000,000,000 | ---D | M] (Veoh Web Player) -- C:\Users\Galge\AppData\Roaming\mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2012.05.12 16:36:28 | 000,011,691 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\info@maltegoetz.de.xpi
[2012.05.12 16:49:17 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.07.21 00:47:06 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.08.25 23:23:23 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.05.12 16:49:17 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012.07.19 02:37:30 | 000,000,923 | ---- | M] () -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\searchplugins\conduit.xml
[2012.09.10 17:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.10 17:39:23 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.10 17:39:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 17:39:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.10 17:39:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.10 17:39:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.10 17:39:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.10 17:39:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2B0230-7DC0-4D8D-AA98-B3F49FC4EF4B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.10 17:50:48 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Galge\Desktop\OTL.exe
[2012.09.10 17:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.10 16:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.10 16:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.09.10 15:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\eenmqodvcsibfds
[2012.09.08 23:01:19 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\hybrid
[2012.09.08 22:45:20 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\HandBrake
[2012.09.08 22:45:12 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012.09.08 22:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2012.09.08 22:30:59 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\avidemux
[2012.09.04 03:08:38 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.09.04 03:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galge
[2012.09.04 03:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.09.02 18:13:47 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Local\LogMeIn Hamachi
[2012.08.26 04:44:07 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Local\Chromium
[2012.08.26 04:08:41 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\HpUpdate
[2012.08.26 04:08:34 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012.08.25 23:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge
[2012.08.25 23:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge
[2012.08.23 15:48:35 | 000,000,000 | R--D | C] -- C:\Users\Galge\Desktop\Techno
[2012.08.13 00:51:40 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Local\Deployment
[2012.08.13 00:51:40 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Local\Apps
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.11 10:50:12 | 000,000,168 | ---- | M] () -- C:\Users\Galge\defogger_reenable
[2012.09.11 10:45:44 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 10:45:44 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 10:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.11 10:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.11 10:36:35 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.10 22:19:10 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.10 22:19:10 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.10 22:18:47 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.09.10 20:39:21 | 000,159,368 | ---- | M] () -- C:\Users\Galge\Desktop\Bild1.jpg
[2012.09.10 17:50:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Galge\Desktop\OTL.exe
[2012.09.10 15:33:05 | 000,000,051 | ---- | M] () -- C:\ProgramData\dkrfzxliabbagca
[2012.09.07 17:44:51 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Rappelz.lnk
[2012.08.25 23:31:17 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Aion.lnk
[2012.08.23 16:25:37 | 000,007,596 | ---- | M] () -- C:\Users\Galge\AppData\Local\Resmon.ResmonCfg
[2012.08.16 07:47:50 | 000,288,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.11 10:50:12 | 000,000,168 | ---- | C] () -- C:\Users\Galge\defogger_reenable
[2012.09.10 20:39:20 | 000,159,368 | ---- | C] () -- C:\Users\Galge\Desktop\Bild1.jpg
[2012.09.10 15:32:59 | 000,000,051 | ---- | C] () -- C:\ProgramData\dkrfzxliabbagca
[2012.08.25 23:31:17 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Aion.lnk
[2012.07.24 21:19:51 | 000,000,000 | ---- | C] () -- C:\Users\Galge\md5.exe
[2012.05.07 23:26:49 | 000,000,880 | ---- | C] () -- C:\Users\Galge\AppData\Local\recently-used.xbel
[2012.04.27 11:49:42 | 000,239,337 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.04.27 11:49:42 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2012.04.24 03:10:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.04.14 17:01:40 | 000,007,596 | ---- | C] () -- C:\Users\Galge\AppData\Local\Resmon.ResmonCfg
[2012.04.11 10:40:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.04.11 10:40:34 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.11 10:40:34 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.11 10:40:34 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.04.08 14:08:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.08 14:08:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.08 12:28:50 | 001,596,826 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.08 11:58:04 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.04.08 11:58:04 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.04.08 11:58:00 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.04.08 11:58:00 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.04.08 11:52:18 | 000,048,219 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.04.08 11:51:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.04.08 11:51:33 | 000,032,976 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.11 04:06:32 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
 
========== LOP Check ==========
 
[2012.09.02 19:44:13 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\.minecraft
[2012.09.08 22:32:49 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\avidemux
[2012.07.26 15:33:10 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Babylon
[2012.04.21 22:44:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Broad Intelligence
[2012.07.15 23:19:41 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\DAEMON Tools Lite
[2012.06.28 20:26:21 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\DisplayTune
[2012.07.09 17:22:18 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\GameRanger
[2012.09.08 22:49:25 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\HandBrake
[2012.09.08 23:01:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\hybrid
[2012.04.08 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Leadertech
[2012.08.04 10:55:21 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\libimobiledevice
[2012.08.04 10:55:15 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\log
[2012.08.04 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Mp3tag
[2012.06.19 11:28:04 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Music Editor Free
[2012.07.20 01:11:34 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Nettalk
[2012.04.21 22:44:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\OpenCandy
[2012.04.08 12:07:42 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Opera
[2012.08.14 23:03:04 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Origin
[2012.08.26 06:52:53 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Spider Player
[2012.04.08 12:52:06 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\ts3overlay
[2012.08.05 14:29:32 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\uTorrent
[2012.08.04 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\WindSolutions
[2012.09.04 14:33:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
Extras
Code:
OTL Extras logfile created on: 11.09.2012 10:53:20 - Run 1
OTL by OldTimer - Version 3.2.61.3    Folder = C:\Users\Galge\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,16 Gb Available Physical Memory | 76,96% Memory free
15,99 Gb Paging File | 14,08 Gb Available in Paging File | 88,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 406,95 Gb Free Space | 43,69% Space Free | Partition Type: NTFS
Drive E: | 698,54 Gb Total Space | 698,42 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: ANIMENIA | User Name: Galge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F3222C5-F306-4542-91EE-1F6589F307EE}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0FFDC534-B7AE-40BF-9F35-B17DEF95D245}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1176C690-85DB-49AD-BC4A-3282C79D1D38}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{16279E64-438A-4F91-A4A4-CD48672733B7}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{1F94F356-D7BD-4D3D-926D-3DF16BB2B24B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{20228A87-F5F7-4689-953D-E111B4432D2F}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{27CBB4AA-61C6-455D-B6BF-189B99AEFB8B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2DB0DD88-64CE-4498-912A-D6BB4CE358AF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2E441FD3-D128-410D-9F20-56AC44374E61}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{358E3051-2D92-4BF8-A3EE-3C1EFD129D67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{39E6B725-47FF-4262-B4AD-1FA637102540}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{3ACE96AB-483F-4EAA-AD3A-BC2E38869811}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{3F530206-AEBD-406A-8977-F5C4C19E0C34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{45AD5039-EA84-4149-9455-0E06D5AF73FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{48A60FF7-3787-42B8-B17C-60521468E9B2}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{4A1AAAAE-6FEB-431D-AA22-AAECBCA956DC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5A37DCCD-786C-499A-94B5-4EE371081882}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B554241-71B7-4509-A494-2D5805D967B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5FC575BC-F669-406C-AA11-C5D894132189}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{66B3F2EE-DE2A-4CD1-B2A7-EC5DC11B9897}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{76B2025E-838B-4E1D-B916-31B7F4592415}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{7949C80E-32A5-49EC-BFD5-805DB82B020D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{7BCEF48E-5FDF-4D26-AE13-8F741EB6E15E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{81DF053A-43AE-405A-B1DF-D59AB6F63CED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{82185F3D-732D-4EAA-A4E5-706CEB34CC70}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{848699F7-6597-4BC7-84E7-43FD7C12D08A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8491E183-0E90-4E48-AEBF-FB987C2B28F1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{86D6F946-D617-4BEA-8F45-40AD107E860E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{8E59E82F-763E-4C64-BE82-ABFE41E57C5D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{90758BB1-5C2F-4924-8353-1DB0BB3DE621}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{92130CB9-B05F-4A49-A608-F0B1B733091F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{922FCDB3-A854-42EA-9D4C-68DE08D8ECAF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{A756B68C-C378-4FFD-9D01-2F0F274CE94D}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec antivirus\rtvscan.exe |
"{AAA348EE-45CB-480B-8C6B-469A95DB4084}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B7AC700C-C16D-4241-8282-9BC5A92E6052}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BB64BE1B-4C76-4473-B073-24D8D559E3AA}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec antivirus\rtvscan.exe |
"{BE5E8799-641E-4187-9D15-FA770DBA53EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C5EF4808-0163-40FC-80F7-37E100EBD14E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{CD89E222-240F-4E3C-88C4-34D155445DED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{D2685584-5FE5-4FDF-BC33-4CBB2132F6FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{D526E72D-DFF9-405E-8231-346CE8EE9FD0}" = protocol=6 | dir=in | app=f:\dvd-start.exe |
"{D6441769-5EBA-4025-8188-150230E0E3F2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{D74F3349-8600-4243-9886-FC642D66F3B7}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{DD4FD94E-9343-4898-99E1-D822CDC2E445}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E05A70B8-F38A-4546-B8F5-41EE499E0DCE}" = protocol=6 | dir=in | app=f:\dvd-start.exe |
"{E302DA8C-8316-40A8-824C-D257E6B57520}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{E83FCA0C-07A8-4759-B587-4BB1A87BAE69}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E93BF513-10EB-425A-83F9-1A0C127EEDC1}" = protocol=17 | dir=in | app=f:\dvd-start.exe |
"{ED8156C3-CFEC-4E91-ABA6-76CAE10C34C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EFA5F0DF-0C1D-414D-9A45-CFD2BD776084}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{EFFC3572-69B2-46D6-8DC7-CDFFFE3F7B9E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F123CD0D-AF7E-4E54-ADB6-78B0AAA8B0A5}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{F85FA162-CA56-4CC6-BB8E-55D800ECF4C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{FD7E118F-B197-4122-8EAF-509E13162DF8}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{FFB43B2F-C5EB-4CAE-9A37-F79967F0A8E2}" = protocol=17 | dir=in | app=f:\dvd-start.exe |
"TCP Query User{00EFD332-452D-4486-8C48-99C43605C4C2}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{053EA376-7A6C-42D3-9781-23D6F4708755}C:\users\galge\desktop\anwendungen\procon\procon_1.1.3.1\procon.exe" = protocol=6 | dir=in | app=c:\users\galge\desktop\anwendungen\procon\procon_1.1.3.1\procon.exe |
"TCP Query User{3C2BC8A2-28D4-40EC-AB1A-3730335AF1EF}C:\program files (x86)\liquid entertainment\battle realms\battle_realms_f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\liquid entertainment\battle realms\battle_realms_f.exe |
"TCP Query User{43975ADB-4605-4E49-B8E5-2CB6B201112A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{778E56FA-D14D-4B32-A1F6-5E84249AC69A}C:\users\galge\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\galge\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{8386B41B-B071-4C90-B7AC-F6FD45CE7EEE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{0C6207C2-0A77-4274-9401-51EA9655271A}C:\program files (x86)\liquid entertainment\battle realms\battle_realms_f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\liquid entertainment\battle realms\battle_realms_f.exe |
"UDP Query User{1BCD32EA-6895-449F-A2D7-91A69DEFC5D8}C:\users\galge\desktop\anwendungen\procon\procon_1.1.3.1\procon.exe" = protocol=17 | dir=in | app=c:\users\galge\desktop\anwendungen\procon\procon_1.1.3.1\procon.exe |
"UDP Query User{71482323-6925-4576-A646-2B2F6C8795FD}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{951F1A8D-A221-4853-8EAF-15BA6AC88BE4}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{F34DD26B-38EC-442B-85D1-64913D904931}C:\users\galge\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\galge\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{F5F179BB-1228-4E8A-B775-A6ACBA3CE358}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A8D232A5-667B-44C5-AF79-BDFADBFD013B}" = Symantec AntiVirus Win64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"ffdshow64_is1" = ffdshow x64 v1.2.4431 [2012-04-16]
"GIMP-2_is1" = GIMP 2.8.0
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"MediaCoder x64" = MediaCoder x64 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.32
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA761E6-CA51-4FF2-A552-D51638BF0595}" = Battle Realms
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"‰´–…ƒvƒ‰ƒX" = ‰´–…ƒvƒ‰ƒX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-Shutdown" = Easy-Shutdown 1.3
"ESN Sonar-0.70.4" = ESN Sonar
"FormatFactory" = FormatFactory 2.95
"Fraps" = Fraps (remove only)
"Freemake Video Downloader_is1" = Freemake Video Downloader
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Full)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"Music Editor Free" = Music Editor Free
"MyTomTom" = MyTomTom 3.1.0.530
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Nettalk_is1" = Nettalk 6.7
"Netzmanager" = Netzmanager
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.02.1578" = Opera 12.02
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Spider Player_is1" = Spider Player 2.5.3
"Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™
"Steam App 72850" = The Elder Scrolls V: Skyrim
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 2.0.1
"WinPcapInst" = WinPcap 4.1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.08.2012 16:46:53 | Computer Name = AnimeniA | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: veohwebplayer.exe, Version: 1.3.9.1000,
 Zeitstempel: 0x4fce0418  Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.7.0.0,
 Zeitstempel: 0x4dff2959  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051ae6  ID des fehlerhaften
 Prozesses: 0x924  Startzeit der fehlerhaften Anwendung: 0x01cd8239741ea904  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
Berichtskennung:
 d58f0a8c-ee2c-11e1-bf3a-f46d0415880c
 
Error - 31.08.2012 18:51:34 | Computer Name = AnimeniA | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.1.0, Zeitstempel:
 0x4f63d546  Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.1.0, Zeitstempel:
 0x4f63d546  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000016d5  ID des fehlerhaften Prozesses:
 0xf6c  Startzeit der fehlerhaften Anwendung: 0x01cd87ca8562bc5a  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Berichtskennung: 69553e92-f3be-11e1-b014-f46d0415880c
 
Error - 04.09.2012 15:06:52 | Computer Name = AnimeniA | Source = Application Hang | ID = 1002
Description = Programm DOW2.exe, Version 3.19.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 14a4    Startzeit:
 01cd8aca4236addc    Endzeit: 254    Anwendungspfad: c:\program files (x86)\steam\steamapps\common\dawn
 of war ii - retribution\DOW2.exe    Berichts-ID: 
 
Error - 04.09.2012 22:57:32 | Computer Name = AnimeniA | Source = .NET Runtime | ID = 1026
Description =
 
Error - 04.09.2012 22:57:34 | Computer Name = AnimeniA | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FreemakeVD.exe, Version: 3.0.1.0,
 Zeitstempel: 0x4f7dc213  Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.30319.1,
 Zeitstempel: 0x4ba1dbbe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000101d0  ID des fehlerhaften
 Prozesses: 0xb4c  Startzeit der fehlerhaften Anwendung: 0x01cd8b110772495d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVD.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Freemake\COM\MSVCR100.dll  Berichtskennung:
 706a434a-f705-11e1-809e-f46d0415880c
 
Error - 06.09.2012 08:28:48 | Computer Name = AnimeniA | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Rtvscan.exe, Version: 10.2.0.298,
 Zeitstempel: 0x4580ab9c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x624  Startzeit der fehlerhaften Anwendung: 0x01cd8c2b02f64b55  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 67cf5b8f-f81e-11e1-a26a-f46d0415880c
 
Error - 06.09.2012 11:06:17 | Computer Name = AnimeniA | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.50.5 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 117c    Startzeit:
 01cd8c3e67481b8c    Endzeit: 139    Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID:
 
 
Error - 07.09.2012 13:32:05 | Computer Name = AnimeniA | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.50.5 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 132c    Startzeit:
 01cd8d1e3673155d    Endzeit: 37    Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID:
 
 
Error - 07.09.2012 15:41:32 | Computer Name = AnimeniA | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.4.0.0, Zeitstempel:
 0x500530ad  Name des fehlerhaften Moduls: bf3.exe, Version: 1.4.0.0, Zeitstempel:
 0x500530ad  Ausnahmecode: 0xc0000005  Fehleroffset: 0x009c6670  ID des fehlerhaften Prozesses:
 0x1160  Startzeit der fehlerhaften Anwendung: 0x01cd8d3074e7dc1f  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Berichtskennung:
 05f02f5f-f924-11e1-b524-f46d0415880c
 
Error - 11.09.2012 04:39:21 | Computer Name = AnimeniA | Source = Symantec AntiVirus | ID = 16711685
Description =      Risiko gefunden!Risiko: Trojan.Maljava!gen23 in Datei: C:\Users\Galge\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\7f883755-503d3135
 von: Auto-Protect-Scan.  Aktion: Säubern erfolgreich : Zugriff erlaubt.  Beschreibung
 der Aktion: Die Datei wurde erfolgreich repariert.   
 
[ System Events ]
Error - 06.09.2012 08:28:57 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Symantec AntiVirus" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 06.09.2012 08:30:04 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.09.2012 08:30:04 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 06.09.2012 14:14:17 | Computer Name = AnimeniA | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?09.?2012 um 20:12:26 unerwartet heruntergefahren.
 
Error - 06.09.2012 14:18:00 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.09.2012 14:18:00 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 06.09.2012 22:28:24 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.09.2012 22:28:24 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 07.09.2012 08:29:43 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 07.09.2012 08:29:43 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
 
< End of report >
So ich hoffe, das ist richtig so!

MfG Galge

cosinus 11.09.2012 13:16
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Galge 12.09.2012 01:16
Malwarebytes Anti-Malware
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Galge :: ANIMENIA [Administrator]

11.09.2012 14:44:21
mbam-log-2012-09-11 (20-23-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 416384
Laufzeit: 1 Stunde(n), 17 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Galge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMAOPEOT\WORLD_21_target_5830[1].exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt.

(Ende)
ESET
Code:
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe        Win32/Toolbar.Zugo application

cosinus 12.09.2012 13:00
Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! Bitte nachholen falls noch nicht getan!

NICHTS voreilig aus der Quarantäne löschen!

