Systemprofil weg

Bananenshake · 23.07.2012, 17:10

Schönen Abend euch,
ich brauch dringend eure Hilfe. Heute nach der Schule war alles normal mit meinem System. Mir ist jedoch in Taskmanager der Prozess "searchprotocolhost.exe" aufgefallen. Ich hab danach gegooglet und die Meinungen waren zweispaltig. Manche meinten, es wäre ein normaler Microsoft-Prozess, andere waren der Meinung, es wäre ein Virus oder sowas in der Art. Ich hab dann von GData und Malwarebyte diesen Ordner (System32) überprüfen lassen - beide meldeten nichts (Config hänge ich am Schluss an). Als ich dann wieder im Taskmanager nachgeschaut hab, war der Prozess auch weg.
Nachdem ich vom Shoppen heimgekommen bin & mein Pc hochgefahren hab, viel mir die Meldung 'Deskop wird vorbereitet' auf. Ist sonst auch nie gekommen. Du meinem Erschrecken war dann mein Deskop leer, nur der Papierkorb war da. Bildschirm schwarz, Taskleiste grau und fast leer. Es kam eine auch eine Fehlermeldung, dass der Pfad zu systemprofil (oder sowas in der Art) fehlt. Hab gott sei dank das Wartungscenter herbekommen (nach langem hin und her.. Sogar die Systemsteuerung fehlte erst) und hab mein System auf den 21.07.2012 zurückgesetzt. Gott sei Dank ist jetzt wenigstens wieder alles normal, fehlende Datein etc sind mir nicht aufgefallen.
Jedoch wird es damit nicht getan sein. Ersteinmal beide Logs:

GData:

Code:

ATTFilter

Virenprüfung mit G Data AntiVirus
Version 20.2.4.2 (20.04.2010)
Virensignaturen vom 
Startzeit: 23.07.2012 13:02:04
Virensignaturen: 
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Aus

Prüfung der Systembereiche...
Prüfung folgender Verzeichnisse und Dateien:
  C:\Windows\


Analyse vollständig durchgeführt: 23.07.2012 14:17:19
    77499 Dateien überprüft
    0 infizierte Dateien gefunden
    0 verdächtige Dateien gefunden

Malwarebyte Anti-Malware:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jessi :: JESSI-PC [Administrator]

23.07.2012 12:55:41
mbam-log-2012-07-23 (12-55-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244677
Laufzeit: 5 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Würde mich auf Hilfe freuen

LG
Jessi

cosinus · 27.07.2012, 12:58

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Bananenshake · 27.07.2012, 20:25

Malwarebyte Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jessi :: JESSI-PC [Administrator]

27.07.2012 15:02:29
mbam-log-2012-07-27 (15-02-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 522153
Laufzeit: 2 Stunde(n), 31 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET-Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dece2c705b037f45b84f831a9c0bbdbd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-27 07:21:26
# local_time=2012-07-27 09:21:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4096 16777215 100 0 68895210 68895210 0 0
# compatibility_mode=5893 16776573 100 94 9531 95033964 0 0
# compatibility_mode=8192 67108863 100 0 135 135 0 0
# scanned=322853
# found=0
# cleaned=0
# scan_time=12793

Hier ist noch eine Log von Malwarebyte, als ich nach der Systemwiederherstellung 'nen Durchlauf gemacht hab:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jessi :: JESSI-PC [Administrator]

23.07.2012 18:12:56
mbam-log-2012-07-23 (18-12-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 544864
Laufzeit: 2 Stunde(n), 16 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 27.07.2012, 22:17

Bislang keine Spur von Schädlingen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Bananenshake · 28.07.2012, 09:21

Komisch.. Ich meine, mein Systemprofil ist doch nicht einfach mal so aus Lust & Laune weg, oder? Kann es vll an der Systemwiederherstellung liegen, dass dadurch auch der Schädling weg ist, da der zu diesem Zeitpunkt noch garnicht auf meinem Rechner war?

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/28/2012 at 10:20:09
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jessi - JESSI-PC
# Running from : C:\Users\Jessi\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Jessi\AppData\Local\Ilivid Player
Folder Found : C:\Users\Jessi\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jessi\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Jessi\AppData\Roaming\loadtbs
Folder Found : C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\z1blzbls.default\Conduit
Folder Found : C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\z1blzbls.default\ConduitEngine
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Iminent
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Found : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
File Found : C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Found : C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2719325
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Iminent
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\z1blzbls.default\prefs.js

Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "31-7-2010");
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Sat Jul 31 2010 14:47:54 GMT+0200");
Found : user_pref("CT2269050.FirstServerDate", "31-7-2010");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FirstTimeSettingsDone", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Found : user_pref("CT2269050.InstalledDate", "Sat Jul 31 2010 14:35:34 GMT+0200");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Jul 31 2010 14:48:24 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_2.7.1.3", "Sat Jul 31 2010 14:35:43 GMT+0200");
Found : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.LoginCache", 4);
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Sat Jul 31 2010 14:35:45 GMT+0200");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat Jul 31 2010 14:35:43 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2269050.SettingsLastCheckTime", "Sat Jul 31 2010 14:35:28 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1280150171");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Jul 31 2010 14:35:28 GMT+0200");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2269050.UserID", "UN90534372337992399");
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Sat Jul 31 2010 14:35:48 GMT+0200");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.clientLogIsEnabled", true);
Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2431245.CTID", "CT2431245");
Found : user_pref("CT2431245.CurrentServerDate", "20-7-2010");
Found : user_pref("CT2431245.DialogsAlignMode", "LTR");
Found : user_pref("CT2431245.DownloadReferralCookieData", "");
Found : user_pref("CT2431245.EMailNotifierPollDate", "Tue Jul 20 2010 16:18:23 GMT+0200");
Found : user_pref("CT2431245.FeedLastCount129009402595187825", 0);
Found : user_pref("CT2431245.FeedPollDate7470634014180506963", "Tue Jul 20 2010 16:03:19 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014269327586", "Tue Jul 20 2010 16:03:22 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014329599698", "Tue Jul 20 2010 16:03:18 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014537505092", "Tue Jul 20 2010 16:03:22 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014970726540", "Tue Jul 20 2010 16:03:22 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015410831318", "Tue Jul 20 2010 15:03:08 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015483395460", "Tue Jul 20 2010 16:03:19 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015636754705", "Tue Jul 20 2010 16:03:23 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015768347545", "Tue Jul 20 2010 16:03:18 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015855543602", "Tue Jul 20 2010 16:03:18 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016030710453", "Tue Jul 20 2010 16:03:18 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016114705611", "Tue Jul 20 2010 16:03:19 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016129205152", "Tue Jul 20 2010 15:03:08 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016143724791", "Tue Jul 20 2010 15:03:08 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016271239162", "Tue Jul 20 2010 15:03:08 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016568520719", "Tue Jul 20 2010 16:03:23 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016726993788", "Tue Jul 20 2010 16:03:18 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017109031809", "Tue Jul 20 2010 16:03:19 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017132743740", "Tue Jul 20 2010 16:03:19 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017299547668", "Tue Jul 20 2010 16:03:19 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017302327846", "Tue Jul 20 2010 16:03:18 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017344111490", "Tue Jul 20 2010 16:03:18 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017478360748", "Tue Jul 20 2010 15:03:08 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017732797593", "Tue Jul 20 2010 16:03:18 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017821686064", "Tue Jul 20 2010 15:03:08 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634018090228721", "Tue Jul 20 2010 16:03:19 GMT+0200");
Found : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Found : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Found : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Found : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Found : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Found : user_pref("CT2431245.FirstServerDate", "20-7-2010");
Found : user_pref("CT2431245.FirstTime", true);
Found : user_pref("CT2431245.FirstTimeFF3", true);
Found : user_pref("CT2431245.FirstTimeSettingsDone", true);
Found : user_pref("CT2431245.FixPageNotFoundErrors", true);
Found : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2431245.Initialize", true);
Found : user_pref("CT2431245.InitializeCommonPrefs", true);
Found : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2431245.InstallationType", "UnknownIntegration");
Found : user_pref("CT2431245.InstalledDate", "Tue Jul 20 2010 10:02:38 GMT+0200");
Found : user_pref("CT2431245.InvalidateCache", false);
Found : user_pref("CT2431245.IsGrouping", false);
Found : user_pref("CT2431245.IsMulticommunity", false);
Found : user_pref("CT2431245.IsOpenThankYouPage", false);
Found : user_pref("CT2431245.IsOpenUninstallPage", true);
Found : user_pref("CT2431245.LanguagePackLastCheckTime", "Tue Jul 20 2010 12:30:39 GMT+0200");
Found : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2431245.LastLogin_2.7.1.3", "Tue Jul 20 2010 14:02:43 GMT+0200");
Found : user_pref("CT2431245.LatestVersion", "2.1.0.18");
Found : user_pref("CT2431245.Locale", "de-de");
Found : user_pref("CT2431245.LoginCache", 4);
Found : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Found : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Found : user_pref("CT2431245.RadioIsPodcast", false);
Found : user_pref("CT2431245.RadioLastCheckTime", "Tue Jul 20 2010 10:02:42 GMT+0200");
Found : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Found : user_pref("CT2431245.RadioMediaID", "20503672");
Found : user_pref("CT2431245.RadioMediaType", "Media Player");
Found : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Found : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Found : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Found : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Found : user_pref("CT2431245.SearchInNewTabEnabled", true);
Found : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Tue Jul 20 2010 10:02:42 GMT+0200");
Found : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2431245.SettingsLastCheckTime", "Tue Jul 20 2010 12:28:10 GMT+0200");
Found : user_pref("CT2431245.SettingsLastUpdate", "1279118128");
Found : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Tue Jul 20 2010 10:02:36 GMT+0200");
Found : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1279118128");
Found : user_pref("CT2431245.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2431245.UserID", "UN13359887760469114");
Found : user_pref("CT2431245.ValidationData_Toolbar", 2);
Found : user_pref("CT2431245.WeatherNetwork", "");
Found : user_pref("CT2431245.WeatherPollDate", "Tue Jul 20 2010 16:03:23 GMT+0200");
Found : user_pref("CT2431245.WeatherUnit", "C");
Found : user_pref("CT2431245.alertChannelId", "825452");
Found : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Found : user_pref("CT2431245.clientLogIsEnabled", false);
Found : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2431245.myStuffEnabled", true);
Found : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2719325.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2719325.CTID", "CT2719325");
Found : user_pref("CT2719325.CurrentServerDate", "3-9-2010");
Found : user_pref("CT2719325.DialogsAlignMode", "LTR");
Found : user_pref("CT2719325.DownloadReferralCookieData", "");
Found : user_pref("CT2719325.EMailNotifierPollDate", "Fri Sep 03 2010 17:37:53 GMT+0200");
Found : user_pref("CT2719325.FeedLastCount7577869347469948784", 376);
Found : user_pref("CT2719325.FeedPollDate129255010923663813", "Fri Sep 03 2010 17:37:53 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923663819", "Fri Sep 03 2010 17:37:53 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923663825", "Fri Sep 03 2010 17:37:54 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923663831", "Fri Sep 03 2010 17:37:54 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923663837", "Fri Sep 03 2010 17:37:54 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820093", "Fri Sep 03 2010 17:37:54 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820099", "Fri Sep 03 2010 17:37:54 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820105", "Fri Sep 03 2010 17:37:54 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820111", "Fri Sep 03 2010 17:37:54 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820117", "Fri Sep 03 2010 17:37:54 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820123", "Fri Sep 03 2010 17:37:55 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820129", "Fri Sep 03 2010 17:37:55 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820135", "Fri Sep 03 2010 17:37:55 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820141", "Fri Sep 03 2010 17:37:55 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820147", "Fri Sep 03 2010 17:37:55 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820153", "Fri Sep 03 2010 17:37:55 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820159", "Fri Sep 03 2010 17:37:55 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820165", "Fri Sep 03 2010 17:37:55 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820171", "Fri Sep 03 2010 17:37:55 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820177", "Fri Sep 03 2010 17:37:55 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820183", "Fri Sep 03 2010 17:37:55 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820189", "Fri Sep 03 2010 17:37:56 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820195", "Fri Sep 03 2010 17:37:56 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820201", "Fri Sep 03 2010 17:37:56 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820207", "Fri Sep 03 2010 17:37:56 GMT+0200");
Found : user_pref("CT2719325.FeedPollDate129255010923820213", "Fri Sep 03 2010 17:37:56 GMT+0200");
Found : user_pref("CT2719325.FeedTTL129255010923663825", 5);
Found : user_pref("CT2719325.FeedTTL129255010923820141", 5);
Found : user_pref("CT2719325.FeedTTL129255010923820153", 30);
Found : user_pref("CT2719325.FirstServerDate", "3-9-2010");
Found : user_pref("CT2719325.FirstTime", true);
Found : user_pref("CT2719325.FirstTimeFF3", true);
Found : user_pref("CT2719325.FirstTimeSettingsDone", true);
Found : user_pref("CT2719325.FixPageNotFoundErrors", true);
Found : user_pref("CT2719325.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2719325.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2719325.Initialize", true);
Found : user_pref("CT2719325.InitializeCommonPrefs", true);
Found : user_pref("CT2719325.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT2719325.InstallationType", "UnknownIntegration");
Found : user_pref("CT2719325.InstalledDate", "Fri Sep 03 2010 17:37:53 GMT+0200");
Found : user_pref("CT2719325.InvalidateCache", false);
Found : user_pref("CT2719325.IsGrouping", false);
Found : user_pref("CT2719325.IsMulticommunity", false);
Found : user_pref("CT2719325.IsOpenThankYouPage", false);
Found : user_pref("CT2719325.IsOpenUninstallPage", true);
Found : user_pref("CT2719325.LanguagePackLastCheckTime", "Fri Sep 03 2010 17:38:07 GMT+0200");
Found : user_pref("CT2719325.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2719325.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2719325.LastLogin_2.7.2.0", "Fri Sep 03 2010 17:37:56 GMT+0200");
Found : user_pref("CT2719325.LatestVersion", "2.7.2.0");
Found : user_pref("CT2719325.Locale", "de");
Found : user_pref("CT2719325.LoginCache", 4);
Found : user_pref("CT2719325.MCDetectTooltipHeight", "83");
Found : user_pref("CT2719325.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2719325.MCDetectTooltipWidth", "295");
Found : user_pref("CT2719325.RadioIsPodcast", false);
Found : user_pref("CT2719325.RadioLastCheckTime", "Fri Sep 03 2010 17:37:58 GMT+0200");
Found : user_pref("CT2719325.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2719325.RadioLastUpdateServer", "129246150971600000");
Found : user_pref("CT2719325.RadioMediaID", "21056683");
Found : user_pref("CT2719325.RadioMediaType", "Media Player");
Found : user_pref("CT2719325.RadioMenuSelectedID", "EBRadioMenu_CT271932521056683");
Found : user_pref("CT2719325.RadioStationName", "MDR%20Info");
Found : user_pref("CT2719325.RadioStationURL", "hxxp://mdr.streamfarm.net/cms/_vm100/radios/mdr/live/info_cm[...]
Found : user_pref("CT2719325.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2719325.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2719325.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT271[...]
Found : user_pref("CT2719325.SearchInNewTabEnabled", true);
Found : user_pref("CT2719325.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2719325.SearchInNewTabLastCheckTime", "Fri Sep 03 2010 17:37:56 GMT+0200");
Found : user_pref("CT2719325.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2719325.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2719325.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2719325.SettingsLastCheckTime", "Fri Sep 03 2010 17:37:51 GMT+0200");
Found : user_pref("CT2719325.SettingsLastUpdate", "1283347212");
Found : user_pref("CT2719325.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2719325.ThirdPartyComponentsLastCheck", "Fri Sep 03 2010 17:37:51 GMT+0200");
Found : user_pref("CT2719325.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2719325.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2719325.UserID", "UN53695010022988786");
Found : user_pref("CT2719325.ValidationData_Toolbar", 0);
Found : user_pref("CT2719325.WeatherNetwork", "");
Found : user_pref("CT2719325.WeatherPollDate", "Fri Sep 03 2010 17:37:56 GMT+0200");
Found : user_pref("CT2719325.WeatherUnit", "C");
Found : user_pref("CT2719325.alertChannelId", "1111610");
Found : user_pref("CT2719325.clientLogIsEnabled", false);
Found : user_pref("CT2719325.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2719325.myStuffEnabled", true);
Found : user_pref("CT2719325.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2719325.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2719325.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2719325.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2719325.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1112915/1108619/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.FeedDeleteDontAskAgain", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2431245,CT2269050,CT2719325,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245,CT2269050,CT2719325");
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jun 19 2011 21:29:00 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 19 2011 21:29:00 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "81e9e450-f84f-49b3-ab60-f2e7d843cff6");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Sep 03 2010 17:37:56 GMT+0200");
Found : user_pref("ConduitEngine.BrowserCompStateIsOpen_8556964412163870795", true);
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.FirstServerDate", "03/07/2011 23");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Mon Mar 07 2011 21:23:45 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Jun 19 2011 21:29:01 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.2.3.3", "Mon Mar 07 2011 21:23:45 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sun Jun 19 2011 21:29:01 GMT+0200");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Jun 19 2011 21:29:01 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN73426497592311813");
Found : user_pref("ConduitEngine.backendstorage._fb_dailyactivity", "31333031363739333136313934");
Found : user_pref("ConduitEngine.backendstorage._fb_lifetimesent", "54525545");
Found : user_pref("ConduitEngine.backendstorage.facebbok_user_id", "6E6F6E65");
Found : user_pref("ConduitEngine.backendstorage.facebook_ctid_connect_send", "73656E646564");
Found : user_pref("ConduitEngine.backendstorage.facebook_first_visit", "6E6F744669727374");
Found : user_pref("ConduitEngine.backendstorage.facebook_last_message_choice", "656D707479");
Found : user_pref("ConduitEngine.backendstorage.facebook_login_status", "30");
Found : user_pref("ConduitEngine.backendstorage.facebook_lust_recievegadet", "");
Found : user_pref("ConduitEngine.backendstorage.facebook_mode", "32");
Found : user_pref("ConduitEngine.backendstorage.facebook_user_locale", "6465");
Found : user_pref("ConduitEngine.backendstorage.facebook_user_name", "6E6F6E65");
Found : user_pref("ConduitEngine.backendstorage.facebook_user_token", "6E6F6E65");
Found : user_pref("ConduitEngine.backendstorage.facebooknotifications", "30");
Found : user_pref("ConduitEngine.backendstorage.hxxp://facebook_conduitapps_com/v3_2_4_2.facebook_last_visit[...]
Found : user_pref("ConduitEngine.componentAlertEnabled", true);
Found : user_pref("ConduitEngine.counterAppsAdded", 1);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Jun 19 2011 21:29:01 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.usagesFlag", 2);
Found : user_pref("quickstores.toolbar.affid", "2003");
Found : user_pref("quickstores.toolbar.guid", "{79ED6712-7891-6CD4-DC1A-8F0D672A085D}");

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Jessi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Jessi\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [30766 octets] - [28/07/2012 10:20:09]

########## EOF - C:\AdwCleaner[R1].txt - [30895 octets] ##########

cosinus · 28.07.2012, 22:48

Zitat:

Komisch.. Ich meine, mein Systemprofil ist doch nicht einfach mal so aus Lust & Laune weg, oder?

Sicher gibt es dafür einen Grund, aber ich war ja wohl nicht vor deinem Rechner als das passierte? Zudem versuch ich gerade mit einigen Logs auf die Ursache zu stoßen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Bananenshake · 29.07.2012, 11:01

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/29/2012 at 11:54:51
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jessi - JESSI-PC
# Running from : C:\Users\Jessi\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Jessi\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Jessi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jessi\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Jessi\AppData\Roaming\loadtbs
Folder Deleted : C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\z1blzbls.default\Conduit
Folder Deleted : C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\z1blzbls.default\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
File Deleted : C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2719325
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Iminent