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Galge 13.09.2012 13:02
Hallo,

ich hab ein Problem bei Malwarebytes.
Er bleibt immer hängen, wenn er den Ordner von "Symantec" (anti-Virus-Programm) durchsuchen will!

cosinus 13.09.2012 20:25
Hm, warum lief Malwarebytes denn vorher durch?
Irgendwas verändert? Abgesehen von den Signaturen. Hast du irgendwas von Norton zwischen unseren Beiträgen installiert? :wtf:

Galge 13.09.2012 23:42
Nein, es war so, man sollte ja für ESET alle Virenscanner etc. abschalten, danach hatte ich ja die Logs gepostet. Wieder alles angeschaltet, tja nur wollte dann Symantec akut nicht mehr auf Aktiv springen. Dann sollte ich ja nochmal Malwarebytes drüber laufen lassen, und da ist mir das dann aufgefallen, das der immer wieder bei Symantec hängen bleibt :/
PS: Das Anti-Virus Programm heisst nur Symantec (also nix mit Norton oder so^^)

MfG

cosinus 14.09.2012 14:29
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Galge 14.09.2012 15:05
So bitte

Code:
# AdwCleaner v2.001 - Datei am 09/14/2012 um 16:05:02 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Galge - ANIMENIA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Galge\Desktop\!-Neu-!\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Galge\AppData\Local\Temp\Uninstall.exe
Datei Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\searchplugins\Conduit.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\uTorrentBar_DE
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\Galge\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Galge\AppData\Local\Temp\CT2653012
Ordner Gefunden : C:\Users\Galge\AppData\Local\Temp\CT2851647
Ordner Gefunden : C:\Users\Galge\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Galge\AppData\LocalLow\uTorrentBar_DE
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\ConduitCommon
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\CT2653012
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\CT2851647
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\Smartbar
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gefunden : HKLM\Software\uTorrentBar_DE
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DE1A42F-CF02-4FEA-BB18-2C5AE2E728DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB41DBE5-304E-47D8-8A0E-3FAEFEBC2943}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_ss&mntrId=b8578b06000000000000f46d0415880c

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\prefs.js

Gefunden : user_pref("CT2653012.1000082.isPlayDisplay", "true");
Gefunden : user_pref("CT2653012.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gefunden : user_pref("CT2653012.2653012a129780834468347070000000paramsGK0", "{\"updateReqTime\":1342658253566,\[...]
Gefunden : user_pref("CT2653012.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2653012.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT2653012.FirstTime", "true");
Gefunden : user_pref("CT2653012.FirstTimeFF3", "true");
Gefunden : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Gefunden : user_pref("CT2653012.UserID", "UN10374448457356202");
Gefunden : user_pref("CT2653012.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT2653012.autoDisableScopes", -1);
Gefunden : user_pref("CT2653012.browser.search.defaultthis.engineName", true);
Gefunden : user_pref("CT2653012.defaultSearch", "true");
Gefunden : user_pref("CT2653012.embeddedsData", "[{\"appId\":\"129199665576658841\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT2653012.enableAlerts", "always");
Gefunden : user_pref("CT2653012.enableSearchFromAddressBar", "true");
Gefunden : user_pref("CT2653012.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT2653012.fixPageNotFoundError", "false");
Gefunden : user_pref("CT2653012.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT2653012.fixUrls", true);
Gefunden : user_pref("CT2653012.installId", "ct2653012_veoh.exe");
Gefunden : user_pref("CT2653012.installType", "ConduitNSISIntegration");
Gefunden : user_pref("CT2653012.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2653012.isNewTabEnabled", false);
Gefunden : user_pref("CT2653012.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT2653012.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2653012.keyword", false);
Gefunden : user_pref("CT2653012.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Gefunden : user_pref("CT2653012.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT2653012.openThankYouPage", "false");
Gefunden : user_pref("CT2653012.openUninstallPage", "true");
Gefunden : user_pref("CT2653012.search.searchAppId", "129199665576658841");
Gefunden : user_pref("CT2653012.search.searchCount", "0");
Gefunden : user_pref("CT2653012.searchInNewTabEnabled", "false");
Gefunden : user_pref("CT2653012.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT2653012.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Gefunden : user_pref("CT2653012.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2653012.sendUsageEnabled", "false");
Gefunden : user_pref("CT2653012.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gefunden : user_pref("CT2653012.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1342658249791");
Gefunden : user_pref("CT2653012.serviceLayer_services_appTracking_lastUpdate", "1342658252971");
Gefunden : user_pref("CT2653012.serviceLayer_services_appsMetadata_lastUpdate", "1342658249625");
Gefunden : user_pref("CT2653012.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1342658249944");
Gefunden : user_pref("CT2653012.serviceLayer_services_login_10.10.20.14_lastUpdate", "1342684871605");
Gefunden : user_pref("CT2653012.serviceLayer_services_optimizer_lastUpdate", "1342658250271");
Gefunden : user_pref("CT2653012.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1342658250499");
Gefunden : user_pref("CT2653012.serviceLayer_services_searchAPI_lastUpdate", "1342658249374");
Gefunden : user_pref("CT2653012.serviceLayer_services_serviceMap_lastUpdate", "1342658249243");
Gefunden : user_pref("CT2653012.serviceLayer_services_toolbarContextMenu_lastUpdate", "1342658249909");
Gefunden : user_pref("CT2653012.serviceLayer_services_toolbarSettings_lastUpdate", "1342684871537");
Gefunden : user_pref("CT2653012.serviceLayer_services_translation_lastUpdate", "1342658249660");
Gefunden : user_pref("CT2653012.settingsINI", true);
Gefunden : user_pref("CT2653012.shouldFirstTimeDialog", "false");
Gefunden : user_pref("CT2653012.smartbar.CTID", "CT2653012");
Gefunden : user_pref("CT2653012.smartbar.Uninstall", "0");
Gefunden : user_pref("CT2653012.smartbar.homepage", true);
Gefunden : user_pref("CT2653012.smartbar.toolbarName", "Veoh Web Player ");
Gefunden : user_pref("CT2653012.toolbarBornServerTime", "19-7-2012");
Gefunden : user_pref("CT2653012.toolbarCurrentServerTime", "19-7-2012");
Gefunden : user_pref("CT2653012.toolbarDisabled", "true");
Gefunden : user_pref("CT2653012.twitter_v1.8.0_twitter_app_open_t_f", "false");
Gefunden : user_pref("CT2851647..clientLogIsEnabled", false);
Gefunden : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2851647.CTID", "CT2851647");
Gefunden : user_pref("CT2851647.CurrentServerDate", "14-9-2012");
Gefunden : user_pref("CT2851647.DSInstall", false);
Gefunden : user_pref("CT2851647.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2851647.DialogsGetterLastCheckTime", "Thu Sep 13 2012 16:00:19 GMT+0200");
Gefunden : user_pref("CT2851647.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2851647.EMailNotifierPollDate", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CT2851647.EnableClickToSearchBox", false);
Gefunden : user_pref("CT2851647.EnableSearchHistory", false);
Gefunden : user_pref("CT2851647.EnableSearchSuggest", false);
Gefunden : user_pref("CT2851647.FeedLastCount2532783744689806690", 210);
Gefunden : user_pref("CT2851647.FeedPollDate2429156812186649977", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813040823546", "Tue May 22 2012 19:48:14 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813130095866", "Tue May 22 2012 19:48:14 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813224203613", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813230837251", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813454291735", "Tue May 22 2012 19:48:15 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813729834876", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813860870021", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156814264681793", "Tue May 22 2012 19:48:15 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156814863075366", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156815257761081", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Gefunden : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Gefunden : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Gefunden : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Gefunden : user_pref("CT2851647.FirstServerDate", "22-5-2012");
Gefunden : user_pref("CT2851647.FirstTime", true);
Gefunden : user_pref("CT2851647.FirstTimeFF3", true);
Gefunden : user_pref("CT2851647.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2851647.HPInstall", false);
Gefunden : user_pref("CT2851647.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2851647.Initialize", true);
Gefunden : user_pref("CT2851647.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2851647.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2851647.InstallationId", "fftB414.tmp.exe");
Gefunden : user_pref("CT2851647.InstallationType", "XPE");
Gefunden : user_pref("CT2851647.InstalledDate", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CT2851647.IsGrouping", false);
Gefunden : user_pref("CT2851647.IsInitSetupIni", true);
Gefunden : user_pref("CT2851647.IsMulticommunity", false);
Gefunden : user_pref("CT2851647.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2851647.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2851647.LanguagePackLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2851647.LastLogin_3.12.0.8", "Wed May 23 2012 22:30:54 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.12.2.3", "Wed May 30 2012 15:56:30 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.13.0.6", "Mon Jul 16 2012 22:41:26 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.14.1.0", "Tue Aug 28 2012 03:12:59 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.15.1.0", "Fri Sep 14 2012 15:02:08 GMT+0200");
Gefunden : user_pref("CT2851647.LatestVersion", "3.14.1.0");
Gefunden : user_pref("CT2851647.Locale", "de");
Gefunden : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2851647.MCDetectTooltipShow", false);
Gefunden : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2851647.OriginalFirstVersion", "3.12.0.8");
Gefunden : user_pref("CT2851647.RadioShrinked", "expanded");
Gefunden : user_pref("CT2851647.RadioShrinkedFromSetup", false);
Gefunden : user_pref("CT2851647.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2851647.SearchBackToDefaultEngine", false);
Gefunden : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Gefunden : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gefunden : user_pref("CT2851647.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2851647.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Gefunden : user_pref("CT2851647.ServiceMapLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.SettingsLastCheckTime", "Fri Sep 14 2012 15:02:07 GMT+0200");
Gefunden : user_pref("CT2851647.SettingsLastUpdate", "1347288122");
Gefunden : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Gefunden : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Tue May 22 2012 18:48:10 GMT+0200");
Gefunden : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1331806000");
Gefunden : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Gefunden : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2851647.UserID", "UN05995112208083486");
Gefunden : user_pref("CT2851647.WeatherNetwork", "");
Gefunden : user_pref("CT2851647.WeatherPollDate", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.WeatherUnit", "C");
Gefunden : user_pref("CT2851647.alertChannelId", "1243681");
Gefunden : user_pref("CT2851647.approveUntrustedApps", false);
Gefunden : user_pref("CT2851647.autoDisableScopes", -1);
Gefunden : user_pref("CT2851647.backendstorage.cbcountry_000", "4445");
Gefunden : user_pref("CT2851647.backendstorage.cbfirsttime", "547565204D617920323220323031322031383A34383A31332[...]
Gefunden : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Gefunden : user_pref("CT2851647.componentAlertEnabled", false);
Gefunden : user_pref("CT2851647.components.1000034", false);
Gefunden : user_pref("CT2851647.components.1000234", false);
Gefunden : user_pref("CT2851647.components.129351532245744535", false);
Gefunden : user_pref("CT2851647.components.129351532247619549", false);
Gefunden : user_pref("CT2851647.components.129351532247619550", false);
Gefunden : user_pref("CT2851647.components.129416031642500897", false);
Gefunden : user_pref("CT2851647.components.129544681622671248", false);
Gefunden : user_pref("CT2851647.components.129791456886122866", false);
Gefunden : user_pref("CT2851647.components.2532783744689806690", false);
Gefunden : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2851647.initDone", true);
Gefunden : user_pref("CT2851647.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2851647.isFirstRadioInstallation", false);
Gefunden : user_pref("CT2851647.isSearchProtectorNotifyChanges", false);
Gefunden : user_pref("CT2851647.myStuffEnabled", true);
Gefunden : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2851647.navigateToUrlOnSearch", false);
Gefunden : user_pref("CT2851647.revertSettingsEnabled", true);
Gefunden : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2851647.testingCtid", "");
Gefunden : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.usageEnabled", false);
Gefunden : user_pref("CT2851647.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"6d5[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Galge\\AppData\\Roaming\\Mozilla\\F[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Gefunden : user_pref("CommunityToolbar.globalUserId", "ea5a7b6e-dc40-464b-943c-c8fd6585e857");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 22 2012 18:48:1[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "10d037df-9c9a-406d-9300-7714fa170003");
Gefunden : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Gefunden : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Gefunden : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=1[...]
Gefunden : user_pref("Smartbar.ConduitSearchEngineList", "");
Gefunden : user_pref("Smartbar.ConduitSearchUrlList", "");
Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=NT_ss&mntr[...]
Gefunden : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_s[...]

-\\ Opera v12.2.1578.0

Datei : C:\Users\Galge\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [24537 octets] - [14/09/2012 16:05:02]

########## EOF - C:\AdwCleaner[R1].txt - [24598 octets] ##########

cosinus 14.09.2012 16:00
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Galge 14.09.2012 16:12
Einmal das 2. Suchen vor dem Löschen

Code:
# AdwCleaner v2.001 - Datei am 09/14/2012 um 17:04:05 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Galge - ANIMENIA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Galge\Desktop\!-Neu-!\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Galge\AppData\Local\Temp\Uninstall.exe
Datei Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\searchplugins\Conduit.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\uTorrentBar_DE
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\Galge\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Galge\AppData\Local\Temp\CT2653012
Ordner Gefunden : C:\Users\Galge\AppData\Local\Temp\CT2851647
Ordner Gefunden : C:\Users\Galge\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Galge\AppData\LocalLow\uTorrentBar_DE
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\ConduitCommon
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\CT2653012
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\CT2851647
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\Smartbar
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gefunden : HKLM\Software\uTorrentBar_DE
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DE1A42F-CF02-4FEA-BB18-2C5AE2E728DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB41DBE5-304E-47D8-8A0E-3FAEFEBC2943}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_ss&mntrId=b8578b06000000000000f46d0415880c

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\prefs.js

Gefunden : user_pref("CT2653012.1000082.isPlayDisplay", "true");
Gefunden : user_pref("CT2653012.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gefunden : user_pref("CT2653012.2653012a129780834468347070000000paramsGK0", "{\"updateReqTime\":1342658253566,\[...]
Gefunden : user_pref("CT2653012.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2653012.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT2653012.FirstTime", "true");
Gefunden : user_pref("CT2653012.FirstTimeFF3", "true");
Gefunden : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Gefunden : user_pref("CT2653012.UserID", "UN10374448457356202");
Gefunden : user_pref("CT2653012.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT2653012.autoDisableScopes", -1);
Gefunden : user_pref("CT2653012.browser.search.defaultthis.engineName", true);
Gefunden : user_pref("CT2653012.defaultSearch", "true");
Gefunden : user_pref("CT2653012.embeddedsData", "[{\"appId\":\"129199665576658841\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT2653012.enableAlerts", "always");
Gefunden : user_pref("CT2653012.enableSearchFromAddressBar", "true");
Gefunden : user_pref("CT2653012.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT2653012.fixPageNotFoundError", "false");
Gefunden : user_pref("CT2653012.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT2653012.fixUrls", true);
Gefunden : user_pref("CT2653012.installId", "ct2653012_veoh.exe");
Gefunden : user_pref("CT2653012.installType", "ConduitNSISIntegration");
Gefunden : user_pref("CT2653012.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2653012.isNewTabEnabled", false);
Gefunden : user_pref("CT2653012.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT2653012.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2653012.keyword", false);
Gefunden : user_pref("CT2653012.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Gefunden : user_pref("CT2653012.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT2653012.openThankYouPage", "false");
Gefunden : user_pref("CT2653012.openUninstallPage", "true");
Gefunden : user_pref("CT2653012.search.searchAppId", "129199665576658841");
Gefunden : user_pref("CT2653012.search.searchCount", "0");
Gefunden : user_pref("CT2653012.searchInNewTabEnabled", "false");
Gefunden : user_pref("CT2653012.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT2653012.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Gefunden : user_pref("CT2653012.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2653012.sendUsageEnabled", "false");
Gefunden : user_pref("CT2653012.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gefunden : user_pref("CT2653012.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1342658249791");
Gefunden : user_pref("CT2653012.serviceLayer_services_appTracking_lastUpdate", "1342658252971");
Gefunden : user_pref("CT2653012.serviceLayer_services_appsMetadata_lastUpdate", "1342658249625");
Gefunden : user_pref("CT2653012.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1342658249944");
Gefunden : user_pref("CT2653012.serviceLayer_services_login_10.10.20.14_lastUpdate", "1342684871605");
Gefunden : user_pref("CT2653012.serviceLayer_services_optimizer_lastUpdate", "1342658250271");
Gefunden : user_pref("CT2653012.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1342658250499");
Gefunden : user_pref("CT2653012.serviceLayer_services_searchAPI_lastUpdate", "1342658249374");
Gefunden : user_pref("CT2653012.serviceLayer_services_serviceMap_lastUpdate", "1342658249243");
Gefunden : user_pref("CT2653012.serviceLayer_services_toolbarContextMenu_lastUpdate", "1342658249909");
Gefunden : user_pref("CT2653012.serviceLayer_services_toolbarSettings_lastUpdate", "1342684871537");
Gefunden : user_pref("CT2653012.serviceLayer_services_translation_lastUpdate", "1342658249660");
Gefunden : user_pref("CT2653012.settingsINI", true);
Gefunden : user_pref("CT2653012.shouldFirstTimeDialog", "false");
Gefunden : user_pref("CT2653012.smartbar.CTID", "CT2653012");
Gefunden : user_pref("CT2653012.smartbar.Uninstall", "0");
Gefunden : user_pref("CT2653012.smartbar.homepage", true);
Gefunden : user_pref("CT2653012.smartbar.toolbarName", "Veoh Web Player ");
Gefunden : user_pref("CT2653012.toolbarBornServerTime", "19-7-2012");
Gefunden : user_pref("CT2653012.toolbarCurrentServerTime", "19-7-2012");
Gefunden : user_pref("CT2653012.toolbarDisabled", "true");
Gefunden : user_pref("CT2653012.twitter_v1.8.0_twitter_app_open_t_f", "false");
Gefunden : user_pref("CT2851647..clientLogIsEnabled", false);
Gefunden : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2851647.CTID", "CT2851647");
Gefunden : user_pref("CT2851647.CurrentServerDate", "14-9-2012");
Gefunden : user_pref("CT2851647.DSInstall", false);
Gefunden : user_pref("CT2851647.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2851647.DialogsGetterLastCheckTime", "Thu Sep 13 2012 16:00:19 GMT+0200");
Gefunden : user_pref("CT2851647.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2851647.EMailNotifierPollDate", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CT2851647.EnableClickToSearchBox", false);
Gefunden : user_pref("CT2851647.EnableSearchHistory", false);
Gefunden : user_pref("CT2851647.EnableSearchSuggest", false);
Gefunden : user_pref("CT2851647.FeedLastCount2532783744689806690", 210);
Gefunden : user_pref("CT2851647.FeedPollDate2429156812186649977", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813040823546", "Tue May 22 2012 19:48:14 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813130095866", "Tue May 22 2012 19:48:14 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813224203613", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813230837251", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813454291735", "Tue May 22 2012 19:48:15 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813729834876", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813860870021", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156814264681793", "Tue May 22 2012 19:48:15 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156814863075366", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156815257761081", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Gefunden : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Gefunden : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Gefunden : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Gefunden : user_pref("CT2851647.FirstServerDate", "22-5-2012");
Gefunden : user_pref("CT2851647.FirstTime", true);
Gefunden : user_pref("CT2851647.FirstTimeFF3", true);
Gefunden : user_pref("CT2851647.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2851647.HPInstall", false);
Gefunden : user_pref("CT2851647.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2851647.Initialize", true);
Gefunden : user_pref("CT2851647.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2851647.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2851647.InstallationId", "fftB414.tmp.exe");
Gefunden : user_pref("CT2851647.InstallationType", "XPE");
Gefunden : user_pref("CT2851647.InstalledDate", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CT2851647.IsGrouping", false);
Gefunden : user_pref("CT2851647.IsInitSetupIni", true);
Gefunden : user_pref("CT2851647.IsMulticommunity", false);
Gefunden : user_pref("CT2851647.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2851647.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2851647.LanguagePackLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2851647.LastLogin_3.12.0.8", "Wed May 23 2012 22:30:54 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.12.2.3", "Wed May 30 2012 15:56:30 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.13.0.6", "Mon Jul 16 2012 22:41:26 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.14.1.0", "Tue Aug 28 2012 03:12:59 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.15.1.0", "Fri Sep 14 2012 15:02:08 GMT+0200");
Gefunden : user_pref("CT2851647.LatestVersion", "3.14.1.0");
Gefunden : user_pref("CT2851647.Locale", "de");
Gefunden : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2851647.MCDetectTooltipShow", false);
Gefunden : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2851647.OriginalFirstVersion", "3.12.0.8");
Gefunden : user_pref("CT2851647.RadioShrinked", "expanded");
Gefunden : user_pref("CT2851647.RadioShrinkedFromSetup", false);
Gefunden : user_pref("CT2851647.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2851647.SearchBackToDefaultEngine", false);
Gefunden : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Gefunden : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gefunden : user_pref("CT2851647.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2851647.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Gefunden : user_pref("CT2851647.ServiceMapLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.SettingsLastCheckTime", "Fri Sep 14 2012 15:02:07 GMT+0200");
Gefunden : user_pref("CT2851647.SettingsLastUpdate", "1347288122");
Gefunden : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Gefunden : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Tue May 22 2012 18:48:10 GMT+0200");
Gefunden : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1331806000");
Gefunden : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Gefunden : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2851647.UserID", "UN05995112208083486");
Gefunden : user_pref("CT2851647.WeatherNetwork", "");
Gefunden : user_pref("CT2851647.WeatherPollDate", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.WeatherUnit", "C");
Gefunden : user_pref("CT2851647.alertChannelId", "1243681");
Gefunden : user_pref("CT2851647.approveUntrustedApps", false);
Gefunden : user_pref("CT2851647.autoDisableScopes", -1);
Gefunden : user_pref("CT2851647.backendstorage.cbcountry_000", "4445");
Gefunden : user_pref("CT2851647.backendstorage.cbfirsttime", "547565204D617920323220323031322031383A34383A31332[...]
Gefunden : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Gefunden : user_pref("CT2851647.componentAlertEnabled", false);
Gefunden : user_pref("CT2851647.components.1000034", false);
Gefunden : user_pref("CT2851647.components.1000234", false);
Gefunden : user_pref("CT2851647.components.129351532245744535", false);
Gefunden : user_pref("CT2851647.components.129351532247619549", false);
Gefunden : user_pref("CT2851647.components.129351532247619550", false);
Gefunden : user_pref("CT2851647.components.129416031642500897", false);
Gefunden : user_pref("CT2851647.components.129544681622671248", false);
Gefunden : user_pref("CT2851647.components.129791456886122866", false);
Gefunden : user_pref("CT2851647.components.2532783744689806690", false);
Gefunden : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2851647.initDone", true);
Gefunden : user_pref("CT2851647.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2851647.isFirstRadioInstallation", false);
Gefunden : user_pref("CT2851647.isSearchProtectorNotifyChanges", false);
Gefunden : user_pref("CT2851647.myStuffEnabled", true);
Gefunden : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2851647.navigateToUrlOnSearch", false);
Gefunden : user_pref("CT2851647.revertSettingsEnabled", true);
Gefunden : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2851647.testingCtid", "");
Gefunden : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.usageEnabled", false);
Gefunden : user_pref("CT2851647.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"6d5[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Galge\\AppData\\Roaming\\Mozilla\\F[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Gefunden : user_pref("CommunityToolbar.globalUserId", "ea5a7b6e-dc40-464b-943c-c8fd6585e857");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 22 2012 18:48:1[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "10d037df-9c9a-406d-9300-7714fa170003");
Gefunden : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Gefunden : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Gefunden : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=1[...]
Gefunden : user_pref("Smartbar.ConduitSearchEngineList", "");
Gefunden : user_pref("Smartbar.ConduitSearchUrlList", "");
Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=NT_ss&mntr[...]
Gefunden : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_s[...]

-\\ Opera v12.2.1578.0

Datei : C:\Users\Galge\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [24668 octets] - [14/09/2012 16:05:02]
AdwCleaner[R2].txt - [24598 octets] - [14/09/2012 17:04:05]

########## EOF - C:\AdwCleaner[R2].txt - [24659 octets] ##########
So und das nach dem Neustart:

Code:
# AdwCleaner v2.001 - Datei am 09/14/2012 um 17:04:24 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Galge - ANIMENIA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Galge\Desktop\!-Neu-!\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Galge\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\uTorrentBar_DE
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Galge\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Galge\AppData\Local\Temp\CT2653012
Ordner Gelöscht : C:\Users\Galge\AppData\Local\Temp\CT2851647
Ordner Gelöscht : C:\Users\Galge\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Galge\AppData\LocalLow\uTorrentBar_DE
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\ConduitCommon
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\CT2653012
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\CT2851647
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\Smartbar
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DE1A42F-CF02-4FEA-BB18-2C5AE2E728DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB41DBE5-304E-47D8-8A0E-3FAEFEBC2943}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_ss&mntrId=b8578b06000000000000f46d0415880c --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\prefs.js

Gelöscht : user_pref("CT2653012.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2653012.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT2653012.2653012a129780834468347070000000paramsGK0", "{\"updateReqTime\":1342658253566,\[...]
Gelöscht : user_pref("CT2653012.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2653012.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2653012.FirstTime", "true");
Gelöscht : user_pref("CT2653012.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Gelöscht : user_pref("CT2653012.UserID", "UN10374448457356202");
Gelöscht : user_pref("CT2653012.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2653012.autoDisableScopes", -1);
Gelöscht : user_pref("CT2653012.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2653012.defaultSearch", "true");
Gelöscht : user_pref("CT2653012.embeddedsData", "[{\"appId\":\"129199665576658841\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2653012.enableAlerts", "always");
Gelöscht : user_pref("CT2653012.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2653012.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2653012.fixPageNotFoundError", "false");
Gelöscht : user_pref("CT2653012.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2653012.fixUrls", true);
Gelöscht : user_pref("CT2653012.installId", "ct2653012_veoh.exe");
Gelöscht : user_pref("CT2653012.installType", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2653012.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2653012.isNewTabEnabled", false);
Gelöscht : user_pref("CT2653012.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2653012.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2653012.keyword", false);
Gelöscht : user_pref("CT2653012.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Gelöscht : user_pref("CT2653012.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2653012.openThankYouPage", "false");
Gelöscht : user_pref("CT2653012.openUninstallPage", "true");
Gelöscht : user_pref("CT2653012.search.searchAppId", "129199665576658841");
Gelöscht : user_pref("CT2653012.search.searchCount", "0");
Gelöscht : user_pref("CT2653012.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2653012.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2653012.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Gelöscht : user_pref("CT2653012.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2653012.sendUsageEnabled", "false");
Gelöscht : user_pref("CT2653012.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2653012.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1342658249791");
Gelöscht : user_pref("CT2653012.serviceLayer_services_appTracking_lastUpdate", "1342658252971");
Gelöscht : user_pref("CT2653012.serviceLayer_services_appsMetadata_lastUpdate", "1342658249625");
Gelöscht : user_pref("CT2653012.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1342658249944");
Gelöscht : user_pref("CT2653012.serviceLayer_services_login_10.10.20.14_lastUpdate", "1342684871605");
Gelöscht : user_pref("CT2653012.serviceLayer_services_optimizer_lastUpdate", "1342658250271");
Gelöscht : user_pref("CT2653012.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1342658250499");
Gelöscht : user_pref("CT2653012.serviceLayer_services_searchAPI_lastUpdate", "1342658249374");
Gelöscht : user_pref("CT2653012.serviceLayer_services_serviceMap_lastUpdate", "1342658249243");
Gelöscht : user_pref("CT2653012.serviceLayer_services_toolbarContextMenu_lastUpdate", "1342658249909");
Gelöscht : user_pref("CT2653012.serviceLayer_services_toolbarSettings_lastUpdate", "1342684871537");
Gelöscht : user_pref("CT2653012.serviceLayer_services_translation_lastUpdate", "1342658249660");
Gelöscht : user_pref("CT2653012.settingsINI", true);
Gelöscht : user_pref("CT2653012.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2653012.smartbar.CTID", "CT2653012");
Gelöscht : user_pref("CT2653012.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2653012.smartbar.homepage", true);
Gelöscht : user_pref("CT2653012.smartbar.toolbarName", "Veoh Web Player ");
Gelöscht : user_pref("CT2653012.toolbarBornServerTime", "19-7-2012");
Gelöscht : user_pref("CT2653012.toolbarCurrentServerTime", "19-7-2012");
Gelöscht : user_pref("CT2653012.toolbarDisabled", "true");
Gelöscht : user_pref("CT2653012.twitter_v1.8.0_twitter_app_open_t_f", "false");
Gelöscht : user_pref("CT2851647..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2851647.CTID", "CT2851647");
Gelöscht : user_pref("CT2851647.CurrentServerDate", "14-9-2012");
Gelöscht : user_pref("CT2851647.DSInstall", false);
Gelöscht : user_pref("CT2851647.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2851647.DialogsGetterLastCheckTime", "Thu Sep 13 2012 16:00:19 GMT+0200");
Gelöscht : user_pref("CT2851647.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2851647.EMailNotifierPollDate", "Tue May 22 2012 18:48:11 GMT+0200");
Gelöscht : user_pref("CT2851647.EnableClickToSearchBox", false);
Gelöscht : user_pref("CT2851647.EnableSearchHistory", false);
Gelöscht : user_pref("CT2851647.EnableSearchSuggest", false);
Gelöscht : user_pref("CT2851647.FeedLastCount2532783744689806690", 210);
Gelöscht : user_pref("CT2851647.FeedPollDate2429156812186649977", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813040823546", "Tue May 22 2012 19:48:14 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813130095866", "Tue May 22 2012 19:48:14 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813224203613", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813230837251", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813454291735", "Tue May 22 2012 19:48:15 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813729834876", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813860870021", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156814264681793", "Tue May 22 2012 19:48:15 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156814863075366", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156815257761081", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Gelöscht : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Gelöscht : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Gelöscht : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Gelöscht : user_pref("CT2851647.FirstServerDate", "22-5-2012");
Gelöscht : user_pref("CT2851647.FirstTime", true);
Gelöscht : user_pref("CT2851647.FirstTimeFF3", true);
Gelöscht : user_pref("CT2851647.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2851647.HPInstall", false);
Gelöscht : user_pref("CT2851647.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2851647.Initialize", true);
Gelöscht : user_pref("CT2851647.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2851647.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2851647.InstallationId", "fftB414.tmp.exe");
Gelöscht : user_pref("CT2851647.InstallationType", "XPE");
Gelöscht : user_pref("CT2851647.InstalledDate", "Tue May 22 2012 18:48:11 GMT+0200");
Gelöscht : user_pref("CT2851647.IsGrouping", false);
Gelöscht : user_pref("CT2851647.IsInitSetupIni", true);
Gelöscht : user_pref("CT2851647.IsMulticommunity", false);
Gelöscht : user_pref("CT2851647.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2851647.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2851647.LanguagePackLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gelöscht : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2851647.LastLogin_3.12.0.8", "Wed May 23 2012 22:30:54 GMT+0200");
Gelöscht : user_pref("CT2851647.LastLogin_3.12.2.3", "Wed May 30 2012 15:56:30 GMT+0200");
Gelöscht : user_pref("CT2851647.LastLogin_3.13.0.6", "Mon Jul 16 2012 22:41:26 GMT+0200");
Gelöscht : user_pref("CT2851647.LastLogin_3.14.1.0", "Tue Aug 28 2012 03:12:59 GMT+0200");
Gelöscht : user_pref("CT2851647.LastLogin_3.15.1.0", "Fri Sep 14 2012 15:02:08 GMT+0200");
Gelöscht : user_pref("CT2851647.LatestVersion", "3.14.1.0");
Gelöscht : user_pref("CT2851647.Locale", "de");
Gelöscht : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2851647.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2851647.OriginalFirstVersion", "3.12.0.8");
Gelöscht : user_pref("CT2851647.RadioShrinked", "expanded");
Gelöscht : user_pref("CT2851647.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2851647.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2851647.SearchBackToDefaultEngine", false);
Gelöscht : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Gelöscht : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gelöscht : user_pref("CT2851647.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gelöscht : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2851647.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Gelöscht : user_pref("CT2851647.ServiceMapLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gelöscht : user_pref("CT2851647.SettingsLastCheckTime", "Fri Sep 14 2012 15:02:07 GMT+0200");
Gelöscht : user_pref("CT2851647.SettingsLastUpdate", "1347288122");
Gelöscht : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Gelöscht : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Tue May 22 2012 18:48:10 GMT+0200");
Gelöscht : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1331806000");
Gelöscht : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Gelöscht : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2851647.UserID", "UN05995112208083486");
Gelöscht : user_pref("CT2851647.WeatherNetwork", "");
Gelöscht : user_pref("CT2851647.WeatherPollDate", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.WeatherUnit", "C");
Gelöscht : user_pref("CT2851647.alertChannelId", "1243681");
Gelöscht : user_pref("CT2851647.approveUntrustedApps", false);
Gelöscht : user_pref("CT2851647.autoDisableScopes", -1);
Gelöscht : user_pref("CT2851647.backendstorage.cbcountry_000", "4445");
Gelöscht : user_pref("CT2851647.backendstorage.cbfirsttime", "547565204D617920323220323031322031383A34383A31332[...]
Gelöscht : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Gelöscht : user_pref("CT2851647.componentAlertEnabled", false);
Gelöscht : user_pref("CT2851647.components.1000034", false);
Gelöscht : user_pref("CT2851647.components.1000234", false);
Gelöscht : user_pref("CT2851647.components.129351532245744535", false);
Gelöscht : user_pref("CT2851647.components.129351532247619549", false);
Gelöscht : user_pref("CT2851647.components.129351532247619550", false);
Gelöscht : user_pref("CT2851647.components.129416031642500897", false);
Gelöscht : user_pref("CT2851647.components.129544681622671248", false);
Gelöscht : user_pref("CT2851647.components.129791456886122866", false);
Gelöscht : user_pref("CT2851647.components.2532783744689806690", false);
Gelöscht : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Tue May 22 2012 18:48:11 GMT+0200");
Gelöscht : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2851647.initDone", true);
Gelöscht : user_pref("CT2851647.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2851647.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2851647.isSearchProtectorNotifyChanges", false);
Gelöscht : user_pref("CT2851647.myStuffEnabled", true);
Gelöscht : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2851647.navigateToUrlOnSearch", false);
Gelöscht : user_pref("CT2851647.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2851647.testingCtid", "");
Gelöscht : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gelöscht : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.usageEnabled", false);
Gelöscht : user_pref("CT2851647.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"6d5[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Galge\\AppData\\Roaming\\Mozilla\\F[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "ea5a7b6e-dc40-464b-943c-c8fd6585e857");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 22 2012 18:48:1[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 22 2012 18:48:11 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "10d037df-9c9a-406d-9300-7714fa170003");
Gelöscht : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=NT_ss&mntr[...]
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_s[...]

-\\ Opera v12.2.1578.0

Datei : C:\Users\Galge\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [24668 octets] - [14/09/2012 16:05:02]
AdwCleaner[R2].txt - [24729 octets] - [14/09/2012 17:04:05]
AdwCleaner[S1].txt - [25200 octets] - [14/09/2012 17:04:24]

########## EOF - C:\AdwCleaner[S1].txt - [25261 octets] ##########

cosinus 14.09.2012 21:52
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Galge 15.09.2012 02:16
1.) Also nach der Wiederherstellung funktioniert eig. alles wie so sonst, ich hab noch nichts festgestellt.

2.) Nein

3.) Nur wie gesagt war das mit Symantec!

MfG

cosinus 15.09.2012 13:49
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Galge 15.09.2012 14:53
So hier bitte:

Code:
OTL logfile created on: 15.09.2012 15:40:37 - Run 2
OTL by OldTimer - Version 3.2.61.4    Folder = C:\Users\Galge\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 71,68% Memory free
15,99 Gb Paging File | 13,99 Gb Available in Paging File | 87,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 397,36 Gb Free Space | 42,66% Space Free | Partition Type: NTFS
Drive E: | 698,54 Gb Total Space | 698,42 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: ANIMENIA | User Name: Galge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.15 15:38:30 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Galge\Desktop\OTL.exe
PRC - [2012.04.08 16:31:12 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.04.05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.07.15 18:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010.07.07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.27 12:41:20 | 001,137,280 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Programme\ASUS\GPU Boost Driver\GpuBoostServer.exe
PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2007.01.05 17:01:34 | 000,135,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
PRC - [2007.01.05 17:00:26 | 001,985,584 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
PRC - [2007.01.05 16:59:44 | 000,030,768 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
PRC - [2006.12.07 17:25:24 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2006.12.07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.06.01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2010.06.01 10:38:40 | 000,061,440 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\flashobj.dll
MOD - [2010.02.08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.10 17:39:22 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.08.22 15:24:00 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.08 16:31:12 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.04.08 13:31:43 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.31 09:42:06 | 000,210,024 | ---- | M] (DTS) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\DTSAudioService64.exe -- (DTSAudioService)
SRV - [2011.05.04 05:18:00 | 004,137,464 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.01.05 17:00:26 | 001,985,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007.01.05 16:59:44 | 000,030,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006.12.07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006.12.07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.11.08 12:42:27 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV:64bit: - [2012.07.15 23:16:28 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.14 16:36:15 | 000,156,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.01.11 13:28:34 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.11.22 16:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2006.11.22 16:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2006.11.22 16:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2012.09.06 00:50:43 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120914.002\EX64.SYS -- (NAVEX15)
DRV - [2012.09.06 00:50:41 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120914.002\ENG64.SYS -- (NAVENG)
DRV - [2012.08.01 02:34:25 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.01 02:34:21 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010.09.16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.09.25 16:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV - [2006.11.22 16:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2006.11.22 16:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2006.11.22 16:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2004.12.30 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 87 08 93 80 57 CD 01  [binary data]
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No CLSID value found
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\..\SearchScopes\{465F315C-E442-4666-B05B-B06BC249B0DC}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\..\SearchScopes\{911321B8-17F1-44c1-90A2-E92AF503F9A2}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: info@maltegoetz.de:1.0.1
FF - prefs.js..extensions.enabledAddons: youtubeunblocker@unblocker.yt:0.2.0
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.5
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.1
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.27 11:54:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 17:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.27 11:54:03 | 000,000,000 | ---D | M]
 
[2012.05.06 01:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\Extensions
[2012.09.14 17:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\Firefox\Profiles\5ywp62yf.default\extensions
[2012.05.12 16:36:28 | 000,011,691 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\info@maltegoetz.de.xpi
[2012.05.12 16:49:17 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.07.21 00:47:06 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.09.14 15:02:04 | 000,270,876 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.05.12 16:49:17 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012.09.10 17:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.10 17:39:23 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.10 17:39:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 17:39:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.10 17:39:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.10 17:39:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.10 17:39:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.10 17:39:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214310950-730897569-3731794000-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2B0230-7DC0-4D8D-AA98-B3F49FC4EF4B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - i420vfw.dll File not found
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - yv12vfw.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.15 15:38:27 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Galge\Desktop\OTL.exe
[2012.09.12 00:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.12 00:38:07 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Galge\Desktop\esetsmartinstaller_enu.exe
[2012.09.11 14:43:02 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\Malwarebytes
[2012.09.11 14:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.11 14:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.11 14:42:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.11 14:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.11 11:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012.09.11 11:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012.09.11 11:50:14 | 000,000,000 | ---D | C] -- C:\Users\Galge\Documents\Guild Wars 2
[2012.09.10 17:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.10 16:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.10 16:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.09.10 15:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\eenmqodvcsibfds
[2012.09.08 23:01:19 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\hybrid
[2012.09.08 22:45:20 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\HandBrake
[2012.09.08 22:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2012.09.08 22:30:59 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\avidemux
[2012.09.04 03:08:38 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.09.04 03:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galge
[2012.09.04 03:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.09.02 18:13:47 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Local\LogMeIn Hamachi
[2012.08.26 04:44:07 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Local\Chromium
[2012.08.26 04:08:41 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\HpUpdate
[2012.08.26 04:08:34 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012.08.25 23:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge
[2012.08.25 23:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge
[2012.08.23 15:48:35 | 000,000,000 | R--D | C] -- C:\Users\Galge\Desktop\Techno
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.15 15:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.15 15:38:30 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Galge\Desktop\OTL.exe
[2012.09.15 11:52:59 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 11:52:59 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 11:44:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.15 11:43:56 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.14 21:23:47 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.14 21:23:47 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.14 21:23:20 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.09.12 00:38:08 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Galge\Desktop\esetsmartinstaller_enu.exe
[2012.09.11 14:43:40 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.11 11:50:36 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.09.11 10:50:12 | 000,000,168 | ---- | M] () -- C:\Users\Galge\defogger_reenable
[2012.09.10 20:39:21 | 000,159,368 | ---- | M] () -- C:\Users\Galge\Desktop\Bild1.jpg
[2012.09.10 15:33:05 | 000,000,051 | ---- | M] () -- C:\ProgramData\dkrfzxliabbagca
[2012.09.07 17:44:51 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Rappelz.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.25 23:31:17 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Aion.lnk
[2012.08.23 16:25:37 | 000,007,596 | ---- | M] () -- C:\Users\Galge\AppData\Local\Resmon.ResmonCfg
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.11 14:42:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.11 11:50:36 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.09.11 10:50:12 | 000,000,168 | ---- | C] () -- C:\Users\Galge\defogger_reenable
[2012.09.10 20:39:20 | 000,159,368 | ---- | C] () -- C:\Users\Galge\Desktop\Bild1.jpg
[2012.09.10 15:32:59 | 000,000,051 | ---- | C] () -- C:\ProgramData\dkrfzxliabbagca
[2012.08.25 23:31:17 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Aion.lnk
[2012.07.24 21:19:51 | 000,000,000 | ---- | C] () -- C:\Users\Galge\md5.exe
[2012.05.07 23:26:49 | 000,000,880 | ---- | C] () -- C:\Users\Galge\AppData\Local\recently-used.xbel
[2012.04.27 11:49:42 | 000,239,337 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.04.27 11:49:42 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2012.04.24 03:10:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.04.14 17:01:40 | 000,007,596 | ---- | C] () -- C:\Users\Galge\AppData\Local\Resmon.ResmonCfg
[2012.04.11 10:40:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.04.11 10:40:34 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.11 10:40:34 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.11 10:40:34 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.04.08 14:08:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.08 14:08:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.08 12:28:50 | 001,596,826 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.08 11:58:04 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.04.08 11:58:04 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.04.08 11:58:00 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.04.08 11:58:00 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.04.08 11:52:18 | 000,048,219 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.04.08 11:51:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.04.08 11:51:33 | 000,032,976 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.11 04:06:32 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
 