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\z1blzbls.default\prefs.js

Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "31-7-2010");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Sat Jul 31 2010 14:47:54 GMT+0200");
Deleted : user_pref("CT2269050.FirstServerDate", "31-7-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Sat Jul 31 2010 14:35:34 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Jul 31 2010 14:48:24 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.7.1.3", "Sat Jul 31 2010 14:35:43 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Sat Jul 31 2010 14:35:45 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat Jul 31 2010 14:35:43 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Sat Jul 31 2010 14:35:28 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1280150171");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Jul 31 2010 14:35:28 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2269050.UserID", "UN90534372337992399");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Sat Jul 31 2010 14:35:48 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.clientLogIsEnabled", true);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2431245.CTID", "CT2431245");
Deleted : user_pref("CT2431245.CurrentServerDate", "20-7-2010");
Deleted : user_pref("CT2431245.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2431245.DownloadReferralCookieData", "");
Deleted : user_pref("CT2431245.EMailNotifierPollDate", "Tue Jul 20 2010 16:18:23 GMT+0200");
Deleted : user_pref("CT2431245.FeedLastCount129009402595187825", 0);
Deleted : user_pref("CT2431245.FeedPollDate7470634014180506963", "Tue Jul 20 2010 16:03:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014269327586", "Tue Jul 20 2010 16:03:22 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014329599698", "Tue Jul 20 2010 16:03:18 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014537505092", "Tue Jul 20 2010 16:03:22 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014970726540", "Tue Jul 20 2010 16:03:22 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015410831318", "Tue Jul 20 2010 15:03:08 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015483395460", "Tue Jul 20 2010 16:03:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015636754705", "Tue Jul 20 2010 16:03:23 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015768347545", "Tue Jul 20 2010 16:03:18 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015855543602", "Tue Jul 20 2010 16:03:18 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016030710453", "Tue Jul 20 2010 16:03:18 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016114705611", "Tue Jul 20 2010 16:03:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016129205152", "Tue Jul 20 2010 15:03:08 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016143724791", "Tue Jul 20 2010 15:03:08 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016271239162", "Tue Jul 20 2010 15:03:08 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016568520719", "Tue Jul 20 2010 16:03:23 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016726993788", "Tue Jul 20 2010 16:03:18 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017109031809", "Tue Jul 20 2010 16:03:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017132743740", "Tue Jul 20 2010 16:03:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017299547668", "Tue Jul 20 2010 16:03:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017302327846", "Tue Jul 20 2010 16:03:18 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017344111490", "Tue Jul 20 2010 16:03:18 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017478360748", "Tue Jul 20 2010 15:03:08 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017732797593", "Tue Jul 20 2010 16:03:18 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017821686064", "Tue Jul 20 2010 15:03:08 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634018090228721", "Tue Jul 20 2010 16:03:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Deleted : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Deleted : user_pref("CT2431245.FirstServerDate", "20-7-2010");
Deleted : user_pref("CT2431245.FirstTime", true);
Deleted : user_pref("CT2431245.FirstTimeFF3", true);
Deleted : user_pref("CT2431245.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2431245.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2431245.Initialize", true);
Deleted : user_pref("CT2431245.InitializeCommonPrefs", true);
Deleted : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2431245.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2431245.InstalledDate", "Tue Jul 20 2010 10:02:38 GMT+0200");
Deleted : user_pref("CT2431245.InvalidateCache", false);
Deleted : user_pref("CT2431245.IsGrouping", false);
Deleted : user_pref("CT2431245.IsMulticommunity", false);
Deleted : user_pref("CT2431245.IsOpenThankYouPage", false);
Deleted : user_pref("CT2431245.IsOpenUninstallPage", true);
Deleted : user_pref("CT2431245.LanguagePackLastCheckTime", "Tue Jul 20 2010 12:30:39 GMT+0200");
Deleted : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2431245.LastLogin_2.7.1.3", "Tue Jul 20 2010 14:02:43 GMT+0200");
Deleted : user_pref("CT2431245.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2431245.Locale", "de-de");
Deleted : user_pref("CT2431245.LoginCache", 4);
Deleted : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2431245.RadioIsPodcast", false);
Deleted : user_pref("CT2431245.RadioLastCheckTime", "Tue Jul 20 2010 10:02:42 GMT+0200");
Deleted : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Deleted : user_pref("CT2431245.RadioMediaID", "20503672");
Deleted : user_pref("CT2431245.RadioMediaType", "Media Player");
Deleted : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Deleted : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Deleted : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Deleted : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2431245.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Tue Jul 20 2010 10:02:42 GMT+0200");
Deleted : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2431245.SettingsLastCheckTime", "Tue Jul 20 2010 12:28:10 GMT+0200");
Deleted : user_pref("CT2431245.SettingsLastUpdate", "1279118128");
Deleted : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Tue Jul 20 2010 10:02:36 GMT+0200");
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1279118128");
Deleted : user_pref("CT2431245.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2431245.UserID", "UN13359887760469114");
Deleted : user_pref("CT2431245.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2431245.WeatherNetwork", "");
Deleted : user_pref("CT2431245.WeatherPollDate", "Tue Jul 20 2010 16:03:23 GMT+0200");
Deleted : user_pref("CT2431245.WeatherUnit", "C");
Deleted : user_pref("CT2431245.alertChannelId", "825452");
Deleted : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Deleted : user_pref("CT2431245.clientLogIsEnabled", false);
Deleted : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2431245.myStuffEnabled", true);
Deleted : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2719325.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2719325.CTID", "CT2719325");
Deleted : user_pref("CT2719325.CurrentServerDate", "3-9-2010");
Deleted : user_pref("CT2719325.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2719325.DownloadReferralCookieData", "");
Deleted : user_pref("CT2719325.EMailNotifierPollDate", "Fri Sep 03 2010 17:37:53 GMT+0200");
Deleted : user_pref("CT2719325.FeedLastCount7577869347469948784", 376);
Deleted : user_pref("CT2719325.FeedPollDate129255010923663813", "Fri Sep 03 2010 17:37:53 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923663819", "Fri Sep 03 2010 17:37:53 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923663825", "Fri Sep 03 2010 17:37:54 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923663831", "Fri Sep 03 2010 17:37:54 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923663837", "Fri Sep 03 2010 17:37:54 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820093", "Fri Sep 03 2010 17:37:54 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820099", "Fri Sep 03 2010 17:37:54 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820105", "Fri Sep 03 2010 17:37:54 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820111", "Fri Sep 03 2010 17:37:54 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820117", "Fri Sep 03 2010 17:37:54 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820123", "Fri Sep 03 2010 17:37:55 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820129", "Fri Sep 03 2010 17:37:55 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820135", "Fri Sep 03 2010 17:37:55 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820141", "Fri Sep 03 2010 17:37:55 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820147", "Fri Sep 03 2010 17:37:55 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820153", "Fri Sep 03 2010 17:37:55 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820159", "Fri Sep 03 2010 17:37:55 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820165", "Fri Sep 03 2010 17:37:55 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820171", "Fri Sep 03 2010 17:37:55 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820177", "Fri Sep 03 2010 17:37:55 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820183", "Fri Sep 03 2010 17:37:55 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820189", "Fri Sep 03 2010 17:37:56 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820195", "Fri Sep 03 2010 17:37:56 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820201", "Fri Sep 03 2010 17:37:56 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820207", "Fri Sep 03 2010 17:37:56 GMT+0200");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820213", "Fri Sep 03 2010 17:37:56 GMT+0200");
Deleted : user_pref("CT2719325.FeedTTL129255010923663825", 5);
Deleted : user_pref("CT2719325.FeedTTL129255010923820141", 5);
Deleted : user_pref("CT2719325.FeedTTL129255010923820153", 30);
Deleted : user_pref("CT2719325.FirstServerDate", "3-9-2010");
Deleted : user_pref("CT2719325.FirstTime", true);
Deleted : user_pref("CT2719325.FirstTimeFF3", true);
Deleted : user_pref("CT2719325.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2719325.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2719325.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2719325.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2719325.Initialize", true);
Deleted : user_pref("CT2719325.InitializeCommonPrefs", true);
Deleted : user_pref("CT2719325.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2719325.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2719325.InstalledDate", "Fri Sep 03 2010 17:37:53 GMT+0200");
Deleted : user_pref("CT2719325.InvalidateCache", false);
Deleted : user_pref("CT2719325.IsGrouping", false);
Deleted : user_pref("CT2719325.IsMulticommunity", false);
Deleted : user_pref("CT2719325.IsOpenThankYouPage", false);
Deleted : user_pref("CT2719325.IsOpenUninstallPage", true);
Deleted : user_pref("CT2719325.LanguagePackLastCheckTime", "Fri Sep 03 2010 17:38:07 GMT+0200");
Deleted : user_pref("CT2719325.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2719325.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2719325.LastLogin_2.7.2.0", "Fri Sep 03 2010 17:37:56 GMT+0200");
Deleted : user_pref("CT2719325.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2719325.Locale", "de");
Deleted : user_pref("CT2719325.LoginCache", 4);
Deleted : user_pref("CT2719325.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2719325.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2719325.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2719325.RadioIsPodcast", false);
Deleted : user_pref("CT2719325.RadioLastCheckTime", "Fri Sep 03 2010 17:37:58 GMT+0200");
Deleted : user_pref("CT2719325.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2719325.RadioLastUpdateServer", "129246150971600000");
Deleted : user_pref("CT2719325.RadioMediaID", "21056683");
Deleted : user_pref("CT2719325.RadioMediaType", "Media Player");
Deleted : user_pref("CT2719325.RadioMenuSelectedID", "EBRadioMenu_CT271932521056683");
Deleted : user_pref("CT2719325.RadioStationName", "MDR%20Info");
Deleted : user_pref("CT2719325.RadioStationURL", "hxxp://mdr.streamfarm.net/cms/_vm100/radios/mdr/live/info_cm[...]
Deleted : user_pref("CT2719325.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2719325.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2719325.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT271[...]
Deleted : user_pref("CT2719325.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2719325.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2719325.SearchInNewTabLastCheckTime", "Fri Sep 03 2010 17:37:56 GMT+0200");
Deleted : user_pref("CT2719325.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2719325.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2719325.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2719325.SettingsLastCheckTime", "Fri Sep 03 2010 17:37:51 GMT+0200");
Deleted : user_pref("CT2719325.SettingsLastUpdate", "1283347212");
Deleted : user_pref("CT2719325.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2719325.ThirdPartyComponentsLastCheck", "Fri Sep 03 2010 17:37:51 GMT+0200");
Deleted : user_pref("CT2719325.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2719325.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2719325.UserID", "UN53695010022988786");
Deleted : user_pref("CT2719325.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2719325.WeatherNetwork", "");
Deleted : user_pref("CT2719325.WeatherPollDate", "Fri Sep 03 2010 17:37:56 GMT+0200");
Deleted : user_pref("CT2719325.WeatherUnit", "C");
Deleted : user_pref("CT2719325.alertChannelId", "1111610");
Deleted : user_pref("CT2719325.clientLogIsEnabled", false);
Deleted : user_pref("CT2719325.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2719325.myStuffEnabled", true);
Deleted : user_pref("CT2719325.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2719325.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2719325.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2719325.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2719325.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1112915/1108619/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.FeedDeleteDontAskAgain", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2431245,CT2269050,CT2719325,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245,CT2269050,CT2719325");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jun 19 2011 21:29:00 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 19 2011 21:29:00 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "81e9e450-f84f-49b3-ab60-f2e7d843cff6");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Sep 03 2010 17:37:56 GMT+0200");
Deleted : user_pref("ConduitEngine.BrowserCompStateIsOpen_8556964412163870795", true);
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.FirstServerDate", "03/07/2011 23");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Mon Mar 07 2011 21:23:45 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Jun 19 2011 21:29:01 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.2.3.3", "Mon Mar 07 2011 21:23:45 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sun Jun 19 2011 21:29:01 GMT+0200");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Jun 19 2011 21:29:01 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN73426497592311813");
Deleted : user_pref("ConduitEngine.backendstorage._fb_dailyactivity", "31333031363739333136313934");
Deleted : user_pref("ConduitEngine.backendstorage._fb_lifetimesent", "54525545");
Deleted : user_pref("ConduitEngine.backendstorage.facebbok_user_id", "6E6F6E65");
Deleted : user_pref("ConduitEngine.backendstorage.facebook_ctid_connect_send", "73656E646564");
Deleted : user_pref("ConduitEngine.backendstorage.facebook_first_visit", "6E6F744669727374");
Deleted : user_pref("ConduitEngine.backendstorage.facebook_last_message_choice", "656D707479");
Deleted : user_pref("ConduitEngine.backendstorage.facebook_login_status", "30");
Deleted : user_pref("ConduitEngine.backendstorage.facebook_lust_recievegadet", "");
Deleted : user_pref("ConduitEngine.backendstorage.facebook_mode", "32");
Deleted : user_pref("ConduitEngine.backendstorage.facebook_user_locale", "6465");
Deleted : user_pref("ConduitEngine.backendstorage.facebook_user_name", "6E6F6E65");
Deleted : user_pref("ConduitEngine.backendstorage.facebook_user_token", "6E6F6E65");
Deleted : user_pref("ConduitEngine.backendstorage.facebooknotifications", "30");
Deleted : user_pref("ConduitEngine.backendstorage.hxxp://facebook_conduitapps_com/v3_2_4_2.facebook_last_visit[...]
Deleted : user_pref("ConduitEngine.componentAlertEnabled", true);
Deleted : user_pref("ConduitEngine.counterAppsAdded", 1);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Jun 19 2011 21:29:01 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Deleted : user_pref("quickstores.toolbar.affid", "2003");
Deleted : user_pref("quickstores.toolbar.guid", "{79ED6712-7891-6CD4-DC1A-8F0D672A085D}");

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Jessi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Jessi\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [30889 octets] - [28/07/2012 10:20:09]
AdwCleaner[S1].txt - [31255 octets] - [29/07/2012 11:54:51]

########## EOF - C:\AdwCleaner[S1].txt - [31384 octets] ##########

cosinus · 29.07.2012, 17:21

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Bananenshake · 29.07.2012, 20:08

1) Windows geht nach wie vor uneingeschränkt
2) Beim durchklicken ist mir aufgefallen, dass einmal der Ordner Autostart leer ist & der Malwarebytes Anti-Malware-Ordner. Ist das normal? Ansonsten ist mir nichts aufgefallen.

cosinus · 29.07.2012, 20:37

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Bananenshake · 30.07.2012, 14:37

Code:

ATTFilter

OTL logfile created on: 30.07.2012 15:09:11 - Run 4
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Jessi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,86% Memory free
8,00 Gb Paging File | 6,38 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 908,41 Gb Total Space | 591,74 Gb Free Space | 65,14% Space Free | Partition Type: NTFS
Drive D: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JESSI-PC | User Name: Jessi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.30 15:07:34 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jessi\Desktop\OTL.exe
PRC - [2012.06.01 16:07:54 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jessi\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.04.16 13:52:46 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.03.26 04:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
PRC - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
PRC - [2009.09.18 15:49:08 | 000,924,232 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2009.08.08 12:33:28 | 000,397,896 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
PRC - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
PRC - [2009.03.20 02:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
PRC - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.16 11:21:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.16 11:21:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.11 13:49:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 13:48:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 13:48:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 13:48:06 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 13:47:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.04.16 13:52:46 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.03.26 04:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
MOD - [2010.03.26 04:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 11:49:25 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.17 11:45:59 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.06 18:28:05 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 15:13:03 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.01 16:07:54 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.06.17 23:50:00 | 003,890,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)
SRV - [2009.11.25 03:07:32 | 001,731,504 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.08 12:33:28 | 000,397,896 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Site License.3.0)
SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.07.30 12:30:06 | 000,074,184 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2010.07.29 20:45:06 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2010.07.29 20:45:02 | 000,034,760 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2010.07.17 12:26:49 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2010.05.22 08:15:25 | 000,042,952 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2009.11.05 16:15:40 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011.02.11 14:07:05 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.31 10:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1850&r=17360710q116pe495v125r4602s82p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1850&r=17360710q116pe495v125r4602s82p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Jessi\Downloads
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=skins7&q={searchTerms}
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.0.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jessi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jessi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.06 18:28:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.07 20:53:15 | 000,000,000 | ---D | M]
 
[2011.05.12 17:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\Extensions
[2011.05.12 17:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.11 14:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\Firefox\Profiles\z1blzbls.default\extensions
[2012.07.11 14:54:33 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Jessi\AppData\Roaming\mozilla\Firefox\Profiles\z1blzbls.default\extensions\ich@maltegoetz.de
[2012.07.29 11:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.07.30 12:29:34 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.07.06 18:28:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012.03.04 14:08:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.04 14:08:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.04 14:08:03 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.04 14:08:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.04 14:08:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.04 14:08:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jessi\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jessi\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jessi\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: WOT = C:\Users\Jessi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.0_0\
CHR - Extension: YouTube = C:\Users\Jessi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jessi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Jessi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\
CHR - Extension: Google Mail = C:\Users\Jessi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.07.15 15:20:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe (Microsoft)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe (Microsoft)
O4 - HKU\S-1-5-21-1315464899-51369357-3920507254-1000..\Run: [Akamai NetSession Interface] C:\Users\Jessi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1315464899-51369357-3920507254-1000..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O4 - HKU\S-1-5-21-1315464899-51369357-3920507254-1000..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jessi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jessi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41CC71B1-4CEA-445D-8A2B-CD6453ECB8F3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.16 09:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011.09.16 06:58:13 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FILSHtray.lnk - C:\Program Files (x86)\FILSHtray\FILSHtray.exe - (FILSH Media GmbH)
MsConfig:64bit - StartUpFolder: C:^Users^Jessi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk -  - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: FILSHtray - hkey= - key= - C:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Jessi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MsConfig:64bit - StartUpReg: PlusService - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.30 15:07:37 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Jessi\Desktop\OTL.exe
[2012.07.27 19:55:35 | 000,000,000 | ---D | C] -- C:\Users\Jessi\Documents\Ib
[2012.07.27 17:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.27 17:44:23 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Jessi\Desktop\esetsmartinstaller_enu.exe
[2012.07.17 11:57:17 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.16 20:52:55 | 000,000,000 | ---D | C] -- C:\Users\Jessi\Documents\iRinger Tones
[2012.07.16 20:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\iRinger
[2012.07.16 20:46:20 | 004,815,840 | ---- | C] (Make The Cut, LLC.) -- C:\Users\Jessi\Documents\iRinger42.exe
[2012.07.15 19:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jessi\Documents\War of Immortals
[2012.07.15 19:30:36 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\PMB Files
[2012.07.15 19:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.07.13 17:33:24 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Roaming\Trine2
[2012.07.12 15:27:14 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\CrashRpt
[2012.07.11 19:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEVENCORE
[2012.07.11 19:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEVENCORE
[2012.07.11 16:51:10 | 000,000,000 | ---D | C] -- C:\Users\Jessi\Documents\Sevencore
[2012.07.11 16:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jessi\Documents\AdventureCraft1.2.5
[2012.07.06 18:28:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.07.06 18:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.03 16:31:42 | 000,000,000 | ---D | C] -- C:\Users\Jessi\Documents\Schule HE
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.30 15:07:34 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jessi\Desktop\OTL.exe
[2012.07.30 15:06:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1315464899-51369357-3920507254-1000UA.job
[2012.07.30 14:55:06 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 14:55:06 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 14:48:00 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.07.30 14:47:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.30 14:47:39 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.29 12:24:49 | 000,000,252 | ---- | M] () -- C:\Users\Jessi\AppData\Roaming\GPU MeterV2_Settings.ini
[2012.07.28 18:21:05 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1315464899-51369357-3920507254-1000Core.job
[2012.07.28 10:19:29 | 000,632,049 | ---- | M] () -- C:\Users\Jessi\Desktop\adwcleaner.exe
[2012.07.27 19:54:15 | 104,483,375 | ---- | M] () -- C:\Users\Jessi\Documents\Ib.rar
[2012.07.27 19:03:28 | 001,614,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.27 19:03:28 | 000,697,284 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.27 19:03:28 | 000,652,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.27 19:03:28 | 000,148,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.27 19:03:28 | 000,121,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.27 17:44:11 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Jessi\Desktop\esetsmartinstaller_enu.exe
[2012.07.26 15:40:51 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.26 13:48:12 | 000,000,426 | ---- | M] () -- C:\Users\Jessi\AppData\Roaming\All CPU Meter_Settings.ini
[2012.07.21 15:35:08 | 005,068,401 | ---- | M] () -- C:\Users\Jessi\Documents\Warrior Cats Jessica.pdf
[2012.07.21 15:32:10 | 000,287,405 | ---- | M] () -- C:\Users\Jessi\Documents\warrior cats.odt
[2012.07.21 15:31:40 | 002,306,643 | ---- | M] () -- C:\Users\Jessi\Documents\warrior cats.pdf
[2012.07.19 16:11:00 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.19 16:11:00 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.19 15:45:56 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.07.18 13:22:52 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 13:04:59 | 000,002,334 | ---- | M] () -- C:\Users\Jessi\Desktop\Google Chrome.lnk
[2012.07.17 12:07:44 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.16 20:46:24 | 004,815,840 | ---- | M] (Make The Cut, LLC.) -- C:\Users\Jessi\Documents\iRinger42.exe
[2012.07.13 16:41:21 | 000,000,227 | ---- | M] () -- C:\Users\Jessi\Desktop\Trine 2.url
[2012.07.13 16:26:30 | 000,000,227 | ---- | M] () -- C:\Users\Jessi\Desktop\Trine.url
[2012.07.12 13:35:56 | 004,845,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.11 19:23:46 | 000,001,287 | ---- | M] () -- C:\Users\Public\Desktop\SEVENCORE.lnk
[2012.07.11 16:26:17 | 013,907,223 | ---- | M] () -- C:\Users\Jessi\Documents\AdventureCraft1.2.5.zip
[2012.07.07 17:18:33 | 000,007,602 | ---- | M] () -- C:\Users\Jessi\AppData\Local\Resmon.ResmonCfg
[2012.07.05 12:54:15 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.05 12:54:15 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 14:08:44 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1315464899-51369357-3920507254-1000UA.job
[2012.07.02 14:08:44 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1315464899-51369357-3920507254-1000Core.job
[2012.07.01 18:14:18 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.29 12:24:49 | 000,000,252 | ---- | C] () -- C:\Users\Jessi\AppData\Roaming\GPU MeterV2_Settings.ini
[2012.07.28 10:19:36 | 000,632,049 | ---- | C] () -- C:\Users\Jessi\Desktop\adwcleaner.exe
[2012.07.27 19:50:35 | 104,483,375 | ---- | C] () -- C:\Users\Jessi\Documents\Ib.rar
[2012.07.26 13:47:03 | 000,000,426 | ---- | C] () -- C:\Users\Jessi\AppData\Roaming\All CPU Meter_Settings.ini
[2012.07.21 15:34:57 | 005,068,401 | ---- | C] () -- C:\Users\Jessi\Documents\Warrior Cats Jessica.pdf
[2012.07.21 15:31:32 | 002,306,643 | ---- | C] () -- C:\Users\Jessi\Documents\warrior cats.pdf
[2012.07.17 13:04:59 | 000,002,334 | ---- | C] () -- C:\Users\Jessi\Desktop\Google Chrome.lnk
[2012.07.17 11:56:14 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1315464899-51369357-3920507254-1000UA.job
[2012.07.17 11:56:10 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1315464899-51369357-3920507254-1000Core.job
[2012.07.13 16:41:21 | 000,000,227 | ---- | C] () -- C:\Users\Jessi\Desktop\Trine 2.url
[2012.07.13 16:26:30 | 000,000,227 | ---- | C] () -- C:\Users\Jessi\Desktop\Trine.url
[2012.07.11 19:23:46 | 000,001,287 | ---- | C] () -- C:\Users\Public\Desktop\SEVENCORE.lnk
[2012.07.11 16:26:13 | 013,907,223 | ---- | C] () -- C:\Users\Jessi\Documents\AdventureCraft1.2.5.zip
[2012.07.07 20:53:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.05 20:14:30 | 000,000,848 | ---- | C] () -- C:\Users\Jessi\.recently-used.xbel
[2012.04.13 12:46:12 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.02.25 17:06:28 | 1799,350,784 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-1.bin
[2012.02.25 17:04:20 | 1257,667,440 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-2.bin
[2012.02.22 13:31:33 | 013,148,896 | ---- | C] () -- C:\Windows\SysWow64\wow-4.2.1.2685-enUS-tools-patch.exe
[2012.01.03 18:39:14 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.03 18:39:12 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.11.09 14:11:14 | 000,229,952 | ---- | C] () -- C:\Users\Jessi\AppData\Roaming\UserTile.png
[2011.10.29 20:49:29 | 000,007,602 | ---- | C] () -- C:\Users\Jessi\AppData\Local\Resmon.ResmonCfg
[2011.10.22 17:04:55 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.10.22 17:04:55 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.07.15 15:09:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.07.15 15:09:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.07.15 15:09:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.07.15 15:09:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.07.15 15:09:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.03.08 17:03:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.03 21:18:32 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010.12.03 16:47:22 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.11.22 18:32:43 | 001,591,850 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.28 20:34:07 | 000,002,220 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.18 16:30:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
 