========== LOP Check ==========
 
[2012.09.14 18:57:17 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\.minecraft
[2012.09.08 22:32:49 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\avidemux
[2012.04.21 22:44:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Broad Intelligence
[2012.07.15 23:19:41 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\DAEMON Tools Lite
[2012.06.28 20:26:21 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\DisplayTune
[2012.07.09 17:22:18 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\GameRanger
[2012.09.08 22:49:25 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\HandBrake
[2012.09.08 23:01:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\hybrid
[2012.04.08 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Leadertech
[2012.08.04 10:55:21 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\libimobiledevice
[2012.08.04 10:55:15 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\log
[2012.08.04 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Mp3tag
[2012.06.19 11:28:04 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Music Editor Free
[2012.07.20 01:11:34 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Nettalk
[2012.04.08 12:07:42 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Opera
[2012.08.14 23:03:04 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Origin
[2012.08.26 06:52:53 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Spider Player
[2012.04.08 12:52:06 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\ts3overlay
[2012.08.05 14:29:32 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\uTorrent
[2012.08.04 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\WindSolutions
[2012.09.04 14:33:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.14 18:57:17 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\.minecraft
[2012.04.25 09:58:42 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Adobe
[2012.07.26 04:50:09 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Apple Computer
[2012.09.08 22:32:49 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\avidemux
[2012.04.21 22:44:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Broad Intelligence
[2012.07.15 23:19:41 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\DAEMON Tools Lite
[2012.06.28 20:26:21 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\DisplayTune
[2012.09.10 23:32:38 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\dvdcss
[2012.07.09 17:22:18 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\GameRanger
[2012.09.08 22:49:25 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\HandBrake
[2012.04.27 11:55:55 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\HP
[2012.09.02 02:31:11 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\HpUpdate
[2012.09.08 23:01:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\hybrid
[2012.04.08 11:20:32 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Identities
[2012.04.08 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Leadertech
[2012.08.04 10:55:21 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\libimobiledevice
[2012.08.04 10:55:15 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\log
[2012.04.08 13:14:49 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Logishrd
[2012.04.08 13:26:45 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Logitech
[2012.04.08 12:05:20 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Macromedia
[2012.09.11 14:43:02 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Media Center Programs
[2012.04.11 10:41:16 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Media Player Classic
[2012.09.02 18:22:08 | 000,000,000 | --SD | M] -- C:\Users\Galge\AppData\Roaming\Microsoft
[2012.06.08 11:58:50 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\mIRC
[2012.05.06 01:37:49 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Mozilla
[2012.08.04 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Mp3tag
[2012.06.19 11:28:04 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Music Editor Free
[2012.07.20 01:11:34 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Nettalk
[2012.08.23 19:40:57 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\NVIDIA
[2012.04.08 12:07:42 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Opera
[2012.08.14 23:03:04 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Origin
[2012.07.10 14:37:03 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Skype
[2012.08.26 06:52:53 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Spider Player
[2012.04.08 12:52:06 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\ts3overlay
[2012.08.05 14:29:32 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\uTorrent
[2012.09.15 14:44:29 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\vlc
[2012.08.04 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\WindSolutions
[2012.04.21 22:33:25 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\WinRAR
[2012.04.27 11:54:31 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2012.08.10 20:02:10 | 001,421,024 | ---- | M] (GameRanger Technologies) -- C:\Users\Galge\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
[2012.04.08 13:23:03 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Galge\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.07.07 13:06:13 | 000,065,536 | R--- | M] () -- C:\Users\Galge\AppData\Roaming\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F8287203FA05_4196_A6DF_946113EFA737.exe
[2012.04.08 11:34:37 | 000,010,134 | R--- | M] () -- C:\Users\Galge\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2012.08.04 10:40:46 | 004,156,848 | ---- | M] (WindSolutions) -- C:\Users\Galge\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

cosinus 16.09.2012 15:40
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Files
C:\ProgramData\dkrfzxliabbagca
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Galge 16.09.2012 17:30
Ich danke dir schonmal das du dir am Sonntag, zeit für mich nimmst! :)

So hier das Log:

Code:
All processes killed
========== OTL ==========
Prefs.js: "www-proxy.t-online.de" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214310950-730897569-3731794000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
C:\ProgramData\dkrfzxliabbagca moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Galge\Desktop\cmd.bat deleted successfully.
C:\Users\Galge\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Galge
->Temp folder emptied: 3200010554 bytes
->Temporary Internet Files folder emptied: 146674767 bytes
->Java cache emptied: 775419 bytes
->FireFox cache emptied: 1164028001 bytes
->Opera cache emptied: 52299545 bytes
->Flash cache emptied: 41605 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 25222976 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 211523277 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46356772 bytes
RecycleBin emptied: 60556186 bytes
 
Total Files Cleaned = 4.680,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.4 log created on 09162012_182145

Files\Folders moved on Reboot...
C:\Users\Galge\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
MfG

cosinus 17.09.2012 09:22
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Galge 17.09.2012 12:19
Ich poste dir einfach alle Logs die er erstellt hat:

Code:
13:12:25.0972 4804  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:12:29.0023 4804  Perform update action was selected
13:12:29.0023 2852  Deinitialize success
Code:
13:12:46.0823 2488  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:12:58.0844 2488  ============================================================
13:12:58.0844 2488  Current date / time: 2012/09/17 13:12:58.0844
13:12:58.0844 2488  SystemInfo:
13:12:58.0844 2488 
13:12:58.0844 2488  OS Version: 6.1.7601 ServicePack: 1.0
13:12:58.0844 2488  Product type: Workstation
13:12:58.0844 2488  ComputerName: ANIMENIA
13:12:58.0844 2488  UserName: Galge
13:12:58.0844 2488  Windows directory: C:\Windows
13:12:58.0844 2488  System windows directory: C:\Windows
13:12:58.0844 2488  Running under WOW64
13:12:58.0844 2488  Processor architecture: Intel x64
13:12:58.0844 2488  Number of processors: 6
13:12:58.0844 2488  Page size: 0x1000
13:12:58.0844 2488  Boot type: Normal boot
13:12:58.0844 2488  ============================================================
13:13:00.0054 2488  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:13:00.0064 2488  Drive \Device\Harddisk1\DR1 - Size: 0xAEA8BD5E00 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x17A85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:13:00.0064 2488  ============================================================
13:13:00.0064 2488  \Device\Harddisk0\DR0:
13:13:00.0064 2488  MBR partitions:
13:13:00.0064 2488  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:13:00.0064 2488  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
13:13:00.0064 2488  \Device\Harddisk1\DR1:
13:13:00.0064 2488  MBR partitions:
13:13:00.0064 2488  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:13:00.0064 2488  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57512800
13:13:00.0064 2488  ============================================================
13:13:00.0074 2488  C: <-> \Device\Harddisk0\DR0\Partition2
13:13:00.0094 2488  E: <-> \Device\Harddisk1\DR1\Partition2
13:13:00.0094 2488  ============================================================
13:13:00.0094 2488  Initialize success
13:13:00.0094 2488  ============================================================
13:13:02.0174 5892  Deinitialize success
Code:
13:13:13.0595 5220  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:13:21.0646 5220  Perform update action was selected
13:13:21.0646 3312  Deinitialize success
Code:
13:13:50.0069 5148  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:13:52.0549 5148  ============================================================
13:13:52.0549 5148  Current date / time: 2012/09/17 13:13:52.0549
13:13:52.0549 5148  SystemInfo:
13:13:52.0549 5148 
13:13:52.0549 5148  OS Version: 6.1.7601 ServicePack: 1.0
13:13:52.0549 5148  Product type: Workstation
13:13:52.0549 5148  ComputerName: ANIMENIA
13:13:52.0549 5148  UserName: Galge
13:13:52.0549 5148  Windows directory: C:\Windows
13:13:52.0549 5148  System windows directory: C:\Windows
13:13:52.0549 5148  Running under WOW64
13:13:52.0549 5148  Processor architecture: Intel x64
13:13:52.0549 5148  Number of processors: 6
13:13:52.0549 5148  Page size: 0x1000
13:13:52.0549 5148  Boot type: Normal boot
13:13:52.0549 5148  ============================================================
13:13:53.0719 5148  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:13:53.0719 5148  Drive \Device\Harddisk1\DR1 - Size: 0xAEA8BD5E00 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x17A85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:13:53.0729 5148  ============================================================
13:13:53.0729 5148  \Device\Harddisk0\DR0:
13:13:53.0729 5148  MBR partitions:
13:13:53.0729 5148  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:13:53.0729 5148  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
13:13:53.0729 5148  \Device\Harddisk1\DR1:
13:13:53.0729 5148  MBR partitions:
13:13:53.0729 5148  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:13:53.0729 5148  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57512800
13:13:53.0729 5148  ============================================================
13:13:53.0739 5148  C: <-> \Device\Harddisk0\DR0\Partition2
13:13:53.0739 5148  E: <-> \Device\Harddisk1\DR1\Partition2
13:13:53.0739 5148  ============================================================
13:13:53.0739 5148  Initialize success
13:13:53.0739 5148  ============================================================
13:14:40.0677 1160  ============================================================
13:14:40.0677 1160  Scan started
13:14:40.0677 1160  Mode: Manual; SigCheck; TDLFS;
13:14:40.0677 1160  ============================================================
13:14:41.0706 1160  ================ Scan system memory ========================
13:14:41.0706 1160  System memory - ok
13:14:41.0706 1160  ================ Scan services =============================
13:14:41.0847 1160  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:14:41.0909 1160  1394ohci - ok
13:14:41.0940 1160  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:14:41.0987 1160  ACPI - ok
13:14:42.0018 1160  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
13:14:42.0112 1160  AcpiPmi - ok
13:14:42.0190 1160  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:14:42.0206 1160  AdobeARMservice - ok
13:14:42.0299 1160  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:14:42.0330 1160  AdobeFlashPlayerUpdateSvc - ok
13:14:42.0377 1160  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
13:14:42.0408 1160  adp94xx - ok
13:14:42.0424 1160  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
13:14:42.0455 1160  adpahci - ok
13:14:42.0471 1160  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
13:14:42.0471 1160  adpu320 - ok
13:14:42.0502 1160  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
13:14:42.0580 1160  AeLookupSvc - ok
13:14:42.0642 1160  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
13:14:42.0720 1160  AFD - ok
13:14:42.0736 1160  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:14:42.0752 1160  agp440 - ok
13:14:42.0767 1160  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
13:14:42.0814 1160  ALG - ok
13:14:42.0861 1160  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:14:42.0892 1160  aliide - ok
13:14:42.0939 1160  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:14:42.0954 1160  amdide - ok
13:14:42.0970 1160  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
13:14:42.0986 1160  AmdK8 - ok
13:14:43.0017 1160  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:14:43.0032 1160  AmdPPM - ok
13:14:43.0064 1160  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
13:14:43.0079 1160  amdsata - ok
13:14:43.0110 1160  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:14:43.0126 1160  amdsbs - ok
13:14:43.0126 1160  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
13:14:43.0142 1160  amdxata - ok
13:14:43.0188 1160  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
13:14:43.0391 1160  AppID - ok
13:14:43.0407 1160  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:14:43.0485 1160  AppIDSvc - ok
13:14:43.0532 1160  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
13:14:43.0594 1160  Appinfo - ok
13:14:43.0656 1160  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:14:43.0688 1160  Apple Mobile Device - ok
13:14:43.0719 1160  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
13:14:43.0734 1160  arc - ok
13:14:43.0734 1160  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:14:43.0750 1160  arcsas - ok
13:14:43.0812 1160  [ F6BDA026E4157DC4E321CA391E9D9BC6 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
13:14:43.0844 1160  AsIO - ok
13:14:43.0968 1160  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:14:44.0015 1160  aspnet_state - ok
13:14:44.0062 1160  [ 8C1FD73CC27EDD8D3344C632571C224C ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
13:14:44.0078 1160  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
13:14:44.0078 1160  AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
13:14:44.0109 1160  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:14:44.0171 1160  AsyncMac - ok
13:14:44.0202 1160  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
13:14:44.0234 1160  atapi - ok
13:14:44.0280 1160  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie        C:\Windows\system32\DRIVERS\AtiPcie.sys
13:14:44.0296 1160  AtiPcie - ok
13:14:44.0327 1160  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:14:44.0405 1160  AudioEndpointBuilder - ok
13:14:44.0421 1160  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:14:44.0452 1160  AudioSrv - ok
13:14:44.0499 1160  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:14:44.0577 1160  AxInstSV - ok
13:14:44.0592 1160  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
13:14:44.0655 1160  b06bdrv - ok
13:14:44.0686 1160  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:14:44.0717 1160  b57nd60a - ok
13:14:44.0764 1160  [ 7ED4E1D2E124AD4E6A287CF49DBC9BBA ] BCUService      C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
13:14:44.0811 1160  BCUService - ok
13:14:44.0842 1160  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:14:44.0951 1160  BDESVC - ok
13:14:44.0998 1160  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:14:45.0076 1160  Beep - ok
13:14:45.0154 1160  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
13:14:45.0232 1160  BFE - ok
13:14:45.0279 1160  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
13:14:45.0404 1160  BITS - ok
13:14:45.0419 1160  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:14:45.0466 1160  blbdrive - ok
13:14:45.0560 1160  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:14:45.0591 1160  Bonjour Service - ok
13:14:45.0622 1160  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:14:45.0684 1160  bowser - ok
13:14:45.0700 1160  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:14:45.0778 1160  BrFiltLo - ok
13:14:45.0794 1160  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:14:45.0840 1160  BrFiltUp - ok
13:14:45.0872 1160  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
13:14:45.0934 1160  Browser - ok
13:14:45.0950 1160  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
13:14:46.0012 1160  Brserid - ok
13:14:46.0028 1160  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:14:46.0059 1160  BrSerWdm - ok
13:14:46.0074 1160  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:14:46.0090 1160  BrUsbMdm - ok
13:14:46.0090 1160  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:14:46.0106 1160  BrUsbSer - ok
13:14:46.0121 1160  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:14:46.0137 1160  BTHMODEM - ok
13:14:46.0152 1160  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
13:14:46.0184 1160  bthserv - ok
13:14:46.0215 1160  [ 9E32916AE9C19A067B67188AC5388A35 ] ccEvtMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
13:14:46.0215 1160  ccEvtMgr - ok
13:14:46.0215 1160  [ 9E32916AE9C19A067B67188AC5388A35 ] ccSetMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
13:14:46.0230 1160  ccSetMgr - ok
13:14:46.0230 1160  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:14:46.0277 1160  cdfs - ok
13:14:46.0324 1160  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
13:14:46.0371 1160  cdrom - ok
13:14:46.0386 1160  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
13:14:46.0433 1160  CertPropSvc - ok
13:14:46.0449 1160  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:14:46.0464 1160  circlass - ok
13:14:46.0480 1160  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:14:46.0496 1160  CLFS - ok
13:14:46.0542 1160  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:14:46.0574 1160  clr_optimization_v2.0.50727_32 - ok
13:14:46.0605 1160  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:14:46.0620 1160  clr_optimization_v2.0.50727_64 - ok
13:14:46.0683 1160  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:14:46.0761 1160  clr_optimization_v4.0.30319_32 - ok
13:14:46.0776 1160  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:14:46.0792 1160  clr_optimization_v4.0.30319_64 - ok
13:14:46.0808 1160  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:14:46.0854 1160  CmBatt - ok
13:14:46.0886 1160  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:14:46.0901 1160  cmdide - ok
13:14:46.0948 1160  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
13:14:46.0995 1160  CNG - ok
13:14:47.0010 1160  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:14:47.0010 1160  Compbatt - ok
13:14:47.0057 1160  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:14:47.0120 1160  CompositeBus - ok
13:14:47.0120 1160  COMSysApp - ok
13:14:47.0135 1160  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
13:14:47.0151 1160  crcdisk - ok
13:14:47.0198 1160  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:14:47.0213 1160  CryptSvc - ok
13:14:47.0276 1160  [ 5228B7A738DC90A06AE4F4A7412CB1E9 ] CrystalSysInfo  C:\Program Files\MediaCoder\SysInfoX64.sys
13:14:47.0307 1160  CrystalSysInfo - ok
13:14:47.0354 1160  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:14:47.0432 1160  DcomLaunch - ok
13:14:47.0463 1160  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
13:14:47.0541 1160  defragsvc - ok
13:14:47.0588 1160  [ DEE15008CE5C2F2A4A65FBCE923DDCC2 ] DefWatch        C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
13:14:47.0603 1160  DefWatch - ok
13:14:47.0650 1160  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:14:47.0712 1160  DfsC - ok
13:14:47.0775 1160  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:14:47.0837 1160  Dhcp - ok
13:14:47.0837 1160  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:14:47.0853 1160  discache - ok
13:14:47.0884 1160  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:14:47.0884 1160  Disk - ok
13:14:47.0900 1160  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:14:47.0946 1160  Dnscache - ok
13:14:47.0993 1160  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
13:14:48.0071 1160  dot3svc - ok
13:14:48.0134 1160  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
13:14:48.0165 1160  Dot4 - ok
13:14:48.0196 1160  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print      C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:14:48.0227 1160  Dot4Print - ok
13:14:48.0243 1160  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb        C:\Windows\system32\DRIVERS\dot4usb.sys
13:14:48.0258 1160  dot4usb - ok
13:14:48.0305 1160  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
13:14:48.0368 1160  DPS - ok
13:14:48.0399 1160  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
13:14:48.0446 1160  drmkaud - ok
13:14:48.0492 1160  [ 44BB65B1D3827043978FC8E11CA7C0B4 ] DTSAudioService C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
13:14:48.0524 1160  DTSAudioService - ok
13:14:48.0555 1160  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:14:48.0570 1160  dtsoftbus01 - ok
13:14:48.0648 1160  dump_wmimmc - ok
13:14:48.0711 1160  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
13:14:48.0773 1160  DXGKrnl - ok
13:14:48.0789 1160  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
13:14:48.0820 1160  EapHost - ok
13:14:48.0914 1160  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
13:14:49.0070 1160  ebdrv - ok
13:14:49.0132 1160  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:14:49.0163 1160  eeCtrl - ok
13:14:49.0194 1160  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
13:14:49.0210 1160  EFS - ok
13:14:49.0241 1160  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
13:14:49.0319 1160  ehRecvr - ok
13:14:49.0350 1160  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
13:14:49.0397 1160  ehSched - ok
13:14:49.0413 1160  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
13:14:49.0428 1160  elxstor - ok
13:14:49.0460 1160  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:14:49.0475 1160  EraserUtilRebootDrv - ok
13:14:49.0506 1160  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:14:49.0506 1160  ErrDev - ok
13:14:49.0538 1160  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
13:14:49.0584 1160  EventSystem - ok
13:14:49.0600 1160  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
13:14:49.0631 1160  exfat - ok
13:14:49.0662 1160  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
13:14:49.0678 1160  fastfat - ok
13:14:49.0740 1160  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
13:14:49.0772 1160  Fax - ok
13:14:49.0787 1160  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
13:14:49.0803 1160  fdc - ok
13:14:49.0834 1160  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
13:14:49.0881 1160  fdPHost - ok
13:14:49.0896 1160  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:14:49.0928 1160  FDResPub - ok
13:14:49.0928 1160  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:14:49.0943 1160  FileInfo - ok
13:14:49.0943 1160  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
13:14:49.0990 1160  Filetrace - ok
13:14:50.0006 1160  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:14:50.0084 1160  flpydisk - ok
13:14:50.0130 1160  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:14:50.0162 1160  FltMgr - ok
13:14:50.0224 1160  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
13:14:50.0318 1160  FontCache - ok
13:14:50.0380 1160  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:14:50.0396 1160  FontCache3.0.0.0 - ok
13:14:50.0458 1160  [ 93B5CD0AC126BE95F65B28AF3D9542DC ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
13:14:50.0489 1160  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - warning
13:14:50.0489 1160  FreemakeVideoCapture - detected UnsignedFile.Multi.Generic (1)
13:14:50.0536 1160  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
13:14:50.0552 1160  FsDepends - ok
13:14:50.0583 1160  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:14:50.0598 1160  Fs_Rec - ok
13:14:50.0630 1160  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:14:50.0661 1160  fvevol - ok
13:14:50.0676 1160  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:14:50.0692 1160  gagp30kx - ok
13:14:50.0723 1160  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:14:50.0739 1160  GEARAspiWDM - ok
13:14:50.0786 1160  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
13:14:50.0832 1160  gpsvc - ok
13:14:50.0879 1160  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi        C:\Windows\system32\DRIVERS\hamachi.sys
13:14:50.0895 1160  hamachi - ok
13:14:51.0004 1160  [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
13:14:51.0082 1160  Hamachi2Svc - ok
13:14:51.0098 1160  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:14:51.0113 1160  hcw85cir - ok
13:14:51.0176 1160  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:14:51.0222 1160  HdAudAddService - ok
13:14:51.0238 1160  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:14:51.0285 1160  HDAudBus - ok
13:14:51.0300 1160  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
13:14:51.0332 1160  HidBatt - ok
13:14:51.0363 1160  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:14:51.0394 1160  HidBth - ok
13:14:51.0425 1160  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
13:14:51.0441 1160  HidIr - ok
13:14:51.0472 1160  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
13:14:51.0503 1160  hidserv - ok
13:14:51.0519 1160  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
13:14:51.0534 1160  HidUsb - ok
13:14:51.0566 1160  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:14:51.0581 1160  hkmsvc - ok
13:14:51.0628 1160  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:14:51.0659 1160  HomeGroupListener - ok
13:14:51.0675 1160  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:14:51.0706 1160  HomeGroupProvider - ok
13:14:51.0800 1160  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:14:51.0831 1160  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:14:51.0831 1160  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:14:51.0846 1160  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:14:51.0878 1160  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:14:51.0878 1160  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:14:51.0909 1160  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:14:51.0924 1160  HpSAMD - ok
13:14:51.0987 1160  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:14:52.0034 1160  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
13:14:52.0034 1160  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
13:14:52.0080 1160  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:14:52.0158 1160  HTTP - ok
13:14:52.0190 1160  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:14:52.0205 1160  hwpolicy - ok
13:14:52.0252 1160  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:14:52.0299 1160  i8042prt - ok
13:14:52.0346 1160  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
13:14:52.0377 1160  iaStorV - ok
13:14:52.0424 1160  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:14:52.0455 1160  idsvc - ok
13:14:52.0502 1160  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
13:14:52.0533 1160  iirsp - ok
13:14:52.0580 1160  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:14:52.0673 1160  IKEEXT - ok
13:14:52.0814 1160  [ 5F6A3EA5BD7CA861863A3A06CECC115C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:14:52.0938 1160  IntcAzAudAddService - ok
13:14:52.0954 1160  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:14:52.0954 1160  intelide - ok
13:14:52.0970 1160  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:14:53.0001 1160  intelppm - ok
13:14:53.0032 1160  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
13:14:53.0110 1160  IPBusEnum - ok
13:14:53.0141 1160  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:14:53.0172 1160  IpFilterDriver - ok
13:14:53.0204 1160  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:14:53.0282 1160  iphlpsvc - ok
13:14:53.0313 1160  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
13:14:53.0313 1160  IPMIDRV - ok
13:14:53.0328 1160  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
13:14:53.0360 1160  IPNAT - ok
13:14:53.0406 1160  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:14:53.0438 1160  iPod Service - ok
13:14:53.0438 1160  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:14:53.0516 1160  IRENUM - ok
13:14:53.0547 1160  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:14:53.0562 1160  isapnp - ok
13:14:53.0578 1160  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:14:53.0594 1160  iScsiPrt - ok
13:14:53.0640 1160  [ 4A8A242FDA43765F4F73ECDE2BA0D62A ] JRAID          C:\Windows\system32\DRIVERS\jraid.sys
13:14:53.0656 1160  JRAID - ok
13:14:53.0672 1160  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
13:14:53.0687 1160  kbdclass - ok
13:14:53.0703 1160  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:14:53.0734 1160  kbdhid - ok
13:14:53.0750 1160  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:14:53.0765 1160  KeyIso - ok
13:14:53.0796 1160  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:14:53.0812 1160  KSecDD - ok
13:14:53.0828 1160  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
13:14:53.0843 1160  KSecPkg - ok
13:14:53.0843 1160  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
13:14:53.0921 1160  ksthunk - ok
13:14:53.0952 1160  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
13:14:54.0030 1160  KtmRm - ok
13:14:54.0062 1160  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:14:54.0093 1160  LanmanServer - ok
13:14:54.0124 1160  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:14:54.0171 1160  LanmanWorkstation - ok
13:14:54.0264 1160  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ        C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:14:54.0296 1160  LBTServ - ok
13:14:54.0342 1160  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:14:54.0358 1160  LHidFilt - ok
13:14:54.0467 1160  [ 3C7FCBBC35E0A52CE9B12E9CC4F5B991 ] LiveUpdate      C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
13:14:54.0530 1160  LiveUpdate - ok
13:14:54.0561 1160  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:14:54.0592 1160  lltdio - ok
13:14:54.0623 1160  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
13:14:54.0654 1160  lltdsvc - ok
13:14:54.0686 1160  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
13:14:54.0717 1160  lmhosts - ok
13:14:54.0748 1160  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:14:54.0748 1160  LMouFilt - ok
13:14:54.0764 1160  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:14:54.0779 1160  LSI_FC - ok
13:14:54.0795 1160  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
13:14:54.0795 1160  LSI_SAS - ok
13:14:54.0795 1160  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:14:54.0810 1160  LSI_SAS2 - ok
13:14:54.0810 1160  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:14:54.0826 1160  LSI_SCSI - ok
13:14:54.0842 1160  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
13:14:54.0888 1160  luafv - ok
13:14:54.0920 1160  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
13:14:54.0951 1160  Mcx2Svc - ok
13:14:54.0966 1160  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
13:14:54.0982 1160  megasas - ok
13:14:55.0013 1160  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:14:55.0029 1160  MegaSR - ok
13:14:55.0091 1160  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
13:14:55.0122 1160  MMCSS - ok
13:14:55.0169 1160  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
13:14:55.0232 1160  Modem - ok
13:14:55.0247 1160  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
13:14:55.0294 1160  monitor - ok
13:14:55.0325 1160  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
13:14:55.0356 1160  mouclass - ok
13:14:55.0388 1160  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:14:55.0403 1160  mouhid - ok
13:14:55.0434 1160  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:14:55.0450 1160  mountmgr - ok
13:14:55.0528 1160  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:14:55.0559 1160  MozillaMaintenance - ok
13:14:55.0606 1160  [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
13:14:55.0637 1160  MpFilter - ok
13:14:55.0668 1160  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:14:55.0700 1160  mpio - ok
13:14:55.0715 1160  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:14:55.0762 1160  mpsdrv - ok
13:14:55.0809 1160  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:14:55.0887 1160  MpsSvc - ok
13:14:55.0918 1160  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:14:55.0965 1160  MRxDAV - ok
13:14:55.0996 1160  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:14:56.0027 1160  mrxsmb - ok
13:14:56.0043 1160  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:14:56.0058 1160  mrxsmb10 - ok
13:14:56.0090 1160  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:14:56.0105 1160  mrxsmb20 - ok
13:14:56.0121 1160  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:14:56.0136 1160  msahci - ok
13:14:56.0152 1160  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
13:14:56.0168 1160  msdsm - ok
13:14:56.0183 1160  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
13:14:56.0214 1160  MSDTC - ok
13:14:56.0246 1160  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:14:56.0292 1160  Msfs - ok
13:14:56.0308 1160  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
13:14:56.0355 1160  mshidkmdf - ok
13:14:56.0386 1160  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:14:56.0386 1160  msisadrv - ok
13:14:56.0417 1160  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
13:14:56.0495 1160  MSiSCSI - ok
13:14:56.0495 1160  msiserver - ok
13:14:56.0526 1160  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
13:14:56.0573 1160  MSKSSRV - ok
13:14:56.0636 1160  [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc        C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:14:56.0667 1160  MsMpSvc - ok
13:14:56.0682 1160  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:14:56.0729 1160  MSPCLOCK - ok
13:14:56.0729 1160  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
13:14:56.0760 1160  MSPQM - ok
13:14:56.0792 1160  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
13:14:56.0838 1160  MsRPC - ok
13:14:56.0854 1160  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:14:56.0870 1160  mssmbios - ok
13:14:56.0870 1160  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
13:14:56.0932 1160  MSTEE - ok
13:14:56.0932 1160  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:14:56.0948 1160  MTConfig - ok
13:14:56.0963 1160  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
13:14:56.0963 1160  MTsensor - ok
13:14:56.0994 1160  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
13:14:56.0994 1160  Mup - ok
13:14:57.0041 1160  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:14:57.0119 1160  napagent - ok
13:14:57.0150 1160  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
13:14:57.0182 1160  NativeWifiP - ok
13:14:57.0291 1160  [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120914.002\ENG64.SYS
13:14:57.0322 1160  NAVENG - ok
13:14:57.0416 1160  [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15        C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120914.002\EX64.SYS
13:14:57.0447 1160  NAVEX15 - ok
13:14:57.0509 1160  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:14:57.0572 1160  NDIS - ok
13:14:57.0587 1160  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
13:14:57.0618 1160  NdisCap - ok
13:14:57.0650 1160  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:14:57.0665 1160  NdisTapi - ok
13:14:57.0712 1160  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
13:14:57.0790 1160  Ndisuio - ok
13:14:57.0821 1160  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
13:14:57.0868 1160  NdisWan - ok
13:14:57.0899 1160  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
13:14:57.0962 1160  NDProxy - ok
13:14:58.0008 1160  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:14:58.0024 1160  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:14:58.0024 1160  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:14:58.0040 1160  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
13:14:58.0086 1160  NetBIOS - ok
13:14:58.0118 1160  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
13:14:58.0196 1160  NetBT - ok
13:14:58.0211 1160  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:14:58.0211 1160  Netlogon - ok
13:14:58.0258 1160  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:14:58.0320 1160  Netman - ok
13:14:58.0352 1160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:14:58.0383 1160  NetMsmqActivator - ok
13:14:58.0398 1160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:14:58.0414 1160  NetPipeActivator - ok
13:14:58.0414 1160  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:14:58.0461 1160  netprofm - ok
13:14:58.0461 1160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:14:58.0461 1160  NetTcpActivator - ok
13:14:58.0476 1160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:14:58.0476 1160  NetTcpPortSharing - ok
13:14:58.0586 1160  [ 70B5B4E69A07895DF30291CAB6ABDA54 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
13:14:58.0632 1160  Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
13:14:58.0632 1160  Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
13:14:58.0664 1160  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
13:14:58.0679 1160  nfrd960 - ok
13:14:58.0710 1160  [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:14:58.0710 1160  NisDrv - ok
13:14:58.0742 1160  [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
13:14:58.0742 1160  NisSrv - ok
13:14:58.0773 1160  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:14:58.0835 1160  NlaSvc - ok
13:14:58.0866 1160  [ 351533ACC2A069B94E80BBFC177E8FDF ] npf            C:\Windows\system32\drivers\npf.sys
13:14:58.0866 1160  npf - ok
13:14:58.0882 1160  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:14:58.0898 1160  Npfs - ok
13:14:58.0929 1160  npggsvc - ok
13:14:58.0929 1160  NPPTNT2 - ok
13:14:58.0944 1160  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
13:14:58.0976 1160  nsi - ok
13:14:59.0007 1160  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:14:59.0022 1160  nsiproxy - ok
13:14:59.0085 1160  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:14:59.0147 1160  Ntfs - ok
13:14:59.0163 1160  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:14:59.0210 1160  Null - ok
13:14:59.0241 1160  [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
13:14:59.0256 1160  nusb3hub - ok
13:14:59.0272 1160  [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:14:59.0288 1160  nusb3xhc - ok
13:14:59.0334 1160  [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
13:14:59.0366 1160  NVHDA - ok
13:14:59.0600 1160  [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:14:59.0880 1160  nvlddmkm - ok
13:14:59.0912 1160  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:14:59.0927 1160  nvraid - ok
13:14:59.0943 1160  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:14:59.0974 1160  nvstor - ok
13:15:00.0021 1160  [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc          C:\Windows\system32\nvvsvc.exe
13:15:00.0052 1160  nvsvc - ok
13:15:00.0114 1160  [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:15:00.0161 1160  nvUpdatusService - ok
13:15:00.0192 1160  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:15:00.0208 1160  nv_agp - ok
13:15:00.0239 1160  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:15:00.0255 1160  ohci1394 - ok
13:15:00.0302 1160  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:15:00.0302 1160  ose - ok
13:15:00.0317 1160  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:15:00.0364 1160  p2pimsvc - ok
13:15:00.0395 1160  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:15:00.0395 1160  p2psvc - ok
13:15:00.0426 1160  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
13:15:00.0442 1160  Parport - ok
13:15:00.0489 1160  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
13:15:00.0489 1160  partmgr - ok
13:15:00.0504 1160  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:15:00.0551 1160  PcaSvc - ok
13:15:00.0567 1160  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
13:15:00.0582 1160  pci - ok
13:15:00.0582 1160  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:15:00.0598 1160  pciide - ok
13:15:00.0614 1160  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:15:00.0614 1160  pcmcia - ok
13:15:00.0629 1160  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
13:15:00.0629 1160  pcw - ok
13:15:00.0660 1160  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:15:00.0692 1160  PEAUTH - ok
13:15:00.0770 1160  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:15:00.0801 1160  PerfHost - ok
13:15:00.0879 1160  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
13:15:00.0972 1160  pla - ok
13:15:01.0019 1160  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:15:01.0035 1160  PlugPlay - ok
13:15:01.0097 1160  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:15:01.0128 1160  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:15:01.0128 1160  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:15:01.0144 1160  PnkBstrA - ok
13:15:01.0160 1160  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
13:15:01.0191 1160  PNRPAutoReg - ok
13:15:01.0191 1160  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
13:15:01.0206 1160  PNRPsvc - ok
13:15:01.0238 1160  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
13:15:01.0284 1160  PolicyAgent - ok
13:15:01.0316 1160  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
13:15:01.0362 1160  Power - ok
13:15:01.0409 1160  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:15:01.0425 1160  PptpMiniport - ok
13:15:01.0440 1160  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
13:15:01.0456 1160  Processor - ok
13:15:01.0503 1160  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
13:15:01.0565 1160  ProfSvc - ok
13:15:01.0581 1160  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:15:01.0596 1160  ProtectedStorage - ok
13:15:01.0628 1160  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:15:01.0674 1160  Psched - ok
13:15:01.0706 1160  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:15:01.0737 1160  ql2300 - ok
13:15:01.0752 1160  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:15:01.0752 1160  ql40xx - ok
13:15:01.0768 1160  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
13:15:01.0784 1160  QWAVE - ok
13:15:01.0784 1160  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:15:01.0815 1160  QWAVEdrv - ok
13:15:01.0830 1160  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:15:01.0846 1160  RasAcd - ok
13:15:01.0877 1160  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
13:15:01.0893 1160  RasAgileVpn - ok
13:15:01.0908 1160  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
13:15:01.0940 1160  RasAuto - ok
13:15:01.0971 1160  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
13:15:02.0033 1160  Rasl2tp - ok
13:15:02.0080 1160  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:15:02.0127 1160  RasMan - ok
13:15:02.0158 1160  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:15:02.0174 1160  RasPppoe - ok
13:15:02.0189 1160  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
13:15:02.0220 1160  RasSstp - ok
13:15:02.0236 1160  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
13:15:02.0267 1160  rdbss - ok
13:15:02.0298 1160  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:15:02.0298 1160  rdpbus - ok
13:15:02.0298 1160  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:15:02.0345 1160  RDPCDD - ok
13:15:02.0376 1160  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:15:02.0392 1160  RDPENCDD - ok
13:15:02.0408 1160  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:15:02.0439 1160  RDPREFMP - ok
13:15:02.0486 1160  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
13:15:02.0501 1160  RDPWD - ok
13:15:02.0548 1160  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:15:02.0548 1160  rdyboost - ok
13:15:02.0579 1160  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:15:02.0657 1160  RemoteAccess - ok
13:15:02.0673 1160  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:15:02.0720 1160  RemoteRegistry - ok
13:15:02.0735 1160  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:15:02.0751 1160  RpcEptMapper - ok
13:15:02.0782 1160  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:15:02.0798 1160  RpcLocator - ok
13:15:02.0829 1160  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
13:15:02.0860 1160  RpcSs - ok
13:15:02.0876 1160  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:15:02.0907 1160  rspndr - ok
13:15:02.0969 1160  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
13:15:03.0000 1160  RTL8167 - ok
13:15:03.0016 1160  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
13:15:03.0032 1160  SamSs - ok
13:15:03.0063 1160  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:15:03.0078 1160  sbp2port - ok
13:15:03.0110 1160  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:15:03.0188 1160  SCardSvr - ok
13:15:03.0203 1160  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:15:03.0234 1160  scfilter - ok
13:15:03.0281 1160  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:15:03.0312 1160  Schedule - ok
13:15:03.0328 1160  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
13:15:03.0359 1160  SCPolicySvc - ok
13:15:03.0375 1160  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:15:03.0390 1160  SDRSVC - ok
13:15:03.0406 1160  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:15:03.0422 1160  secdrv - ok
13:15:03.0468 1160  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:15:03.0531 1160  seclogon - ok
13:15:03.0531 1160  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
13:15:03.0562 1160  SENS - ok
13:15:03.0578 1160  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:15:03.0593 1160  SensrSvc - ok
13:15:03.0624 1160  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
13:15:03.0640 1160  Serenum - ok
13:15:03.0671 1160  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:15:03.0718 1160  Serial - ok
13:15:03.0780 1160  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:15:03.0812 1160  sermouse - ok
13:15:03.0858 1160  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:15:03.0890 1160  SessionEnv - ok
13:15:03.0921 1160  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
13:15:03.0952 1160  sffdisk - ok
13:15:03.0968 1160  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:15:03.0999 1160  sffp_mmc - ok
13:15:04.0030 1160  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
13:15:04.0077 1160  sffp_sd - ok
13:15:04.0092 1160  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
13:15:04.0108 1160  sfloppy - ok
13:15:04.0139 1160  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:15:04.0186 1160  SharedAccess - ok
13:15:04.0233 1160  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:15:04.0280 1160  ShellHWDetection - ok
13:15:04.0295 1160  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:15:04.0311 1160  SiSRaid2 - ok
13:15:04.0326 1160  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:15:04.0326 1160  SiSRaid4 - ok
13:15:04.0373 1160  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
13:15:04.0404 1160  SkypeUpdate - ok
13:15:04.0420 1160  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
13:15:04.0467 1160  Smb - ok
13:15:04.0482 1160  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:15:04.0482 1160  SNMPTRAP - ok
13:15:04.0514 1160  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
13:15:04.0514 1160  spldr - ok
13:15:04.0560 1160  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler        C:\Windows\System32\spoolsv.exe
13:15:04.0576 1160  Spooler - ok
13:15:04.0670 1160  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:15:04.0748 1160  sppsvc - ok
13:15:04.0763 1160  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
13:15:04.0841 1160  sppuinotify - ok
13:15:04.0888 1160  [ C2DDF8538A868639289663004A2020C4 ] SRTSP          C:\Windows\system32\Drivers\SRTSP64.SYS
13:15:04.0904 1160  SRTSP - ok
13:15:04.0935 1160  [ BAC5F3AD735B0D1C85F48CA00A422CF9 ] SRTSPL          C:\Windows\system32\Drivers\SRTSPL64.SYS
13:15:04.0950 1160  SRTSPL ( UnsignedFile.Multi.Generic ) - warning
13:15:04.0950 1160  SRTSPL - detected UnsignedFile.Multi.Generic (1)
13:15:04.0966 1160  [ 2BC8CFCD55481B6159AE2FCD09C8A4A6 ] SRTSPX          C:\Windows\system32\Drivers\SRTSPX64.SYS
13:15:04.0966 1160  SRTSPX ( UnsignedFile.Multi.Generic ) - warning
13:15:04.0966 1160  SRTSPX - detected UnsignedFile.Multi.Generic (1)
13:15:04.0997 1160  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
13:15:05.0091 1160  srv - ok
13:15:05.0122 1160  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:15:05.0216 1160  srv2 - ok
13:15:05.0262 1160  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:15:05.0325 1160  srvnet - ok
13:15:05.0356 1160  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
13:15:05.0387 1160  SSDPSRV - ok
13:15:05.0403 1160  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
13:15:05.0418 1160  SstpSvc - ok
13:15:05.0434 1160  Steam Client Service - ok
13:15:05.0496 1160  [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:15:05.0528 1160  Stereo Service - ok
13:15:05.0543 1160  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:15:05.0559 1160  stexstor - ok
13:15:05.0590 1160  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:15:05.0621 1160  stisvc - ok
13:15:05.0652 1160  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:15:05.0684 1160  swenum - ok
13:15:05.0699 1160  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
13:15:05.0746 1160  swprv - ok
13:15:05.0824 1160  [ B758466B2788F31BC88F70A8C5DD388E ] Symantec AntiVirus C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
13:15:05.0871 1160  Symantec AntiVirus - ok
13:15:05.0886 1160  [ 6FEFA9749BFB5FD8C3A20E5C58817936 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:15:05.0902 1160  SymEvent - ok
13:15:05.0964 1160  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
13:15:06.0027 1160  SysMain - ok
13:15:06.0058 1160  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:15:06.0105 1160  TabletInputService - ok
13:15:06.0136 1160  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
13:15:06.0198 1160  TapiSrv - ok
13:15:06.0214 1160  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
13:15:06.0261 1160  TBS - ok
13:15:06.0354 1160  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
13:15:06.0432 1160  Tcpip - ok
13:15:06.0464 1160  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:15:06.0479 1160  TCPIP6 - ok
13:15:06.0510 1160  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:15:06.0588 1160  tcpipreg - ok
13:15:06.0604 1160  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:15:06.0620 1160  TDPIPE - ok
13:15:06.0651 1160  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
13:15:06.0651 1160  TDTCP - ok
13:15:06.0682 1160  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
13:15:06.0713 1160  tdx - ok
13:15:06.0744 1160  [ 4283D7125BA4BD0CB50BB0F78B54257A ] TelekomNM6      C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys
13:15:06.0776 1160  TelekomNM6 - ok
13:15:06.0791 1160  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:15:06.0791 1160  TermDD - ok
13:15:06.0838 1160  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
13:15:06.0885 1160  TermService - ok
13:15:06.0916 1160  [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes          C:\Windows\system32\themeservice.dll
13:15:06.0932 1160  Themes ( UnsignedFile.Multi.Generic ) - warning
13:15:06.0932 1160  Themes - detected UnsignedFile.Multi.Generic (1)
13:15:06.0978 1160  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
13:15:07.0025 1160  THREADORDER - ok
13:15:07.0041 1160  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:15:07.0056 1160  TrkWks - ok
13:15:07.0119 1160  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:15:07.0181 1160  TrustedInstaller - ok
13:15:07.0228 1160  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:15:07.0244 1160  tssecsrv - ok
13:15:07.0275 1160  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:15:07.0290 1160  TsUsbFlt - ok
13:15:07.0337 1160  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:15:07.0400 1160  tunnel - ok
13:15:07.0415 1160  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:15:07.0431 1160  uagp35 - ok
13:15:07.0462 1160  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:15:07.0509 1160  udfs - ok
13:15:07.0540 1160  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
13:15:07.0540 1160  UI0Detect - ok
13:15:07.0556 1160  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:15:07.0556 1160  uliagpkx - ok
13:15:07.0618 1160  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
13:15:07.0634 1160  umbus - ok
13:15:07.0665 1160  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:15:07.0665 1160  UmPass - ok
13:15:07.0696 1160  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:15:07.0727 1160  upnphost - ok
13:15:07.0758 1160  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
13:15:07.0774 1160  USBAAPL64 - ok
13:15:07.0821 1160  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:15:07.0852 1160  usbaudio - ok
13:15:07.0852 1160  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
13:15:07.0883 1160  usbccgp - ok
13:15:07.0930 1160  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:15:07.0961 1160  usbcir - ok
13:15:07.0977 1160  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
13:15:07.0977 1160  usbehci - ok
13:15:07.0992 1160  [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter      C:\Windows\system32\DRIVERS\usbfilter.sys
13:15:08.0008 1160  usbfilter - ok
13:15:08.0024 1160  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:15:08.0039 1160  usbhub - ok
13:15:08.0039 1160  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
13:15:08.0055 1160  usbohci - ok
13:15:08.0070 1160  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:15:08.0070 1160  usbprint - ok
13:15:08.0133 1160  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
13:15:08.0148 1160  usbscan - ok
13:15:08.0164 1160  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:15:08.0211 1160  USBSTOR - ok
13:15:08.0242 1160  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
13:15:08.0242 1160  usbuhci - ok
13:15:08.0289 1160  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
13:15:08.0351 1160  usb_rndisx - ok
13:15:08.0367 1160  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
13:15:08.0414 1160  UxSms - ok
13:15:08.0414 1160  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:15:08.0429 1160  VaultSvc - ok
13:15:08.0445 1160  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:15:08.0445 1160  vdrvroot - ok
13:15:08.0507 1160  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
13:15:08.0554 1160  vds - ok
13:15:08.0585 1160  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
13:15:08.0585 1160  vga - ok
13:15:08.0601 1160  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
13:15:08.0679 1160  VgaSave - ok
13:15:08.0694 1160  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
13:15:08.0710 1160  vhdmp - ok
13:15:08.0726 1160  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:15:08.0741 1160  viaide - ok
13:15:08.0741 1160  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:15:08.0757 1160  volmgr - ok
13:15:08.0788 1160  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
13:15:08.0804 1160  volmgrx - ok
13:15:08.0804 1160  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
13:15:08.0819 1160  volsnap - ok
13:15:08.0850 1160  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
13:15:08.0850 1160  vsmraid - ok
13:15:08.0913 1160  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
13:15:09.0022 1160  VSS - ok
13:15:09.0038 1160  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:15:09.0069 1160  vwifibus - ok
13:15:09.0084 1160  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
13:15:09.0116 1160  W32Time - ok
13:15:09.0131 1160  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:15:09.0131 1160  WacomPen - ok
13:15:09.0162 1160  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:15:09.0209 1160  WANARP - ok
13:15:09.0225 1160  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:15:09.0240 1160  Wanarpv6 - ok
13:15:09.0303 1160  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:15:09.0396 1160  wbengine - ok
13:15:09.0412 1160  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:15:09.0428 1160  WbioSrvc - ok
13:15:09.0459 1160  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
13:15:09.0521 1160  wcncsvc - ok
13:15:09.0552 1160  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:15:09.0568 1160  WcsPlugInService - ok
13:15:09.0568 1160  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:15:09.0584 1160  Wd - ok
13:15:09.0599 1160  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:15:09.0630 1160  Wdf01000 - ok
13:15:09.0630 1160  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:15:09.0724 1160  WdiServiceHost - ok
13:15:09.0724 1160  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
13:15:09.0740 1160  WdiSystemHost - ok
13:15:09.0786 1160  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
13:15:09.0833 1160  WebClient - ok
13:15:09.0849 1160  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:15:09.0896 1160  Wecsvc - ok
13:15:09.0911 1160  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
13:15:09.0942 1160  wercplsupport - ok
13:15:09.0942 1160  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:15:09.0974 1160  WerSvc - ok
13:15:09.0989 1160  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:15:10.0005 1160  WfpLwf - ok
13:15:10.0020 1160  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:15:10.0020 1160  WIMMount - ok
13:15:10.0036 1160  WinDefend - ok
13:15:10.0036 1160  WinHttpAutoProxySvc - ok
13:15:10.0083 1160  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
13:15:10.0145 1160  Winmgmt - ok
13:15:10.0223 1160  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
13:15:10.0286 1160  WinRM - ok
13:15:10.0379 1160  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:15:10.0410 1160  WinUsb - ok
13:15:10.0442 1160  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
13:15:10.0488 1160  Wlansvc - ok
13:15:10.0520 1160  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
13:15:10.0520 1160  WmiAcpi - ok
13:15:10.0535 1160  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:15:10.0566 1160  wmiApSrv - ok
13:15:10.0582 1160  WMPNetworkSvc - ok
13:15:10.0598 1160  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:15:10.0629 1160  WPCSvc - ok
13:15:10.0676 1160  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:15:10.0722 1160  WPDBusEnum - ok
13:15:10.0738 1160  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
13:15:10.0800 1160  ws2ifsl - ok
13:15:10.0816 1160  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
13:15:10.0816 1160  wscsvc - ok
13:15:10.0832 1160  WSearch - ok
13:15:10.0910 1160  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:15:10.0972 1160  wuauserv - ok
13:15:11.0003 1160  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:15:11.0019 1160  WudfPf - ok
13:15:11.0050 1160  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:15:11.0128 1160  WUDFRd - ok
13:15:11.0159 1160  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
13:15:11.0190 1160  wudfsvc - ok
13:15:11.0190 1160  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
13:15:11.0206 1160  WwanSvc - ok
13:15:11.0222 1160  ================ Scan global ===============================
13:15:11.0253 1160  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:15:11.0284 1160  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:15:11.0300 1160  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:15:11.0346 1160  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:15:11.0378 1160  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:15:11.0378 1160  [Global] - ok
13:15:11.0378 1160  ================ Scan MBR ==================================
13:15:11.0393 1160  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:15:11.0518 1160  \Device\Harddisk0\DR0 - ok
13:15:11.0518 1160  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:15:11.0830 1160  \Device\Harddisk1\DR1 - ok
13:15:11.0830 1160  ================ Scan VBR ==================================
13:15:11.0830 1160  [ ACD272E1B729652070FECED0ED0B0F39 ] \Device\Harddisk0\DR0\Partition1
13:15:11.0830 1160  \Device\Harddisk0\DR0\Partition1 - ok
13:15:11.0861 1160  [ 8DE47F7197471D3BA775B48398446C2A ] \Device\Harddisk0\DR0\Partition2
13:15:11.0861 1160  \Device\Harddisk0\DR0\Partition2 - ok
13:15:11.0877 1160  [ ACC59F51F8C9F0F4809B7F7A9AA99721 ] \Device\Harddisk1\DR1\Partition1
13:15:11.0877 1160  \Device\Harddisk1\DR1\Partition1 - ok
13:15:11.0877 1160  [ 4991AA74751D5470610EF157B30D9F8B ] \Device\Harddisk1\DR1\Partition2
13:15:11.0877 1160  \Device\Harddisk1\DR1\Partition2 - ok
13:15:11.0892 1160  ============================================================
13:15:11.0892 1160  Scan finished
13:15:11.0892 1160  ============================================================
13:15:11.0892 2464  Detected object count: 11
13:15:11.0892 2464  Actual detected object count: 11
13:15:26.0276 2464  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:26.0276 2464  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:26.0276 2464  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:26.0276 2464  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:26.0276 2464  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:26.0276 2464  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:26.0276 2464  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:26.0276 2464  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:26.0291 2464  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:26.0291 2464  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:26.0291 2464  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:26.0291 2464  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:26.0291 2464  Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:26.0291 2464  Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:26.0291 2464  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:26.0291 2464  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:26.0307 2464  SRTSPL ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:26.0307 2464  SRTSPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:26.0307 2464  SRTSPX ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:26.0307 2464  SRTSPX ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:26.0307 2464  Themes ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:26.0307 2464  Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:48.0188 2496  Deinitialize success