========== LOP Check ==========
 
[2012.07.29 12:26:28 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.minecraft
[2012.03.04 17:07:59 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.minecraft - 1.1
[2011.12.16 20:01:52 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.minecraft 1.0
[2012.01.24 18:50:09 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.minecraft 1.1
[2012.04.05 17:36:49 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.minecraft 1.2.4
[2012.06.30 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.minecraft 1.2.5
[2012.07.12 13:41:05 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.techniclauncher
[2010.10.23 14:05:04 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Boomzap
[2011.10.05 17:19:56 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.11.22 18:39:21 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\CoSoSys
[2012.01.20 18:16:42 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Downloaded Installations
[2011.10.02 19:50:53 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\DVDVideoSoft
[2011.03.26 21:16:28 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.18 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\ERS G-Studio
[2012.01.05 19:31:54 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\fltk.org
[2011.02.03 21:01:56 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Gamelab
[2012.05.05 20:14:30 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\gtk-2.0
[2011.11.03 19:28:05 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\LolClient
[2012.03.09 14:13:05 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\LOVE
[2010.07.17 18:30:24 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\MAGIX
[2010.07.17 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\OEM
[2010.09.01 17:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Opera
[2011.10.27 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Origin
[2011.04.14 15:52:25 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\PhotoScape
[2012.07.23 17:53:31 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\puush
[2012.05.27 21:10:52 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\RIFT
[2012.02.29 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\RotMG.Production
[2010.07.17 18:33:02 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\SAD_Win7
[2011.10.29 20:21:26 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Serif
[2012.07.23 17:53:18 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\SoftGrid Client
[2010.10.19 17:55:23 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\SurfSecret Privacy Suite
[2010.11.22 18:34:05 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\TP
[2012.07.13 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Trine2
[2012.07.28 14:15:37 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\TS3Client
[2011.11.08 14:23:27 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\ts3overlay
[2011.02.09 13:54:10 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\WildTangentv1002
[2012.07.02 14:08:44 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1315464899-51369357-3920507254-1000Core.job
[2012.07.02 14:08:44 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1315464899-51369357-3920507254-1000UA.job
[2012.04.11 12:11:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.29 12:26:28 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.minecraft
[2012.03.04 17:07:59 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.minecraft - 1.1
[2011.12.16 20:01:52 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.minecraft 1.0
[2012.01.24 18:50:09 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.minecraft 1.1
[2012.04.05 17:36:49 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.minecraft 1.2.4
[2012.06.30 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.minecraft 1.2.5
[2012.07.12 13:41:05 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\.techniclauncher
[2012.07.10 13:39:41 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Adobe
[2012.07.01 18:14:21 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Apple Computer
[2010.10.23 14:05:04 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Boomzap
[2011.10.05 17:19:56 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.11.22 18:39:21 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\CoSoSys
[2010.08.03 12:40:25 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\CyberLink
[2011.10.07 13:11:43 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\DivX
[2012.01.20 18:16:42 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Downloaded Installations
[2011.10.02 19:50:53 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\DVDVideoSoft
[2011.03.26 21:16:28 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.18 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\ERS G-Studio
[2012.01.05 19:31:54 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\fltk.org
[2011.02.03 21:01:56 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Gamelab
[2010.07.17 12:38:03 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Google
[2012.05.05 20:14:30 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\gtk-2.0
[2010.07.17 12:29:06 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Identities
[2011.06.17 13:21:47 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Intelli-studio
[2011.11.03 19:28:05 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\LolClient
[2012.03.09 14:13:05 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\LOVE
[2010.07.17 12:29:30 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Macromedia
[2010.07.17 18:30:24 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\MAGIX
[2011.07.06 19:38:04 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Media Center Programs
[2012.06.24 20:01:24 | 000,000,000 | --SD | M] -- C:\Users\Jessi\AppData\Roaming\Microsoft
[2010.07.17 20:35:06 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Mozilla
[2011.02.08 18:28:22 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Nero
[2011.10.27 20:17:54 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\NVIDIA
[2010.07.17 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\OEM
[2010.09.01 17:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Opera
[2011.10.27 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Origin
[2011.04.14 15:52:25 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\PhotoScape
[2012.07.23 17:53:31 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\puush
[2012.05.27 21:10:52 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\RIFT
[2012.02.29 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\RotMG.Production
[2010.07.17 18:33:02 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\SAD_Win7
[2011.10.29 20:21:26 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Serif
[2012.07.28 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Skype
[2011.09.21 20:02:32 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\skypePM
[2012.07.23 17:53:18 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\SoftGrid Client
[2010.10.18 19:52:21 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\SunRay Games
[2011.07.16 12:02:08 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\SUPERAntiSpyware.com
[2010.10.19 17:55:23 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\SurfSecret Privacy Suite
[2011.03.03 19:27:18 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\teamspeak2
[2010.11.22 18:34:05 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\TP
[2012.07.13 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Trine2
[2012.07.28 14:15:37 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\TS3Client
[2011.11.08 14:23:27 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\ts3overlay
[2011.12.29 13:56:45 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\vlc
[2011.02.09 13:54:10 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\WildTangentv1002
[2011.09.01 12:57:40 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.05.26 16:39:41 | 017,983,128 | ---- | M] () -- C:\Users\Jessi\AppData\Roaming\Intelli-studio\iUpdate.exe
[2012.05.24 17:07:25 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Jessi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.05.12 15:24:10 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Jessi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
[2010.07.17 13:52:31 | 000,010,134 | R--- | M] () -- C:\Users\Jessi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:D3A89E47
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:3086B95F
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:60C897F3

< End of report >

cosinus · 30.07.2012, 19:10

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1850&r=17360710q116pe495v125r4602s82p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?ch_id=skins7&q={searchTerms}
FF - user.js - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-1315464899-51369357-3920507254-1000..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1315464899-51369357-3920507254-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.16 09:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011.09.16 06:58:13 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:D3A89E47
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:3086B95F
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:60C897F3
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Bananenshake · 30.07.2012, 19:39

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-1315464899-51369357-3920507254-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1315464899-51369357-3920507254-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1315464899-51369357-3920507254-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-1315464899-51369357-3920507254-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1315464899-51369357-3920507254-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1315464899-51369357-3920507254-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1315464899-51369357-3920507254-1000\Software\Microsoft\Windows\CurrentVersion\Run\\puush deleted successfully.
C:\Program Files (x86)\puush\puush.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1315464899-51369357-3920507254-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1315464899-51369357-3920507254-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
ADS C:\ProgramData\Temp:D3A89E47 deleted successfully.
ADS C:\ProgramData\Temp:3086B95F deleted successfully.
ADS C:\ProgramData\Temp:1ECED34B deleted successfully.
ADS C:\ProgramData\Temp:60C897F3 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Jessi
->Temp folder emptied: 197744349 bytes
->Temporary Internet Files folder emptied: 5426997 bytes
->Java cache emptied: 8782315 bytes
->FireFox cache emptied: 68000797 bytes
->Google Chrome cache emptied: 386576054 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 185984 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26096 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 553 bytes
RecycleBin emptied: 62684083 bytes
 
Total Files Cleaned = 696,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Jessi
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.55.0 log created on 07302012_203314

Files\Folders moved on Reboot...
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
C:\Users\Jessi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
[2011.09.16 09:07:13 | 000,054,544 | R--- | M] (Electronic Arts) D:\Autorun.exe : MD5=E49E9ED46FFE5B675454E0FE307BEC9C
[2011.09.16 06:58:13 | 000,000,049 | R--- | M] () D:\Autorun.inf : MD5=6840D71B16BF6A644C52E0E1762278F4
File C:\Users\Jessi\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Falls das für die Arbeit hier wichtig ist:
Ich bin vorhin eben von GData auf Kaspersky umgestiegen, da meine Lizenz für GData gestern abgelaufen ist.

cosinus · 30.07.2012, 21:12

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Bananenshake · 31.07.2012, 11:21

Code:

ATTFilter

12:13:29.0592 5380	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:13:29.0685 5380	============================================================
12:13:29.0685 5380	Current date / time: 2012/07/31 12:13:29.0685
12:13:29.0685 5380	SystemInfo:
12:13:29.0685 5380	
12:13:29.0685 5380	OS Version: 6.1.7601 ServicePack: 1.0
12:13:29.0685 5380	Product type: Workstation
12:13:29.0685 5380	ComputerName: JESSI-PC
12:13:29.0685 5380	UserName: Jessi
12:13:29.0685 5380	Windows directory: C:\Windows
12:13:29.0685 5380	System windows directory: C:\Windows
12:13:29.0685 5380	Running under WOW64
12:13:29.0685 5380	Processor architecture: Intel x64
12:13:29.0685 5380	Number of processors: 2
12:13:29.0685 5380	Page size: 0x1000
12:13:29.0685 5380	Boot type: Normal boot
12:13:29.0685 5380	============================================================
12:13:31.0410 5380	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:13:31.0421 5380	============================================================
12:13:31.0421 5380	\Device\Harddisk0\DR0:
12:13:31.0421 5380	MBR partitions:
12:13:31.0421 5380	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2E00800, BlocksNum 0x32000
12:13:31.0421 5380	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2E32800, BlocksNum 0x718D3800
12:13:31.0421 5380	============================================================
12:13:31.0443 5380	C: <-> \Device\Harddisk0\DR0\Partition1
12:13:31.0444 5380	============================================================
12:13:31.0444 5380	Initialize success
12:13:31.0444 5380	============================================================
12:14:15.0583 4572	============================================================
12:14:15.0583 4572	Scan started
12:14:15.0583 4572	Mode: Manual; SigCheck; TDLFS; 
12:14:15.0583 4572	============================================================
12:14:17.0225 4572	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:14:17.0339 4572	1394ohci - ok
12:14:17.0421 4572	AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
12:14:17.0439 4572	AAV UpdateService - ok
12:14:17.0516 4572	ABBYY.Licensing.PDFTransformer.Site License.3.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
12:14:17.0621 4572	ABBYY.Licensing.PDFTransformer.Site License.3.0 - ok
12:14:17.0712 4572	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:14:17.0730 4572	ACPI - ok
12:14:17.0752 4572	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:14:17.0777 4572	AcpiPmi - ok
12:14:17.0874 4572	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:14:17.0890 4572	AdobeARMservice - ok
12:14:18.0017 4572	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:14:18.0040 4572	AdobeFlashPlayerUpdateSvc - ok
12:14:18.0077 4572	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:14:18.0097 4572	adp94xx - ok
12:14:18.0121 4572	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:14:18.0138 4572	adpahci - ok
12:14:18.0151 4572	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:14:18.0164 4572	adpu320 - ok
12:14:18.0185 4572	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:14:18.0237 4572	AeLookupSvc - ok
12:14:18.0309 4572	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:14:18.0341 4572	AFD - ok
12:14:18.0372 4572	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:14:18.0387 4572	agp440 - ok
12:14:18.0615 4572	Akamai          (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
12:14:18.0615 4572	Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
12:14:18.0624 4572	Akamai ( HiddenFile.Multi.Generic ) - warning
12:14:18.0624 4572	Akamai - detected HiddenFile.Multi.Generic (1)
12:14:18.0664 4572	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:14:18.0678 4572	ALG - ok
12:14:18.0697 4572	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:14:18.0708 4572	aliide - ok
12:14:18.0718 4572	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:14:18.0728 4572	amdide - ok
12:14:18.0753 4572	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:14:18.0783 4572	AmdK8 - ok
12:14:18.0817 4572	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:14:18.0842 4572	AmdPPM - ok
12:14:18.0876 4572	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:14:18.0890 4572	amdsata - ok
12:14:18.0908 4572	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:14:18.0923 4572	amdsbs - ok
12:14:18.0944 4572	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:14:18.0955 4572	amdxata - ok
12:14:18.0988 4572	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:14:19.0028 4572	AppID - ok
12:14:19.0068 4572	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:14:19.0114 4572	AppIDSvc - ok
12:14:19.0146 4572	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:14:19.0175 4572	Appinfo - ok
12:14:19.0232 4572	Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:14:19.0246 4572	Apple Mobile Device - ok
12:14:19.0271 4572	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:14:19.0284 4572	arc - ok
12:14:19.0301 4572	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:14:19.0313 4572	arcsas - ok
12:14:19.0412 4572	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:14:19.0429 4572	aspnet_state - ok
12:14:19.0451 4572	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:14:19.0494 4572	AsyncMac - ok
12:14:19.0519 4572	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:14:19.0529 4572	atapi - ok
12:14:19.0595 4572	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:14:19.0645 4572	AudioEndpointBuilder - ok
12:14:19.0652 4572	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:14:19.0684 4572	AudioSrv - ok
12:14:19.0741 4572	AVM WLAN Connection Service (d1a9ae485fff7c72ca50d8949b2210b9) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
12:14:19.0753 4572	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
12:14:19.0753 4572	AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
12:14:19.0779 4572	avmeject        (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
12:14:19.0791 4572	avmeject - ok
12:14:19.0970 4572	AVP             (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
12:14:19.0989 4572	AVP - ok
12:14:20.0038 4572	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:14:20.0061 4572	AxInstSV - ok
12:14:20.0098 4572	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:14:20.0150 4572	b06bdrv - ok
12:14:20.0442 4572	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:14:20.0483 4572	b57nd60a - ok
12:14:20.0519 4572	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:14:20.0547 4572	BDESVC - ok
12:14:20.0554 4572	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:14:20.0614 4572	Beep - ok
12:14:20.0695 4572	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:14:20.0741 4572	BFE - ok
12:14:20.0804 4572	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:14:20.0866 4572	BITS - ok
12:14:20.0913 4572	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:14:20.0944 4572	blbdrive - ok
12:14:21.0053 4572	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:14:21.0069 4572	Bonjour Service - ok
12:14:21.0116 4572	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:14:21.0147 4572	bowser - ok
12:14:21.0147 4572	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:14:21.0178 4572	BrFiltLo - ok
12:14:21.0194 4572	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:14:21.0209 4572	BrFiltUp - ok
12:14:21.0241 4572	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:14:21.0272 4572	Browser - ok
12:14:21.0287 4572	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:14:21.0350 4572	Brserid - ok
12:14:21.0350 4572	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:14:21.0381 4572	BrSerWdm - ok
12:14:21.0381 4572	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:14:21.0412 4572	BrUsbMdm - ok
12:14:21.0412 4572	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:14:21.0428 4572	BrUsbSer - ok
12:14:21.0443 4572	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:14:21.0459 4572	BTHMODEM - ok
12:14:21.0475 4572	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:14:21.0490 4572	bthserv - ok
12:14:21.0506 4572	catchme - ok
12:14:21.0521 4572	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:14:21.0553 4572	cdfs - ok
12:14:21.0631 4572	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:14:21.0646 4572	cdrom - ok
12:14:21.0693 4572	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:14:21.0745 4572	CertPropSvc - ok
12:14:21.0753 4572	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:14:21.0899 4572	circlass - ok
12:14:22.0152 4572	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:14:22.0170 4572	CLFS - ok
12:14:22.0336 4572	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:14:22.0354 4572	clr_optimization_v2.0.50727_32 - ok
12:14:22.0648 4572	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:14:22.0665 4572	clr_optimization_v2.0.50727_64 - ok
12:14:22.0873 4572	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:14:22.0888 4572	clr_optimization_v4.0.30319_32 - ok
12:14:22.0919 4572	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:14:22.0935 4572	clr_optimization_v4.0.30319_64 - ok
12:14:22.0951 4572	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:14:22.0982 4572	CmBatt - ok
12:14:22.0982 4572	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:14:22.0997 4572	cmdide - ok
12:14:23.0060 4572	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
12:14:23.0075 4572	CNG - ok
12:14:23.0091 4572	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:14:23.0107 4572	Compbatt - ok
12:14:23.0138 4572	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:14:23.0169 4572	CompositeBus - ok
12:14:23.0185 4572	COMSysApp - ok
12:14:23.0200 4572	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:14:23.0231 4572	crcdisk - ok
12:14:23.0278 4572	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:14:23.0309 4572	CryptSvc - ok
12:14:23.0450 4572	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:14:23.0465 4572	cvhsvc - ok
12:14:23.0528 4572	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:14:23.0606 4572	DcomLaunch - ok
12:14:23.0621 4572	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:14:23.0684 4572	defragsvc - ok
12:14:23.0715 4572	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:14:23.0762 4572	DfsC - ok
12:14:23.0809 4572	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:14:23.0855 4572	Dhcp - ok
12:14:23.0871 4572	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:14:23.0918 4572	discache - ok
12:14:23.0933 4572	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:14:23.0949 4572	Disk - ok
12:14:23.0980 4572	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:14:24.0011 4572	Dnscache - ok
12:14:24.0043 4572	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:14:24.0089 4572	dot3svc - ok
12:14:24.0152 4572	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:14:24.0199 4572	DPS - ok
12:14:24.0245 4572	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:14:24.0292 4572	drmkaud - ok
12:14:24.0323 4572	dump_wmimmc - ok
12:14:24.0401 4572	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:14:24.0433 4572	DXGKrnl - ok
12:14:24.0448 4572	EagleX64 - ok
12:14:24.0464 4572	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:14:24.0495 4572	EapHost - ok
12:14:24.0620 4572	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:14:24.0729 4572	ebdrv - ok
12:14:24.0791 4572	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:14:24.0838 4572	EFS - ok
12:14:24.0916 4572	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:14:24.0963 4572	ehRecvr - ok
12:14:24.0994 4572	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:14:25.0025 4572	ehSched - ok
12:14:25.0057 4572	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:14:25.0088 4572	elxstor - ok
12:14:25.0103 4572	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:14:25.0119 4572	ErrDev - ok
12:14:25.0166 4572	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:14:25.0197 4572	EventSystem - ok
12:14:25.0213 4572	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:14:25.0275 4572	exfat - ok
12:14:25.0306 4572	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:14:25.0337 4572	fastfat - ok
12:14:25.0400 4572	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:14:25.0462 4572	Fax - ok
12:14:25.0493 4572	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:14:25.0540 4572	fdc - ok
12:14:25.0571 4572	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:14:25.0634 4572	fdPHost - ok
12:14:25.0665 4572	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:14:25.0681 4572	FDResPub - ok
12:14:25.0712 4572	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:14:25.0712 4572	FileInfo - ok
12:14:25.0727 4572	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:14:25.0805 4572	Filetrace - ok
12:14:25.0805 4572	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:14:25.0883 4572	flpydisk - ok
12:14:25.0930 4572	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:14:25.0961 4572	FltMgr - ok
12:14:26.0039 4572	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:14:26.0102 4572	FontCache - ok
12:14:26.0164 4572	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:14:26.0180 4572	FontCache3.0.0.0 - ok
12:14:26.0195 4572	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:14:26.0195 4572	FsDepends - ok
12:14:26.0242 4572	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:14:26.0242 4572	Fs_Rec - ok
12:14:26.0289 4572	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:14:26.0305 4572	fvevol - ok
12:14:26.0383 4572	FWLANUSB        (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
12:14:26.0398 4572	FWLANUSB - ok
12:14:26.0429 4572	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:14:26.0429 4572	gagp30kx - ok
12:14:26.0554 4572	GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:14:26.0570 4572	GamesAppService - ok
12:14:26.0601 4572	gdwfpcd         (fc9b3d24e18d08200f31aa3bace42f6a) C:\Windows\system32\DRIVERS\gdwfpcd64.sys
12:14:26.0617 4572	gdwfpcd - ok
12:14:26.0632 4572	GearAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\drivers\GEARAspiWDM.sys
12:14:26.0648 4572	GearAspiWDM - ok
12:14:26.0710 4572	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:14:26.0788 4572	gpsvc - ok
12:14:26.0975 4572	Greg_Service    (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
12:14:27.0007 4572	Greg_Service - ok
12:14:27.0053 4572	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:14:27.0069 4572	gupdate - ok
12:14:27.0085 4572	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:14:27.0100 4572	gupdatem - ok
12:14:27.0116 4572	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:14:27.0131 4572	gusvc - ok
12:14:27.0209 4572	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
12:14:27.0225 4572	hamachi - ok
12:14:27.0241 4572	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:14:27.0287 4572	hcw85cir - ok
12:14:27.0334 4572	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:14:27.0365 4572	HdAudAddService - ok
12:14:27.0397 4572	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:14:27.0428 4572	HDAudBus - ok
12:14:27.0428 4572	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:14:27.0443 4572	HidBatt - ok
12:14:27.0459 4572	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:14:27.0475 4572	HidBth - ok
12:14:27.0506 4572	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:14:27.0537 4572	HidIr - ok
12:14:27.0584 4572	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:14:27.0631 4572	hidserv - ok
12:14:27.0662 4572	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
12:14:27.0677 4572	HidUsb - ok
12:14:27.0709 4572	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:14:27.0740 4572	hkmsvc - ok
12:14:27.0771 4572	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:14:27.0818 4572	HomeGroupListener - ok