cosinus 17.09.2012 12:37
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Galge 17.09.2012 13:55
Das müsste ja der richtige log sein oder? ComboFix?

Code:
ComboFix 12-09-16.01 - Galge 17.09.2012  14:35:45.1.6 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8190.5597 [GMT 2:00]
ausgeführt von:: c:\users\Galge\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Galge\md5.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-17 bis 2012-09-17  ))))))))))))))))))))))))))))))
.
.
2012-09-17 12:31 . 2012-08-23 08:26        9310152        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1DF216E-C8A0-40D0-96B7-A7830CE2D568}\mpengine.dll
2012-09-16 16:21 . 2012-09-16 16:21        --------        d-----w-        C:\_OTL
2012-09-15 03:28 . 2012-08-23 08:26        9310152        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-12 11:28 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-12 11:28 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-12 11:28 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 22:38 . 2012-09-11 22:38        --------        d-----w-        c:\program files (x86)\ESET
2012-09-11 12:43 . 2012-09-11 12:43        --------        d-----w-        c:\users\Galge\AppData\Roaming\Malwarebytes
2012-09-11 12:42 . 2012-09-11 12:42        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-11 12:42 . 2012-09-11 12:43        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-11 12:42 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-11 09:50 . 2012-09-11 09:50        --------        d-----w-        c:\program files (x86)\Guild Wars 2
2012-09-10 14:04 . 2012-09-10 14:04        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-09-10 14:03 . 2012-09-10 14:03        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-10 14:03 . 2012-09-10 14:03        --------        d-----w-        c:\program files (x86)\Java
2012-09-10 13:33 . 2012-09-10 13:51        --------        d-----w-        c:\programdata\eenmqodvcsibfds
2012-09-08 21:01 . 2012-09-08 21:01        --------        d-----w-        c:\users\Galge\AppData\Roaming\hybrid
2012-09-08 20:45 . 2012-09-08 20:49        --------        d-----w-        c:\users\Galge\AppData\Roaming\HandBrake
2012-09-08 20:45 . 2012-09-10 13:51        --------        d-----w-        c:\program files\Handbrake
2012-09-08 20:30 . 2012-09-08 20:32        --------        d-----w-        c:\users\Galge\AppData\Roaming\avidemux
2012-09-04 01:08 . 2009-03-18 15:35        33856        ---ha-w-        c:\windows\system32\hamachi.sys
2012-09-04 01:08 . 2012-09-04 01:08        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
2012-09-02 16:13 . 2012-09-17 11:11        --------        d-----w-        c:\users\Galge\AppData\Local\LogMeIn Hamachi
2012-08-26 02:44 . 2012-08-26 02:44        --------        d-----w-        c:\users\Galge\AppData\Local\Chromium
2012-08-26 02:08 . 2012-09-02 00:31        --------        d-----w-        c:\users\Galge\AppData\Roaming\HpUpdate
2012-08-26 02:08 . 2012-08-26 02:08        --------        d-----w-        c:\windows\Hewlett-Packard
2012-08-25 21:31 . 2012-08-25 21:31        --------        d-----w-        c:\program files (x86)\Gameforge
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-17 11:50 . 2012-04-08 14:14        283304        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-09-17 11:50 . 2012-04-08 12:08        283304        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-09-17 11:50 . 2012-04-08 12:08        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-09-13 01:00 . 2012-04-23 20:51        64462936        ----a-w-        c:\windows\system32\MRT.exe
2012-09-10 14:03 . 2012-05-26 18:26        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-08-22 13:24 . 2012-04-08 10:54        73416        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 13:24 . 2012-04-08 10:54        696520        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-09 17:22 . 2012-08-09 17:22        955840        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-08-09 17:22 . 2012-08-09 17:22        839096        ----a-w-        c:\windows\system32\deployJava1.dll
2012-08-09 17:22 . 2012-08-09 17:22        268720        ----a-w-        c:\windows\system32\javaws.exe
2012-08-09 17:22 . 2012-08-09 17:22        189360        ----a-w-        c:\windows\system32\javaw.exe
2012-08-09 17:22 . 2012-08-09 17:22        188840        ----a-w-        c:\windows\system32\java.exe
2012-07-18 18:15 . 2012-08-15 20:35        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-15 21:16 . 2012-07-15 21:16        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-14 14:36 . 2012-07-14 14:36        156008        ----a-w-        c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-07-07 11:06 . 2012-07-07 11:06        65536        ----a-r-        c:\users\Galge\AppData\Roaming\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F8287203FA05_4196_A6DF_946113EFA737.exe
2012-07-04 22:16 . 2012-08-15 20:35        73216        ----a-w-        c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 20:35        59392        ----a-w-        c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 20:35        136704        ----a-w-        c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 20:35        41984        ----a-w-        c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 22:28        17809920        ----a-w-        c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 22:28        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 22:28        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 22:28        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 22:28        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 22:28        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 22:28        237056        ----a-w-        c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 22:28        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 22:28        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 22:28        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 22:28        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 22:28        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 22:28        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 22:28        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 22:28        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 22:28        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 22:28        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 22:28        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 22:28        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-06-11 4692840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2006-12-07 107112]
"vptray"="c:\progra~2\SYMANT~1\VPTray.exe" [2007-01-05 135216]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 250568]
R3 dump_wmimmc;dump_wmimmc;c:\program files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [2010-09-16 45664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-15 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-04-05 8704]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-01 138912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 13:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-20 6468712]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"combofix"="c:\combofix\CF31458.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1214310950-730897569-3731794000-1000\Software\GrandCross\0 ´* & ’v*’0 ’X*]
"InstMode"=hex:00,00,00,00
"InstPath"="c:\\Program Files (x86)\\GrandCross\\‰´–…ƒvƒ‰ƒX"
"DataPath"="c:\\Users\\Galge\\Documents\\GrandCross\\‰´–…ƒvƒ‰ƒX\\"
.
[HKEY_USERS\S-1-5-21-1214310950-730897569-3731794000-1000\Software\GrandCross\0 ´* & ’v*’0 ’X*\System]
"gbFullScreenFlag"=hex:00,00,00,00
"gnWindowLeft"=hex:2d,02,00,00
"gnWindowTop"=hex:e2,00,00,00
"gdwWindowWidth"=hex:20,03,00,00
"gdwWindowHeight"=hex:58,02,00,00
"gdwWindowBpp"=hex:18,00,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\0 ´* & ’v*’0 ’X*]
"DisplayName"="‰´–…ƒvƒ‰ƒX"
"UninstallString"="c:\\Program Files (x86)\\GrandCross\\‰´–…ƒvƒ‰ƒX\\UNINST.EXE"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\DAODx.exe
c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Symantec AntiVirus\DefWatch.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Symantec AntiVirus\Rtvscan.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-17  14:47:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-17 12:47
.
Vor Suchlauf: 10 Verzeichnis(se), 427.988.340.736 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 427.680.960.512 Bytes frei
.
- - End Of File - - 87283663222F139AA17D4038D11A6F9A

cosinus 17.09.2012 14:54
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Folder::
c:\programdata\eenmqodvcsibfds

Filelook::
c:\users\Galge\AppData\Roaming\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F8287203FA05_4196_A6DF_946113EFA737.exe
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Galge 17.09.2012 15:35
So hier bitte:

Code:
ComboFix 12-09-16.01 - Galge 17.09.2012  16:18:13.2.6 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8190.6147 [GMT 2:00]
ausgeführt von:: c:\users\Galge\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Galge\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\eenmqodvcsibfds
c:\programdata\eenmqodvcsibfds\btn-green.png
c:\programdata\eenmqodvcsibfds\corners-btn.png
c:\programdata\eenmqodvcsibfds\corners1.png
c:\programdata\eenmqodvcsibfds\corners2.png
c:\programdata\eenmqodvcsibfds\corners3.png
c:\programdata\eenmqodvcsibfds\corners4.png
c:\programdata\eenmqodvcsibfds\de-flag.png
c:\programdata\eenmqodvcsibfds\de-image.png
c:\programdata\eenmqodvcsibfds\ie6-7.css
c:\programdata\eenmqodvcsibfds\McAfee.png
c:\programdata\eenmqodvcsibfds\pays-de.png
c:\programdata\eenmqodvcsibfds\steps-de.png
c:\programdata\eenmqodvcsibfds\steps-en.png
c:\programdata\eenmqodvcsibfds\style.css
c:\programdata\eenmqodvcsibfds\tabs.png
c:\programdata\eenmqodvcsibfds\wait.html
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-17 bis 2012-09-17  ))))))))))))))))))))))))))))))
.
.
2012-09-17 14:22 . 2012-09-17 14:22        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-09-17 14:22 . 2012-09-17 14:22        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-16 16:21 . 2012-09-16 16:21        --------        d-----w-        C:\_OTL
2012-09-12 11:28 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-12 11:28 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-12 11:28 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 22:38 . 2012-09-11 22:38        --------        d-----w-        c:\program files (x86)\ESET
2012-09-11 12:43 . 2012-09-11 12:43        --------        d-----w-        c:\users\Galge\AppData\Roaming\Malwarebytes
2012-09-11 12:42 . 2012-09-11 12:42        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-11 12:42 . 2012-09-11 12:43        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-11 12:42 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-11 09:50 . 2012-09-11 09:50        --------        d-----w-        c:\program files (x86)\Guild Wars 2
2012-09-10 14:04 . 2012-09-10 14:04        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-09-10 14:03 . 2012-09-10 14:03        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-10 14:03 . 2012-09-10 14:03        --------        d-----w-        c:\program files (x86)\Java
2012-09-08 21:01 . 2012-09-08 21:01        --------        d-----w-        c:\users\Galge\AppData\Roaming\hybrid
2012-09-08 20:45 . 2012-09-08 20:49        --------        d-----w-        c:\users\Galge\AppData\Roaming\HandBrake
2012-09-08 20:45 . 2012-09-10 13:51        --------        d-----w-        c:\program files\Handbrake
2012-09-08 20:30 . 2012-09-08 20:32        --------        d-----w-        c:\users\Galge\AppData\Roaming\avidemux
2012-09-04 01:08 . 2009-03-18 15:35        33856        ---ha-w-        c:\windows\system32\hamachi.sys
2012-09-04 01:08 . 2012-09-04 01:08        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
2012-09-02 16:13 . 2012-09-17 14:14        --------        d-----w-        c:\users\Galge\AppData\Local\LogMeIn Hamachi
2012-08-26 02:44 . 2012-08-26 02:44        --------        d-----w-        c:\users\Galge\AppData\Local\Chromium
2012-08-26 02:08 . 2012-09-02 00:31        --------        d-----w-        c:\users\Galge\AppData\Roaming\HpUpdate
2012-08-26 02:08 . 2012-08-26 02:08        --------        d-----w-        c:\windows\Hewlett-Packard
2012-08-25 21:31 . 2012-08-25 21:31        --------        d-----w-        c:\program files (x86)\Gameforge
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-17 11:50 . 2012-04-08 14:14        283304        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-09-17 11:50 . 2012-04-08 12:08        283304        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-09-17 11:50 . 2012-04-08 12:08        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-09-13 01:00 . 2012-04-23 20:51        64462936        ----a-w-        c:\windows\system32\MRT.exe
2012-09-10 14:03 . 2012-05-26 18:26        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-08-22 13:24 . 2012-04-08 10:54        73416        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 13:24 . 2012-04-08 10:54        696520        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-09 17:22 . 2012-08-09 17:22        955840        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-08-09 17:22 . 2012-08-09 17:22        839096        ----a-w-        c:\windows\system32\deployJava1.dll
2012-08-09 17:22 . 2012-08-09 17:22        268720        ----a-w-        c:\windows\system32\javaws.exe
2012-08-09 17:22 . 2012-08-09 17:22        189360        ----a-w-        c:\windows\system32\javaw.exe
2012-08-09 17:22 . 2012-08-09 17:22        188840        ----a-w-        c:\windows\system32\java.exe
2012-07-18 18:15 . 2012-08-15 20:35        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-15 21:16 . 2012-07-15 21:16        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-14 14:36 . 2012-07-14 14:36        156008        ----a-w-        c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-07-07 11:06 . 2012-07-07 11:06        65536        ----a-r-        c:\users\Galge\AppData\Roaming\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F8287203FA05_4196_A6DF_946113EFA737.exe
2012-07-04 22:16 . 2012-08-15 20:35        73216        ----a-w-        c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 20:35        59392        ----a-w-        c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 20:35        136704        ----a-w-        c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 20:35        41984        ----a-w-        c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 22:28        17809920        ----a-w-        c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 22:28        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 22:28        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 22:28        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 22:28        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 22:28        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 22:28        237056        ----a-w-        c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 22:28        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 22:28        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 22:28        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 22:28        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 22:28        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 22:28        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 22:28        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 22:28        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 22:28        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 22:28        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 22:28        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 22:28        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\users\Galge\AppData\Roaming\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F8287203FA05_4196_A6DF_946113EFA737.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 65536
Created time: 2012-07-07 11:06
Modified time: 2012-07-07 11:06
MD5: 87E54AD8511D92729EF70F8FF57A97BA
SHA1: D8CF57CE644AA10E73A32E77E096912A450405BC
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-09-17_12.43.45  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-08 10:06 . 2012-09-17 14:27        47000              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-17 14:27        33366              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-08 09:56 . 2012-09-17 14:27        12998              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1214310950-730897569-3731794000-1000_UserData.bin
+ 2012-09-17 14:24 . 2012-09-17 14:24        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-17 12:42 . 2012-09-17 12:42        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-17 12:42 . 2012-09-17 12:42        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-17 14:24 . 2012-09-17 14:24        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-09-17 12:40        256020              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-17 14:23        256020              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-09 02:08 . 2012-09-17 14:23        4558164              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1214310950-730897569-3731794000-1000-8192.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-06-11 4692840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2006-12-07 107112]
"vptray"="c:\progra~2\SYMANT~1\VPTray.exe" [2007-01-05 135216]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 250568]
R3 dump_wmimmc;dump_wmimmc;c:\program files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [2010-09-16 45664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-15 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-04-05 8704]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-01 138912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 13:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-20 6468712]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1214310950-730897569-3731794000-1000\Software\GrandCross\0 ´* & ’v*’0 ’X*]
"InstMode"=hex:00,00,00,00
"InstPath"="c:\\Program Files (x86)\\GrandCross\\‰´–…ƒvƒ‰ƒX"
"DataPath"="c:\\Users\\Galge\\Documents\\GrandCross\\‰´–…ƒvƒ‰ƒX\\"
.
[HKEY_USERS\S-1-5-21-1214310950-730897569-3731794000-1000\Software\GrandCross\0 ´* & ’v*’0 ’X*\System]
"gbFullScreenFlag"=hex:00,00,00,00
"gnWindowLeft"=hex:2d,02,00,00
"gnWindowTop"=hex:e2,00,00,00
"gdwWindowWidth"=hex:20,03,00,00
"gdwWindowHeight"=hex:58,02,00,00
"gdwWindowBpp"=hex:18,00,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\0 ´* & ’v*’0 ’X*]
"DisplayName"="‰´–…ƒvƒ‰ƒX"
"UninstallString"="c:\\Program Files (x86)\\GrandCross\\‰´–…ƒvƒ‰ƒX\\UNINST.EXE"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\DAODx.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Symantec AntiVirus\DefWatch.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Symantec AntiVirus\Rtvscan.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-17  16:29:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-17 14:29
ComboFix2.txt  2012-09-17 12:47
.
Vor Suchlauf: 13 Verzeichnis(se), 427.447.013.376 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 427.406.237.696 Bytes frei
.
- - End Of File - - 938A7E23442139FE76F86AE466052CF4

cosinus 17.09.2012 19:59
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Galge 18.09.2012 02:11
So erstmal zu GMER.
Das Programm ist nicht abgestürzt oder sonstiges, aber er hat mir nach dem Scan nichts zum Kopieren gegeben.

So aber hier OSAM:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 02:44:53 on 18.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"SYMLIVE" - "Symantec Corporation" - C:\Program Files (x86)\Symantec\LiveUpdate\S32LUCP2.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AsIO" (AsIO) - ? - C:\Windows\SysWow64\drivers\AsIO.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"CrystalSysInfo" (CrystalSysInfo) - ? - C:\Program Files\MediaCoder\SysInfoX64.sys  (File found, but it contains no detailed information)
"dump_wmimmc" (dump_wmimmc) - ? - C:\Program Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120914.002\ENG64.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120914.002\EX64.SYS
"NPPTNT2" (NPPTNT2) - ? - C:\Windows\system32\npptNT2.sys  (File not found)
"SRTSP" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSP64.SYS
"SRTSPL" (SRTSPL) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPL64.SYS
"SRTSPX" (SRTSPX) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPX64.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
"Telekom Netzmanager Packet Filter Driver" (TelekomNM6) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\OFFICE11\msohev.dll
{8BEEE74D-455E-4616-A97A-F6E86C317F32} "VpshellEx Class" - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\SSC\vpshell2.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} "SearchHook Class" - "DeviceVM, Inc." - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"VeohPlugin" - "Veoh Networks" - "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"BCU" - "DeviceVM, Inc." - "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"ccApp" - "Symantec Corporation" - "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"JMB36X IDE Setup" - ? - C:\Windows\RaidTool\xInsIDE.exe  (File found, but it contains no detailed information)
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"Six Engine" - "

ASUSTeK Computer Inc." - "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"TurboV EVO" - "ASUSTeK Computer Inc." - "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
"vptray" - "Symantec Corporation" - C:\PROGRA~2\SYMANT~1\VPTray.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@%SystemRoot%\System32\themeservice.dll,-8192" (Themes) - "Microsoft Corporation" - C:\Windows\system32\themeservice.dll
"@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\NisSrv.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"ASUS System Control Service" (AsSysCtrlService) - ? - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe  (File found, but it contains no detailed information)
"Browser Configuration Utility Service" (BCUService) - "DeviceVM, Inc." - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FreemakeVideoCapture" (FreemakeVideoCapture) - "Microsoft" - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\MsMpEng.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - "Deutsche Telekom AG" - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
"nProtect GameGuard Service" (npggsvc) - ? - C:\Windows\system32\GameMon.des -service  (File not found)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"Symantec AntiVirus" (Symantec AntiVirus) - "Symantec Corporation" - C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
"Symantec AntiVirus Definition Watcher" (DefWatch) - "Symantec Corporation" - C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Und hier aswMBR:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 03:01:12
-----------------------------
03:01:12.750    OS Version: Windows x64 6.1.7601 Service Pack 1
03:01:12.750    Number of processors: 6 586 0xA00
03:01:12.750    ComputerName: ANIMENIA  UserName: Galge
03:01:15.277    Initialize success
03:02:05.526    AVAST engine defs: 12091400
03:02:08.241    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
03:02:08.256    Disk 0 Vendor: WDC_WD10EARX-00N0YB0 51.0AB51 Size: 953869MB BusType: 3
03:02:08.256    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
03:02:08.256    Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01118 Size: 715403MB BusType: 3
03:02:08.272    Disk 0 MBR read successfully
03:02:08.272    Disk 0 MBR scan
03:02:08.288    Disk 0 unknown MBR code
03:02:08.288    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
03:02:08.303    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      953767 MB offset 206848
03:02:08.319    Disk 0 scanning C:\Windows\system32\drivers
03:02:18.459    Service scanning
03:02:37.553    Modules scanning
03:02:37.569    Disk 0 trace - called modules:
03:02:37.585    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
03:02:37.600    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bb7790]
03:02:37.600    3 CLASSPNP.SYS[fffff880018ea43f] -> nt!IofCallDriver -> [0xfffffa8007afd9b0]
03:02:37.600    5 ACPI.sys[fffff88000e9f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007bbf060]
03:02:39.488    AVAST engine scan C:\Windows
03:02:43.216    AVAST engine scan C:\Windows\system32
03:05:05.317    AVAST engine scan C:\Windows\system32\drivers
03:05:17.828    AVAST engine scan C:\Users\Galge
03:08:15.403    Disk 0 MBR has been saved successfully to "C:\Users\Galge\Desktop\MBR.dat"
03:08:15.419    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"
MfG

cosinus 19.09.2012 11:07
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Galge 20.09.2012 00:10
So hier bitte:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 03:01:12
-----------------------------
03:01:12.750    OS Version: Windows x64 6.1.7601 Service Pack 1
03:01:12.750    Number of processors: 6 586 0xA00
03:01:12.750    ComputerName: ANIMENIA  UserName: Galge
03:01:15.277    Initialize success
03:02:05.526    AVAST engine defs: 12091400
03:02:08.241    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
03:02:08.256    Disk 0 Vendor: WDC_WD10EARX-00N0YB0 51.0AB51 Size: 953869MB BusType: 3
03:02:08.256    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
03:02:08.256    Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01118 Size: 715403MB BusType: 3
03:02:08.272    Disk 0 MBR read successfully
03:02:08.272    Disk 0 MBR scan
03:02:08.288    Disk 0 unknown MBR code
03:02:08.288    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
03:02:08.303    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      953767 MB offset 206848
03:02:08.319    Disk 0 scanning C:\Windows\system32\drivers
03:02:18.459    Service scanning
03:02:37.553    Modules scanning
03:02:37.569    Disk 0 trace - called modules:
03:02:37.585    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
03:02:37.600    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bb7790]
03:02:37.600    3 CLASSPNP.SYS[fffff880018ea43f] -> nt!IofCallDriver -> [0xfffffa8007afd9b0]
03:02:37.600    5 ACPI.sys[fffff88000e9f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007bbf060]
03:02:39.488    AVAST engine scan C:\Windows
03:02:43.216    AVAST engine scan C:\Windows\system32
03:05:05.317    AVAST engine scan C:\Windows\system32\drivers
03:05:17.828    AVAST engine scan C:\Users\Galge
03:08:15.403    Disk 0 MBR has been saved successfully to "C:\Users\Galge\Desktop\MBR.dat"
03:08:15.419    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 01:06:41
-----------------------------
01:06:41.192    OS Version: Windows x64 6.1.7601 Service Pack 1
01:06:41.192    Number of processors: 6 586 0xA00
01:06:41.193    ComputerName: ANIMENIA  UserName: Galge
01:06:43.538    Initialize success
01:07:32.575    AVAST engine defs: 12091901
01:07:41.063    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
01:07:41.065    Disk 0 Vendor: WDC_WD10EARX-00N0YB0 51.0AB51 Size: 953869MB BusType: 3
01:07:41.083    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
01:07:41.085    Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01118 Size: 715403MB BusType: 3
01:07:41.104    Disk 0 MBR read successfully
01:07:41.106    Disk 0 MBR scan
01:07:41.114    Disk 0 unknown MBR code
01:07:41.116    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
01:07:41.141    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      953767 MB offset 206848
01:07:41.184    Disk 0 scanning C:\Windows\system32\drivers
01:07:58.686    Service scanning
01:08:32.062    Modules scanning
01:08:32.081    Disk 0 trace - called modules:
01:08:32.113    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
01:08:32.116    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b98790]
01:08:32.120    3 CLASSPNP.SYS[fffff8800186f43f] -> nt!IofCallDriver -> [0xfffffa8007adf950]
01:08:32.124    5 ACPI.sys[fffff88000f4d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007ba0060]
01:08:32.129    Scan finished successfully
01:09:33.123    Disk 0 MBR has been saved successfully to "C:\Users\Galge\Desktop\MBR.dat"
01:09:33.135    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"

cosinus 20.09.2012 14:43
Ähm, eigentlich wollte ich das hier posten :wtf: :

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Galge 20.09.2012 16:03
So das Sichern hat zwar gedauert, aber das fixen ging schnell:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 03:01:12
-----------------------------
03:01:12.750    OS Version: Windows x64 6.1.7601 Service Pack 1
03:01:12.750    Number of processors: 6 586 0xA00
03:01:12.750    ComputerName: ANIMENIA  UserName: Galge
03:01:15.277    Initialize success
03:02:05.526    AVAST engine defs: 12091400
03:02:08.241    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
03:02:08.256    Disk 0 Vendor: WDC_WD10EARX-00N0YB0 51.0AB51 Size: 953869MB BusType: 3
03:02:08.256    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
03:02:08.256    Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01118 Size: 715403MB BusType: 3
03:02:08.272    Disk 0 MBR read successfully
03:02:08.272    Disk 0 MBR scan
03:02:08.288    Disk 0 unknown MBR code
03:02:08.288    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
03:02:08.303    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      953767 MB offset 206848
03:02:08.319    Disk 0 scanning C:\Windows\system32\drivers
03:02:18.459    Service scanning
03:02:37.553    Modules scanning
03:02:37.569    Disk 0 trace - called modules:
03:02:37.585    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
03:02:37.600    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bb7790]
03:02:37.600    3 CLASSPNP.SYS[fffff880018ea43f] -> nt!IofCallDriver -> [0xfffffa8007afd9b0]
03:02:37.600    5 ACPI.sys[fffff88000e9f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007bbf060]
03:02:39.488    AVAST engine scan C:\Windows
03:02:43.216    AVAST engine scan C:\Windows\system32
03:05:05.317    AVAST engine scan C:\Windows\system32\drivers
03:05:17.828    AVAST engine scan C:\Users\Galge
03:08:15.403    Disk 0 MBR has been saved successfully to "C:\Users\Galge\Desktop\MBR.dat"
03:08:15.419    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 01:06:41
-----------------------------
01:06:41.192    OS Version: Windows x64 6.1.7601 Service Pack 1
01:06:41.192    Number of processors: 6 586 0xA00
01:06:41.193    ComputerName: ANIMENIA  UserName: Galge
01:06:43.538    Initialize success
01:07:32.575    AVAST engine defs: 12091901
01:07:41.063    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
01:07:41.065    Disk 0 Vendor: WDC_WD10EARX-00N0YB0 51.0AB51 Size: 953869MB BusType: 3
01:07:41.083    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
01:07:41.085    Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01118 Size: 715403MB BusType: 3
01:07:41.104    Disk 0 MBR read successfully
01:07:41.106    Disk 0 MBR scan
01:07:41.114    Disk 0 unknown MBR code
01:07:41.116    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
01:07:41.141    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      953767 MB offset 206848
01:07:41.184    Disk 0 scanning C:\Windows\system32\drivers
01:07:58.686    Service scanning
01:08:32.062    Modules scanning
01:08:32.081    Disk 0 trace - called modules:
01:08:32.113    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
01:08:32.116    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b98790]
01:08:32.120    3 CLASSPNP.SYS[fffff8800186f43f] -> nt!IofCallDriver -> [0xfffffa8007adf950]
01:08:32.124    5 ACPI.sys[fffff88000f4d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007ba0060]
01:08:32.129    Scan finished successfully
01:09:33.123    Disk 0 MBR has been saved successfully to "C:\Users\Galge\Desktop\MBR.dat"
01:09:33.135    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 16:56:41
-----------------------------
16:56:41.368    OS Version: Windows x64 6.1.7601 Service Pack 1
16:56:41.368    Number of processors: 6 586 0xA00
16:56:41.368    ComputerName: ANIMENIA  UserName: Galge
16:56:42.518    Initialize success
16:56:49.639    AVAST engine defs: 12091901
16:57:05.386    Verifying
16:57:15.417    Disk 0 Windows 601 MBR fixed successfully
16:57:50.562    Disk 0 MBR has been saved successfully to "C:\Users\Galge\Desktop\MBR.dat"
16:57:50.593    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"

cosinus 20.09.2012 20:09
Du solltest aber schon ein neues Log nach dem Fixen des MBR erstellen

Galge 20.09.2012 21:00
So? O.o

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 03:01:12
-----------------------------
03:01:12.750    OS Version: Windows x64 6.1.7601 Service Pack 1
03:01:12.750    Number of processors: 6 586 0xA00
03:01:12.750    ComputerName: ANIMENIA  UserName: Galge
03:01:15.277    Initialize success
03:02:05.526    AVAST engine defs: 12091400
03:02:08.241    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
03:02:08.256    Disk 0 Vendor: WDC_WD10EARX-00N0YB0 51.0AB51 Size: 953869MB BusType: 3
03:02:08.256    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
03:02:08.256    Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01118 Size: 715403MB BusType: 3
03:02:08.272    Disk 0 MBR read successfully
03:02:08.272    Disk 0 MBR scan
03:02:08.288    Disk 0 unknown MBR code
03:02:08.288    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
03:02:08.303    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      953767 MB offset 206848
03:02:08.319    Disk 0 scanning C:\Windows\system32\drivers
03:02:18.459    Service scanning
03:02:37.553    Modules scanning
03:02:37.569    Disk 0 trace - called modules:
03:02:37.585    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
03:02:37.600    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bb7790]
03:02:37.600    3 CLASSPNP.SYS[fffff880018ea43f] -> nt!IofCallDriver -> [0xfffffa8007afd9b0]
03:02:37.600    5 ACPI.sys[fffff88000e9f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007bbf060]
03:02:39.488    AVAST engine scan C:\Windows
03:02:43.216    AVAST engine scan C:\Windows\system32
03:05:05.317    AVAST engine scan C:\Windows\system32\drivers
03:05:17.828    AVAST engine scan C:\Users\Galge
03:08:15.403    Disk 0 MBR has been saved successfully to "C:\Users\Galge\Desktop\MBR.dat"
03:08:15.419    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 01:06:41
-----------------------------
01:06:41.192    OS Version: Windows x64 6.1.7601 Service Pack 1
01:06:41.192    Number of processors: 6 586 0xA00
01:06:41.193    ComputerName: ANIMENIA  UserName: Galge
01:06:43.538    Initialize success
01:07:32.575    AVAST engine defs: 12091901
01:07:41.063    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
01:07:41.065    Disk 0 Vendor: WDC_WD10EARX-00N0YB0 51.0AB51 Size: 953869MB BusType: 3
01:07:41.083    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
01:07:41.085    Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01118 Size: 715403MB BusType: 3
01:07:41.104    Disk 0 MBR read successfully
01:07:41.106    Disk 0 MBR scan
01:07:41.114    Disk 0 unknown MBR code
01:07:41.116    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
01:07:41.141    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      953767 MB offset 206848
01:07:41.184    Disk 0 scanning C:\Windows\system32\drivers
01:07:58.686    Service scanning
01:08:32.062    Modules scanning
01:08:32.081    Disk 0 trace - called modules:
01:08:32.113    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
01:08:32.116    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b98790]
01:08:32.120    3 CLASSPNP.SYS[fffff8800186f43f] -> nt!IofCallDriver -> [0xfffffa8007adf950]
01:08:32.124    5 ACPI.sys[fffff88000f4d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007ba0060]
01:08:32.129    Scan finished successfully
01:09:33.123    Disk 0 MBR has been saved successfully to "C:\Users\Galge\Desktop\MBR.dat"
01:09:33.135    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 16:56:41
-----------------------------
16:56:41.368    OS Version: Windows x64 6.1.7601 Service Pack 1
16:56:41.368    Number of processors: 6 586 0xA00
16:56:41.368    ComputerName: ANIMENIA  UserName: Galge
16:56:42.518    Initialize success
16:56:49.639    AVAST engine defs: 12091901
16:57:05.386    Verifying
16:57:15.417    Disk 0 Windows 601 MBR fixed successfully
16:57:50.562    Disk 0 MBR has been saved successfully to "C:\Users\Galge\Desktop\MBR.dat"
16:57:50.593    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"




aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 21:59:16
-----------------------------
21:59:16.665    OS Version: Windows x64 6.1.7601 Service Pack 1
21:59:16.665    Number of processors: 6 586 0xA00
21:59:16.666    ComputerName: ANIMENIA  UserName: Galge
21:59:17.622    Initialize success
21:59:25.232    AVAST engine defs: 12091901
21:59:51.228    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"
Oder soll ich nochmal fixen und neustarten?