12:14:27.0849 4572	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:14:27.0880 4572	HomeGroupProvider - ok
12:14:27.0896 4572	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:14:27.0911 4572	HpSAMD - ok
12:14:27.0974 4572	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:14:28.0021 4572	HTTP - ok
12:14:28.0052 4572	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:14:28.0067 4572	hwpolicy - ok
12:14:28.0083 4572	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:14:28.0099 4572	i8042prt - ok
12:14:28.0161 4572	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:14:28.0177 4572	iaStorV - ok
12:14:28.0239 4572	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:14:28.0270 4572	idsvc - ok
12:14:28.0489 4572	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:14:28.0645 4572	igfx - ok
12:14:28.0707 4572	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:14:28.0723 4572	iirsp - ok
12:14:28.0801 4572	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:14:28.0863 4572	IKEEXT - ok
12:14:28.0988 4572	IntcAzAudAddService (450bec18b45bccfdc923e11f856dbda7) C:\Windows\system32\drivers\RTKVHD64.sys
12:14:29.0035 4572	IntcAzAudAddService - ok
12:14:29.0081 4572	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:14:29.0097 4572	intelide - ok
12:14:29.0113 4572	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:14:29.0128 4572	intelppm - ok
12:14:29.0159 4572	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:14:29.0206 4572	IPBusEnum - ok
12:14:29.0269 4572	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:14:29.0315 4572	IpFilterDriver - ok
12:14:29.0378 4572	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:14:29.0425 4572	iphlpsvc - ok
12:14:29.0456 4572	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:14:29.0471 4572	IPMIDRV - ok
12:14:29.0487 4572	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:14:29.0518 4572	IPNAT - ok
12:14:29.0659 4572	iPod Service    (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
12:14:29.0674 4572	iPod Service - ok
12:14:29.0705 4572	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:14:29.0721 4572	IRENUM - ok
12:14:29.0752 4572	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:14:29.0768 4572	isapnp - ok
12:14:29.0783 4572	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:14:29.0799 4572	iScsiPrt - ok
12:14:29.0861 4572	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:14:29.0877 4572	kbdclass - ok
12:14:29.0893 4572	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:14:29.0924 4572	kbdhid - ok
12:14:29.0955 4572	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:14:29.0971 4572	KeyIso - ok
12:14:30.0049 4572	KL1             (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
12:14:30.0080 4572	KL1 - ok
12:14:30.0095 4572	kl2             (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
12:14:30.0111 4572	kl2 - ok
12:14:30.0189 4572	KLIF            (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
12:14:30.0220 4572	KLIF - ok
12:14:30.0236 4572	KLIM6           (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
12:14:30.0236 4572	KLIM6 - ok
12:14:30.0267 4572	klmouflt        (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
12:14:30.0283 4572	klmouflt - ok
12:14:30.0314 4572	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
12:14:30.0345 4572	KSecDD - ok
12:14:30.0376 4572	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
12:14:30.0392 4572	KSecPkg - ok
12:14:30.0407 4572	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:14:30.0439 4572	ksthunk - ok
12:14:30.0454 4572	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:14:30.0501 4572	KtmRm - ok
12:14:30.0751 4572	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:14:30.0844 4572	LanmanServer - ok
12:14:30.0875 4572	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:14:30.0922 4572	LanmanWorkstation - ok
12:14:30.0953 4572	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:14:30.0985 4572	lltdio - ok
12:14:31.0000 4572	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:14:31.0047 4572	lltdsvc - ok
12:14:31.0078 4572	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:14:31.0125 4572	lmhosts - ok
12:14:31.0156 4572	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:14:31.0156 4572	LSI_FC - ok
12:14:31.0172 4572	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:14:31.0187 4572	LSI_SAS - ok
12:14:31.0203 4572	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:14:31.0219 4572	LSI_SAS2 - ok
12:14:31.0234 4572	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:14:31.0250 4572	LSI_SCSI - ok
12:14:31.0265 4572	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:14:31.0312 4572	luafv - ok
12:14:31.0343 4572	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:14:31.0359 4572	Mcx2Svc - ok
12:14:31.0375 4572	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:14:31.0375 4572	megasas - ok
12:14:31.0406 4572	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:14:31.0406 4572	MegaSR - ok
12:14:31.0437 4572	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:14:31.0468 4572	MMCSS - ok
12:14:31.0499 4572	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:14:31.0546 4572	Modem - ok
12:14:31.0593 4572	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:14:31.0609 4572	monitor - ok
12:14:31.0671 4572	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:14:31.0687 4572	mouclass - ok
12:14:31.0718 4572	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:14:31.0749 4572	mouhid - ok
12:14:31.0780 4572	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:14:31.0780 4572	mountmgr - ok
12:14:31.0905 4572	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:14:31.0921 4572	MozillaMaintenance - ok
12:14:31.0952 4572	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:14:31.0967 4572	mpio - ok
12:14:31.0983 4572	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:14:32.0014 4572	mpsdrv - ok
12:14:32.0077 4572	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:14:32.0139 4572	MpsSvc - ok
12:14:32.0155 4572	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:14:32.0201 4572	MRxDAV - ok
12:14:32.0248 4572	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:14:32.0279 4572	mrxsmb - ok
12:14:32.0311 4572	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:14:32.0342 4572	mrxsmb10 - ok
12:14:32.0373 4572	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:14:32.0389 4572	mrxsmb20 - ok
12:14:32.0420 4572	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:14:32.0420 4572	msahci - ok
12:14:32.0451 4572	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:14:32.0467 4572	msdsm - ok
12:14:32.0482 4572	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:14:32.0514 4572	MSDTC - ok
12:14:32.0561 4572	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:14:32.0608 4572	Msfs - ok
12:14:32.0624 4572	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:14:32.0670 4572	mshidkmdf - ok
12:14:32.0686 4572	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:14:32.0702 4572	msisadrv - ok
12:14:32.0717 4572	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:14:32.0764 4572	MSiSCSI - ok
12:14:32.0764 4572	msiserver - ok
12:14:32.0795 4572	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:14:32.0826 4572	MSKSSRV - ok
12:14:32.0858 4572	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:14:32.0889 4572	MSPCLOCK - ok
12:14:32.0904 4572	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:14:32.0951 4572	MSPQM - ok
12:14:32.0982 4572	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:14:33.0014 4572	MsRPC - ok
12:14:33.0045 4572	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:14:33.0045 4572	mssmbios - ok
12:14:33.0060 4572	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:14:33.0123 4572	MSTEE - ok
12:14:33.0138 4572	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:14:33.0154 4572	MTConfig - ok
12:14:33.0185 4572	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:14:33.0201 4572	Mup - ok
12:14:33.0248 4572	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:14:33.0294 4572	napagent - ok
12:14:33.0341 4572	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:14:33.0372 4572	NativeWifiP - ok
12:14:33.0435 4572	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:14:33.0482 4572	NDIS - ok
12:14:33.0482 4572	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:14:33.0528 4572	NdisCap - ok
12:14:33.0528 4572	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:14:33.0575 4572	NdisTapi - ok
12:14:33.0622 4572	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:14:33.0669 4572	Ndisuio - ok
12:14:33.0716 4572	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:14:33.0762 4572	NdisWan - ok
12:14:33.0778 4572	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:14:33.0825 4572	NDProxy - ok
12:14:33.0950 4572	Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:14:33.0996 4572	Nero BackItUp Scheduler 4.0 - ok
12:14:34.0043 4572	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:14:34.0074 4572	NetBIOS - ok
12:14:34.0106 4572	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:14:34.0137 4572	NetBT - ok
12:14:34.0152 4572	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:14:34.0168 4572	Netlogon - ok
12:14:34.0199 4572	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:14:34.0246 4572	Netman - ok
12:14:34.0324 4572	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:14:34.0340 4572	NetMsmqActivator - ok
12:14:34.0355 4572	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:14:34.0355 4572	NetPipeActivator - ok
12:14:34.0402 4572	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:14:34.0449 4572	netprofm - ok
12:14:34.0449 4572	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:14:34.0464 4572	NetTcpActivator - ok
12:14:34.0464 4572	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:14:34.0480 4572	NetTcpPortSharing - ok
12:14:34.0496 4572	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:14:34.0511 4572	nfrd960 - ok
12:14:34.0589 4572	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:14:34.0636 4572	NlaSvc - ok
12:14:34.0636 4572	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:14:34.0667 4572	Npfs - ok
12:14:34.0698 4572	npggsvc - ok
12:14:34.0714 4572	NPPTNT2 - ok
12:14:34.0730 4572	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:14:34.0776 4572	nsi - ok
12:14:34.0792 4572	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:14:34.0823 4572	nsiproxy - ok
12:14:34.0932 4572	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:14:34.0964 4572	Ntfs - ok
12:14:35.0026 4572	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:14:35.0073 4572	Null - ok
12:14:35.0120 4572	NVHDA           (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
12:14:35.0135 4572	NVHDA - ok
12:14:35.0573 4572	nvlddmkm        (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:14:35.0745 4572	nvlddmkm - ok
12:14:35.0869 4572	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:14:35.0885 4572	nvraid - ok
12:14:35.0916 4572	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:14:35.0932 4572	nvstor - ok
12:14:35.0994 4572	nvsvc           (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
12:14:36.0010 4572	nvsvc - ok
12:14:36.0135 4572	nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:14:36.0181 4572	nvUpdatusService - ok
12:14:36.0244 4572	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:14:36.0275 4572	nv_agp - ok
12:14:36.0306 4572	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:14:36.0322 4572	ohci1394 - ok
12:14:36.0384 4572	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:14:36.0415 4572	ose - ok
12:14:36.0634 4572	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:14:36.0790 4572	osppsvc - ok
12:14:36.0852 4572	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:14:36.0883 4572	p2pimsvc - ok
12:14:36.0915 4572	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:14:36.0961 4572	p2psvc - ok
12:14:36.0993 4572	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:14:37.0008 4572	Parport - ok
12:14:37.0039 4572	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:14:37.0055 4572	partmgr - ok
12:14:37.0086 4572	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:14:37.0117 4572	PcaSvc - ok
12:14:37.0133 4572	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:14:37.0149 4572	pci - ok
12:14:37.0164 4572	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:14:37.0180 4572	pciide - ok
12:14:37.0180 4572	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:14:37.0195 4572	pcmcia - ok
12:14:37.0211 4572	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:14:37.0227 4572	pcw - ok
12:14:37.0258 4572	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:14:37.0320 4572	PEAUTH - ok
12:14:37.0383 4572	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:14:37.0414 4572	PerfHost - ok
12:14:37.0554 4572	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:14:37.0648 4572	pla - ok
12:14:37.0710 4572	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:14:37.0773 4572	PlugPlay - ok
12:14:37.0804 4572	PnkBstrA - ok
12:14:37.0819 4572	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:14:37.0866 4572	PNRPAutoReg - ok
12:14:37.0882 4572	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:14:37.0913 4572	PNRPsvc - ok
12:14:37.0944 4572	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:14:37.0991 4572	PolicyAgent - ok
12:14:38.0022 4572	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:14:38.0053 4572	Power - ok
12:14:38.0100 4572	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:14:38.0163 4572	PptpMiniport - ok
12:14:38.0163 4572	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:14:38.0178 4572	Processor - ok
12:14:38.0241 4572	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:14:38.0272 4572	ProfSvc - ok
12:14:38.0303 4572	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:14:38.0319 4572	ProtectedStorage - ok
12:14:38.0553 4572	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:14:38.0584 4572	Psched - ok
12:14:38.0662 4572	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:14:38.0709 4572	ql2300 - ok
12:14:38.0771 4572	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:14:38.0787 4572	ql40xx - ok
12:14:38.0802 4572	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:14:38.0849 4572	QWAVE - ok
12:14:38.0849 4572	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:14:38.0880 4572	QWAVEdrv - ok
12:14:38.0896 4572	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:14:38.0927 4572	RasAcd - ok
12:14:38.0943 4572	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:14:38.0974 4572	RasAgileVpn - ok
12:14:38.0989 4572	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:14:39.0021 4572	RasAuto - ok
12:14:39.0052 4572	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:14:39.0099 4572	Rasl2tp - ok
12:14:39.0145 4572	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:14:39.0192 4572	RasMan - ok
12:14:39.0208 4572	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:14:39.0255 4572	RasPppoe - ok
12:14:39.0286 4572	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:14:39.0317 4572	RasSstp - ok
12:14:39.0348 4572	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:14:39.0395 4572	rdbss - ok
12:14:39.0395 4572	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:14:39.0411 4572	rdpbus - ok
12:14:39.0426 4572	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:14:39.0457 4572	RDPCDD - ok
12:14:39.0489 4572	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:14:39.0504 4572	RDPENCDD - ok
12:14:39.0520 4572	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:14:39.0551 4572	RDPREFMP - ok
12:14:39.0613 4572	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:14:39.0660 4572	RDPWD - ok