cosinus 21.09.2012 13:10
Nein! Wie beim ersten Mal einfach ein neues Log machen!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Galge 21.09.2012 14:06
So ich hoffe jetzt ist das Richtig:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 03:01:12
-----------------------------
03:01:12.750    OS Version: Windows x64 6.1.7601 Service Pack 1
03:01:12.750    Number of processors: 6 586 0xA00
03:01:12.750    ComputerName: ANIMENIA  UserName: Galge
03:01:15.277    Initialize success
03:02:05.526    AVAST engine defs: 12091400
03:02:08.241    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
03:02:08.256    Disk 0 Vendor: WDC_WD10EARX-00N0YB0 51.0AB51 Size: 953869MB BusType: 3
03:02:08.256    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
03:02:08.256    Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01118 Size: 715403MB BusType: 3
03:02:08.272    Disk 0 MBR read successfully
03:02:08.272    Disk 0 MBR scan
03:02:08.288    Disk 0 unknown MBR code
03:02:08.288    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
03:02:08.303    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      953767 MB offset 206848
03:02:08.319    Disk 0 scanning C:\Windows\system32\drivers
03:02:18.459    Service scanning
03:02:37.553    Modules scanning
03:02:37.569    Disk 0 trace - called modules:
03:02:37.585    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
03:02:37.600    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bb7790]
03:02:37.600    3 CLASSPNP.SYS[fffff880018ea43f] -> nt!IofCallDriver -> [0xfffffa8007afd9b0]
03:02:37.600    5 ACPI.sys[fffff88000e9f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007bbf060]
03:02:39.488    AVAST engine scan C:\Windows
03:02:43.216    AVAST engine scan C:\Windows\system32
03:05:05.317    AVAST engine scan C:\Windows\system32\drivers
03:05:17.828    AVAST engine scan C:\Users\Galge
03:08:15.403    Disk 0 MBR has been saved successfully to "C:\Users\Galge\Desktop\MBR.dat"
03:08:15.419    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 01:06:41
-----------------------------
01:06:41.192    OS Version: Windows x64 6.1.7601 Service Pack 1
01:06:41.192    Number of processors: 6 586 0xA00
01:06:41.193    ComputerName: ANIMENIA  UserName: Galge
01:06:43.538    Initialize success
01:07:32.575    AVAST engine defs: 12091901
01:07:41.063    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
01:07:41.065    Disk 0 Vendor: WDC_WD10EARX-00N0YB0 51.0AB51 Size: 953869MB BusType: 3
01:07:41.083    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
01:07:41.085    Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01118 Size: 715403MB BusType: 3
01:07:41.104    Disk 0 MBR read successfully
01:07:41.106    Disk 0 MBR scan
01:07:41.114    Disk 0 unknown MBR code
01:07:41.116    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
01:07:41.141    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      953767 MB offset 206848
01:07:41.184    Disk 0 scanning C:\Windows\system32\drivers
01:07:58.686    Service scanning
01:08:32.062    Modules scanning
01:08:32.081    Disk 0 trace - called modules:
01:08:32.113    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
01:08:32.116    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b98790]
01:08:32.120    3 CLASSPNP.SYS[fffff8800186f43f] -> nt!IofCallDriver -> [0xfffffa8007adf950]
01:08:32.124    5 ACPI.sys[fffff88000f4d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007ba0060]
01:08:32.129    Scan finished successfully
01:09:33.123    Disk 0 MBR has been saved successfully to "C:\Users\Galge\Desktop\MBR.dat"
01:09:33.135    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 16:56:41
-----------------------------
16:56:41.368    OS Version: Windows x64 6.1.7601 Service Pack 1
16:56:41.368    Number of processors: 6 586 0xA00
16:56:41.368    ComputerName: ANIMENIA  UserName: Galge
16:56:42.518    Initialize success
16:56:49.639    AVAST engine defs: 12091901
16:57:05.386    Verifying
16:57:15.417    Disk 0 Windows 601 MBR fixed successfully
16:57:50.562    Disk 0 MBR has been saved successfully to "C:\Users\Galge\Desktop\MBR.dat"
16:57:50.593    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"




aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 21:59:16
-----------------------------
21:59:16.665    OS Version: Windows x64 6.1.7601 Service Pack 1
21:59:16.665    Number of processors: 6 586 0xA00
21:59:16.666    ComputerName: ANIMENIA  UserName: Galge
21:59:17.622    Initialize success
21:59:25.232    AVAST engine defs: 12091901
21:59:51.228    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 14:45:20
-----------------------------
14:45:20.971    OS Version: Windows x64 6.1.7601 Service Pack 1
14:45:20.971    Number of processors: 6 586 0xA00
14:45:20.971    ComputerName: ANIMENIA  UserName: Galge
14:45:22.839    Initialize success
14:46:11.247    AVAST engine defs: 12092100
14:46:32.252    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:46:32.257    Disk 0 Vendor: WDC_WD10EARX-00N0YB0 51.0AB51 Size: 953869MB BusType: 3
14:46:32.263    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-3
14:46:32.268    Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01118 Size: 715403MB BusType: 3
14:46:32.290    Disk 0 MBR read successfully
14:46:32.294    Disk 0 MBR scan
14:46:32.298    Disk 0 Windows 7 default MBR code
14:46:32.302    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:46:32.307    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      953767 MB offset 206848
14:46:32.316    Disk 0 scanning C:\Windows\system32\drivers
14:46:42.017    Service scanning
14:47:00.068    Modules scanning
14:47:00.087    Disk 0 trace - called modules:
14:47:00.110    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:47:00.121    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b98790]
14:47:00.132    3 CLASSPNP.SYS[fffff8800193843f] -> nt!IofCallDriver -> [0xfffffa8007ade950]
14:47:00.143    5 ACPI.sys[fffff88000eba7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007ba0060]
14:47:02.676    AVAST engine scan C:\Windows
14:47:06.088    AVAST engine scan C:\Windows\system32
14:49:27.912    AVAST engine scan C:\Windows\system32\drivers
14:49:38.721    AVAST engine scan C:\Users\Galge
15:01:52.908    AVAST engine scan C:\ProgramData
15:02:57.211    Scan finished successfully
15:05:11.917    Disk 0 MBR has been saved successfully to "C:\Users\Galge\Desktop\MBR.dat"
15:05:12.011    The log file has been saved successfully to "C:\Users\Galge\Desktop\aswMBR.txt"
MfG

cosinus 21.09.2012 19:56
Ja endlich :)

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Galge 22.09.2012 05:16
Hier bitte:

SuperAntiSpayware:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/22/2012 at 05:52 AM

Application Version : 5.5.1016

Core Rules Database Version : 9273
Trace Rules Database Version: 7085

Scan type      : Complete Scan
Total Scan Time : 02:31:22

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 637
Memory threats detected  : 0
Registry items scanned    : 67136
Registry threats detected : 0
File items scanned        : 183998
File threats detected    : 503

Adware.Tracking Cookie
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\N3TSJ3RU.txt [ /serving-sys.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\QTO8Q02R.txt [ /ads.pubmatic.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\IOWL54G0.txt [ /ads.creative-serving.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\OM647C2C.txt [ /adform.net ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\1WTEL4NU.txt [ /eas.apm.emediate.eu ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\8DPGOFU8.txt [ /c.atdmt.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\Y5AX8SDO.txt [ /ad.yieldmanager.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\DTHR8VBM.txt [ /imrworldwide.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\22PO936N.txt [ /ad.adnet.de ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\DIEPSE4B.txt [ /doubleclick.net ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\U0FGC5AY.txt [ /a.revenuemax.de ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\YLKZV690.txt [ /adnetwork.net ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\TOB8OVL8.txt [ /ad.360yield.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\LZ3C3STJ.txt [ /adfarm1.adition.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\TIXOEFND.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\QL2W136F.txt [ /server.adform.net ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\480WPLFU.txt [ /specificclick.net ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\60YN4UK7.txt [ /questionmarket.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\BQ5D3T2T.txt [ /ads.jinkads.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\F04RJHK2.txt [ /tracking.quisma.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\5JB2UYS0.txt [ /tradedoubler.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\FPOSIAXU.txt [ /bs.serving-sys.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\NWE78M8K.txt [ /wizard.mediacoderhq.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\9NTBAMQA.txt [ /eaeacom.112.2o7.net ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\ELAQVAI7.txt [ /ad.adition.net ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\ZOABOK0C.txt [ /webmasterplan.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\YDXA1GLD.txt [ /fastclick.net ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\88ZKAD10.txt [ /adxpose.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\94CQRGPJ.txt [ /ads.us.e-planning.net ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\W7P6S35Q.txt [ /ad.dyntracker.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\0TDMVJGN.txt [ /www.active-tracking.de ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\8836ES8A.txt [ /apmebf.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\KJTMFTRN.txt [ /atdmt.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\5KXP2R4M.txt [ /ad.zanox.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\XJH2FEBW.txt [ /lucidmedia.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\S83A8VNO.txt [ /invitemedia.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\SATVKQEV.txt [ /www.usenext.de ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\TCCUBZ3K.txt [ /ad.adc-serv.net ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\0ZNJYD09.txt [ /ad4.adfarm1.adition.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\8I4XF22W.txt [ /advertising.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\32TE08SH.txt [ /zanox.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\1OZ4G7VI.txt [ /mediaplex.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\BY5XX9ST.txt [ /unitymedia.de ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\BE79T023.txt [ /adbrite.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\GYM5GL12.txt [ /casalemedia.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\A4A9GG2E.txt [ /adtech.de ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\G4M628T9.txt [ /adviva.net ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\V9QGR358.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\S4317DY9.txt [ /ad3.adfarm1.adition.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\72Y8I7FE.txt [ /www.windowsmedia.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\GX46H1KR.txt [ /lfstmedia.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\SZIYU62U.txt [ /media6degrees.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\RC1EGF6A.txt [ /smartadserver.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\WGZ376H5.txt [ /adserver.zenoviaexchange.com ]
        C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Cookies\8V6N59TF.txt [ /ru4.com ]
        C:\USERS\GALGE\AppData\Roaming\Microsoft\Windows\Cookies\Low\galge@c.atdmt[2].txt [ Cookie:galge@c.atdmt.com/ ]
        C:\USERS\GALGE\AppData\Roaming\Microsoft\Windows\Cookies\Low\galge@doubleclick[1].txt [ Cookie:galge@doubleclick.net/ ]
        C:\USERS\GALGE\AppData\Roaming\Microsoft\Windows\Cookies\Low\galge@adfarm1.adition[1].txt [ Cookie:galge@adfarm1.adition.com/ ]
        C:\USERS\GALGE\AppData\Roaming\Microsoft\Windows\Cookies\Low\galge@atdmt[2].txt [ Cookie:galge@atdmt.com/ ]
        C:\USERS\GALGE\Cookies\N3TSJ3RU.txt [ Cookie:galge@serving-sys.com/ ]
        C:\USERS\GALGE\Cookies\OM647C2C.txt [ Cookie:galge@adform.net/ ]
        C:\USERS\GALGE\Cookies\8DPGOFU8.txt [ Cookie:galge@c.atdmt.com/ ]
        C:\USERS\GALGE\Cookies\DTHR8VBM.txt [ Cookie:galge@imrworldwide.com/cgi-bin ]
        C:\USERS\GALGE\Cookies\22PO936N.txt [ Cookie:galge@ad.adnet.de/ ]
        C:\USERS\GALGE\Cookies\DIEPSE4B.txt [ Cookie:galge@doubleclick.net/ ]
        C:\USERS\GALGE\Cookies\U0FGC5AY.txt [ Cookie:galge@a.revenuemax.de/ ]
        C:\USERS\GALGE\Cookies\YLKZV690.txt [ Cookie:galge@adnetwork.net/ ]
        C:\USERS\GALGE\Cookies\LZ3C3STJ.txt [ Cookie:galge@adfarm1.adition.com/ ]
        C:\USERS\GALGE\Cookies\QL2W136F.txt [ Cookie:galge@server.adform.net/ ]
        C:\USERS\GALGE\Cookies\60YN4UK7.txt [ Cookie:galge@questionmarket.com/ ]
        C:\USERS\GALGE\Cookies\F04RJHK2.txt [ Cookie:galge@tracking.quisma.com/ ]
        C:\USERS\GALGE\Cookies\5JB2UYS0.txt [ Cookie:galge@tradedoubler.com/ ]
        C:\USERS\GALGE\Cookies\ELAQVAI7.txt [ Cookie:galge@ad.adition.net/ ]
        C:\USERS\GALGE\Cookies\ZOABOK0C.txt [ Cookie:galge@webmasterplan.com/ ]
        C:\USERS\GALGE\Cookies\YDXA1GLD.txt [ Cookie:galge@fastclick.net/ ]
        C:\USERS\GALGE\Cookies\88ZKAD10.txt [ Cookie:galge@adxpose.com/ ]
        C:\USERS\GALGE\Cookies\W7P6S35Q.txt [ Cookie:galge@ad.dyntracker.com/ ]
        C:\USERS\GALGE\Cookies\0TDMVJGN.txt [ Cookie:galge@www.active-tracking.de/ ]
        C:\USERS\GALGE\Cookies\8836ES8A.txt [ Cookie:galge@apmebf.com/ ]
        C:\USERS\GALGE\Cookies\KJTMFTRN.txt [ Cookie:galge@atdmt.com/ ]
        C:\USERS\GALGE\Cookies\5KXP2R4M.txt [ Cookie:galge@ad.zanox.com/ ]
        C:\USERS\GALGE\Cookies\XJH2FEBW.txt [ Cookie:galge@lucidmedia.com/ ]
        C:\USERS\GALGE\Cookies\S83A8VNO.txt [ Cookie:galge@invitemedia.com/ ]
        C:\USERS\GALGE\Cookies\SATVKQEV.txt [ Cookie:galge@www.usenext.de/ ]
        C:\USERS\GALGE\Cookies\0ZNJYD09.txt [ Cookie:galge@ad4.adfarm1.adition.com/ ]
        C:\USERS\GALGE\Cookies\8I4XF22W.txt [ Cookie:galge@advertising.com/ ]
        C:\USERS\GALGE\Cookies\32TE08SH.txt [ Cookie:galge@zanox.com/ ]
        C:\USERS\GALGE\Cookies\1OZ4G7VI.txt [ Cookie:galge@mediaplex.com/ ]
        C:\USERS\GALGE\Cookies\BY5XX9ST.txt [ Cookie:galge@unitymedia.de/ ]
        C:\USERS\GALGE\Cookies\BE79T023.txt [ Cookie:galge@adbrite.com/ ]
        C:\USERS\GALGE\Cookies\G4M628T9.txt [ Cookie:galge@adviva.net/ ]
        C:\USERS\GALGE\Cookies\V9QGR358.txt [ Cookie:galge@ad1.adfarm1.adition.com/ ]
        C:\USERS\GALGE\Cookies\S4317DY9.txt [ Cookie:galge@ad3.adfarm1.adition.com/ ]
        C:\USERS\GALGE\Cookies\72Y8I7FE.txt [ Cookie:galge@www.windowsmedia.com/ ]
        C:\USERS\GALGE\Cookies\GX46H1KR.txt [ Cookie:galge@lfstmedia.com/ ]
        C:\USERS\GALGE\Cookies\SZIYU62U.txt [ Cookie:galge@media6degrees.com/ ]
        C:\USERS\GALGE\Cookies\RC1EGF6A.txt [ Cookie:galge@smartadserver.com/ ]
        C:\USERS\GALGE\Cookies\WGZ376H5.txt [ Cookie:galge@adserver.zenoviaexchange.com/ ]
        delivery.ibanner.de [ C:\USERS\GALGE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UY7AZWCZ ]
        media.trafficfactory.biz [ C:\USERS\GALGE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UY7AZWCZ ]
        track.webgains.com [ C:\USERS\GALGE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UY7AZWCZ ]
        C:\USERS\GALGE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GALGE@AD2.ADFARM1.ADITION[1].TXT [ /AD2.ADFARM1.ADITION ]
        .doubleclick.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .game-advertising-online.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.youporn.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tns-counter.ru [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adnet.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .harrenmedianetwork.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adserver.adtechus.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .freaks-toplist.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .solvemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .gostats.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.sexyanimeplace.org [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .microsoftsto.112.2o7.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.youporn.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.elitepvpers.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .elitepvpers.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ads.247activemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.sexyanimeplace.org [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        stat.dealtime.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.sexy.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .foxfilmedentertainment.122.2o7.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .blau.122.2o7.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .prepaid-discounter.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .prepaid-discounter.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .secmedia.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        zbox.zanox.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .solvemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        targeting.revenuemax.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ox-d.secure-clicks.org [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        adserver.zenoviaexchange.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        server.adformdsp.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adformdsp.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tradetracker.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .sexy.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        tracking.publicidees.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .zfstats.org [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .w3counter.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .stats.paypal.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .e-webtrack.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .e-webtrack.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .e-webtrack.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .www.mediaversand.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .revenuemax.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tradetracker.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .animetoplist.org [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .ad.mlnadvertising.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.elitepvpers.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.elitepvpers.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .elitepvpers.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .elitepvpers.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .burstnet.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        tracking.hostgator.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        de.youporn.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ads.trafficjunky.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .sexad.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .content.yieldmanager.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        adserver.redkaraoke.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .eliteanimes.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .eliteanimes.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        sexyanimeplace.org [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .sexyanimeplace.org [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        server.adformdsp.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adformdsp.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adnetwork.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adnet.affinity.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.mediafire.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.mediafire.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.mediafire.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .xm.xtendmedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .bwincom.122.2o7.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .myroitracking.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tracking.mindshare.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        teufel-media.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        hellsmedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        hellsmedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        hellsmedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ads1.solocpm.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ads1.solocpm.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad1.dyntracker.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        media.neodau.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        media.neodau.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        media.neodau.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        delivery.advert-layer.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adservr.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adservr.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adservr.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        server.iad.liveperson.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        poweradvertising.co.uk [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .aim4media.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        aa.adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        rpc.trafficfactory.biz [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        rpc.trafficfactory.biz [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .eaeacom.112.2o7.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GALGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YWP62YF.DEFAULT\COOKIES.SQLITE ]
Und hier Malywarebytes:

Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.21.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Galge :: ANIMENIA [Administrator]

22.09.2012 03:26:11
mbam-log-2012-09-22 (03-26-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 411148
Laufzeit: 1 Stunde(n), 49 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
MfG

cosinus 22.09.2012 17:00
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Galge 22.09.2012 18:31
So ich danke dir erstmal Herzlichst, das du dir Zeit für mich genommen hast! :3
Nein also, nach der Systemwiederherstellung hatte ich ja schon keine Probleme mehr und diesmal - nicht wie letztens - hat sich Malwarebytes auch nicht mehr aufgehangen! ^^

Von den ganzen Programmen die ich jetzt ja habe - welche kann ich denn drauf lassen und verwenden? Und allg. welche Programme empfehlst du denn um den PC möglichst sauber zu halten?

Z.z. habe ich Windows Essentials und Symantec.

ich danke dir nochmals für deine Arbeit und mühen! ^^

MfG

cosinus 22.09.2012 21:02
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131