12:14:39.0707 4572	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:14:39.0723 4572	rdyboost - ok
12:14:39.0754 4572	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:14:39.0785 4572	RemoteAccess - ok
12:14:39.0816 4572	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:14:39.0847 4572	RemoteRegistry - ok
12:14:39.0879 4572	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:14:39.0926 4572	RpcEptMapper - ok
12:14:39.0957 4572	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:14:39.0972 4572	RpcLocator - ok
12:14:40.0019 4572	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:14:40.0066 4572	RpcSs - ok
12:14:40.0097 4572	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:14:40.0128 4572	rspndr - ok
12:14:40.0160 4572	RTL8167         (365ed58b47b46de8b1c5fa759b6fcd6e) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:14:40.0206 4572	RTL8167 - ok
12:14:40.0222 4572	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:14:40.0238 4572	SamSs - ok
12:14:40.0253 4572	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:14:40.0269 4572	sbp2port - ok
12:14:40.0284 4572	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:14:40.0331 4572	SCardSvr - ok
12:14:40.0362 4572	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:14:40.0409 4572	scfilter - ok
12:14:40.0487 4572	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:14:40.0550 4572	Schedule - ok
12:14:40.0581 4572	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:14:40.0612 4572	SCPolicySvc - ok
12:14:40.0768 4572	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:14:40.0815 4572	SDRSVC - ok
12:14:40.0846 4572	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:14:40.0877 4572	secdrv - ok
12:14:40.0893 4572	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:14:40.0955 4572	seclogon - ok
12:14:40.0971 4572	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:14:41.0033 4572	SENS - ok
12:14:41.0064 4572	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:14:41.0096 4572	SensrSvc - ok
12:14:41.0111 4572	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:14:41.0127 4572	Serenum - ok
12:14:41.0174 4572	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:14:41.0174 4572	Serial - ok
12:14:41.0189 4572	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:14:41.0220 4572	sermouse - ok
12:14:41.0267 4572	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:14:41.0298 4572	SessionEnv - ok
12:14:41.0314 4572	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:14:41.0330 4572	sffdisk - ok
12:14:41.0330 4572	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:14:41.0345 4572	sffp_mmc - ok
12:14:41.0361 4572	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:14:41.0392 4572	sffp_sd - ok
12:14:41.0392 4572	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:14:41.0408 4572	sfloppy - ok
12:14:41.0470 4572	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:14:41.0486 4572	Sftfs - ok
12:14:41.0579 4572	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:14:41.0610 4572	sftlist - ok
12:14:41.0657 4572	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:14:41.0673 4572	Sftplay - ok
12:14:41.0688 4572	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:14:41.0688 4572	Sftredir - ok
12:14:41.0704 4572	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:14:41.0704 4572	Sftvol - ok
12:14:41.0720 4572	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:14:41.0735 4572	sftvsa - ok
12:14:41.0798 4572	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:14:41.0844 4572	SharedAccess - ok
12:14:41.0907 4572	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:14:41.0969 4572	ShellHWDetection - ok
12:14:41.0969 4572	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:14:41.0985 4572	SiSRaid2 - ok
12:14:41.0985 4572	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:14:42.0000 4572	SiSRaid4 - ok
12:14:42.0047 4572	SkypeUpdate     (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:14:42.0063 4572	SkypeUpdate - ok
12:14:42.0094 4572	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:14:42.0125 4572	Smb - ok
12:14:42.0172 4572	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:14:42.0203 4572	SNMPTRAP - ok
12:14:42.0219 4572	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:14:42.0234 4572	spldr - ok
12:14:42.0297 4572	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:14:42.0344 4572	Spooler - ok
12:14:42.0515 4572	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:14:42.0624 4572	sppsvc - ok
12:14:42.0718 4572	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:14:42.0749 4572	sppuinotify - ok
12:14:42.0827 4572	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:14:42.0874 4572	srv - ok
12:14:42.0890 4572	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:14:42.0921 4572	srv2 - ok
12:14:42.0936 4572	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:14:42.0968 4572	srvnet - ok
12:14:43.0014 4572	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:14:43.0046 4572	SSDPSRV - ok
12:14:43.0061 4572	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:14:43.0108 4572	SstpSvc - ok
12:14:43.0139 4572	StarOpen - ok
12:14:43.0202 4572	Steam Client Service - ok
12:14:43.0342 4572	Stereo Service  (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:14:43.0358 4572	Stereo Service - ok
12:14:43.0373 4572	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:14:43.0389 4572	stexstor - ok
12:14:43.0436 4572	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:14:43.0498 4572	stisvc - ok
12:14:43.0529 4572	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:14:43.0545 4572	swenum - ok
12:14:43.0592 4572	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:14:43.0654 4572	swprv - ok
12:14:43.0763 4572	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:14:43.0826 4572	SysMain - ok
12:14:43.0888 4572	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:14:43.0904 4572	TabletInputService - ok
12:14:43.0982 4572	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:14:44.0028 4572	TapiSrv - ok
12:14:44.0028 4572	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:14:44.0060 4572	TBS - ok
12:14:44.0184 4572	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:14:44.0231 4572	Tcpip - ok
12:14:44.0340 4572	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:14:44.0372 4572	TCPIP6 - ok
12:14:44.0434 4572	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:14:44.0496 4572	tcpipreg - ok
12:14:44.0543 4572	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:14:44.0574 4572	TDPIPE - ok
12:14:44.0590 4572	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:14:44.0621 4572	TDTCP - ok
12:14:44.0652 4572	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:14:44.0684 4572	tdx - ok
12:14:44.0730 4572	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:14:44.0746 4572	TermDD - ok
12:14:44.0808 4572	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:14:44.0902 4572	TermService - ok
12:14:44.0902 4572	TFsExDisk - ok
12:14:44.0933 4572	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:14:44.0949 4572	Themes - ok
12:14:44.0964 4572	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:14:44.0996 4572	THREADORDER - ok
12:14:45.0011 4572	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:14:45.0042 4572	TrkWks - ok
12:14:45.0089 4572	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:14:45.0120 4572	TrustedInstaller - ok
12:14:45.0167 4572	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:14:45.0214 4572	tssecsrv - ok
12:14:45.0245 4572	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:14:45.0292 4572	TsUsbFlt - ok
12:14:45.0323 4572	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:14:45.0354 4572	tunnel - ok
12:14:45.0370 4572	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:14:45.0370 4572	uagp35 - ok
12:14:45.0417 4572	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:14:45.0464 4572	udfs - ok
12:14:45.0479 4572	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:14:45.0495 4572	UI0Detect - ok
12:14:45.0526 4572	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:14:45.0542 4572	uliagpkx - ok
12:14:45.0557 4572	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:14:45.0573 4572	umbus - ok
12:14:45.0604 4572	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:14:45.0620 4572	UmPass - ok
12:14:45.0682 4572	Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
12:14:45.0698 4572	Updater Service - ok
12:14:45.0744 4572	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:14:45.0807 4572	upnphost - ok
12:14:45.0854 4572	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:14:45.0885 4572	USBAAPL64 - ok
12:14:45.0947 4572	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:14:45.0963 4572	usbaudio - ok
12:14:46.0010 4572	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:14:46.0056 4572	usbccgp - ok
12:14:46.0088 4572	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:14:46.0103 4572	usbcir - ok
12:14:46.0134 4572	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:14:46.0166 4572	usbehci - ok
12:14:46.0212 4572	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:14:46.0244 4572	usbhub - ok
12:14:46.0275 4572	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:14:46.0306 4572	usbohci - ok
12:14:46.0322 4572	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:14:46.0353 4572	usbprint - ok
12:14:46.0384 4572	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:14:46.0431 4572	USBSTOR - ok
12:14:46.0462 4572	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:14:46.0509 4572	usbuhci - ok
12:14:46.0556 4572	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:14:46.0587 4572	UxSms - ok
12:14:46.0602 4572	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:14:46.0618 4572	VaultSvc - ok
12:14:46.0634 4572	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:14:46.0649 4572	vdrvroot - ok
12:14:46.0696 4572	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:14:46.0774 4572	vds - ok
12:14:46.0805 4572	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:14:46.0836 4572	vga - ok
12:14:46.0852 4572	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:14:46.0883 4572	VgaSave - ok
12:14:46.0930 4572	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:14:46.0946 4572	vhdmp - ok
12:14:46.0961 4572	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:14:46.0977 4572	viaide - ok
12:14:46.0992 4572	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:14:47.0008 4572	volmgr - ok
12:14:47.0039 4572	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:14:47.0055 4572	volmgrx - ok
12:14:47.0086 4572	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:14:47.0086 4572	volsnap - ok
12:14:47.0117 4572	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:14:47.0133 4572	vsmraid - ok
12:14:47.0242 4572	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:14:47.0273 4572	VSS - ok
12:14:47.0351 4572	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:14:47.0382 4572	vwifibus - ok
12:14:47.0414 4572	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:14:47.0460 4572	W32Time - ok
12:14:47.0476 4572	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:14:47.0507 4572	WacomPen - ok
12:14:47.0523 4572	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:14:47.0554 4572	WANARP - ok
12:14:47.0554 4572	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:14:47.0585 4572	Wanarpv6 - ok
12:14:47.0679 4572	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:14:47.0772 4572	wbengine - ok
12:14:47.0804 4572	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:14:47.0835 4572	WbioSrvc - ok
12:14:47.0882 4572	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:14:47.0913 4572	wcncsvc - ok
12:14:47.0928 4572	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:14:47.0991 4572	WcsPlugInService - ok
12:14:47.0991 4572	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:14:48.0006 4572	Wd - ok
12:14:48.0053 4572	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:14:48.0069 4572	Wdf01000 - ok
12:14:48.0084 4572	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:14:48.0131 4572	WdiServiceHost - ok
12:14:48.0131 4572	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:14:48.0147 4572	WdiSystemHost - ok
12:14:48.0194 4572	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:14:48.0225 4572	WebClient - ok
12:14:48.0256 4572	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:14:48.0287 4572	Wecsvc - ok
12:14:48.0303 4572	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:14:48.0350 4572	wercplsupport - ok
12:14:48.0381 4572	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:14:48.0443 4572	WerSvc - ok
12:14:48.0474 4572	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:14:48.0506 4572	WfpLwf - ok
12:14:48.0552 4572	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:14:48.0552 4572	WIMMount - ok
12:14:48.0615 4572	WinDefend - ok
12:14:48.0615 4572	WinHttpAutoProxySvc - ok
12:14:48.0662 4572	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:14:48.0708 4572	Winmgmt - ok
12:14:48.0802 4572	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:14:48.0880 4572	WinRM - ok
12:14:48.0958 4572	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:14:48.0974 4572	WinUsb - ok
12:14:49.0036 4572	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:14:49.0067 4572	Wlansvc - ok
12:14:49.0254 4572	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:14:49.0332 4572	wlidsvc - ok
12:14:49.0364 4572	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:14:49.0379 4572	WmiAcpi - ok
12:14:49.0395 4572	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:14:49.0426 4572	wmiApSrv - ok
12:14:49.0442 4572	WMPNetworkSvc - ok
12:14:49.0457 4572	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:14:49.0488 4572	WPCSvc - ok
12:14:49.0535 4572	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:14:49.0551 4572	WPDBusEnum - ok
12:14:49.0551 4572	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:14:49.0582 4572	ws2ifsl - ok
12:14:49.0629 4572	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:14:49.0644 4572	wscsvc - ok
12:14:49.0644 4572	WSearch - ok
12:14:49.0800 4572	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:14:49.0863 4572	wuauserv - ok
12:14:49.0925 4572	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:14:49.0956 4572	WudfPf - ok
12:14:49.0988 4572	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:14:50.0019 4572	WUDFRd - ok
12:14:50.0050 4572	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:14:50.0081 4572	wudfsvc - ok
12:14:50.0112 4572	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:14:50.0128 4572	WwanSvc - ok
12:14:50.0222 4572	X6va005 - ok
12:14:50.0253 4572	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:14:50.0549 4572	\Device\Harddisk0\DR0 - ok
12:14:50.0549 4572	Boot (0x1200)   (1dc4b0aaa694c6ce6ed65b0a96727af5) \Device\Harddisk0\DR0\Partition0
12:14:50.0565 4572	\Device\Harddisk0\DR0\Partition0 - ok
12:14:50.0596 4572	Boot (0x1200)   (ffbe7a7a6efb78e989b3356ed2036dee) \Device\Harddisk0\DR0\Partition1
12:14:50.0596 4572	\Device\Harddisk0\DR0\Partition1 - ok
12:14:50.0596 4572	============================================================
12:14:50.0596 4572	Scan finished
12:14:50.0596 4572	============================================================
12:14:50.0658 5192	Detected object count: 2
12:14:50.0658 5192	Actual detected object count: 2
12:20:09.0195 5192	Akamai ( HiddenFile.Multi.Generic ) - skipped by user
12:20:09.0195 5192	Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
12:20:09.0195 5192	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:20:09.0195 5192	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

29.07.2012, 17:21	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Systemprofil weg Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

29.07.2012, 20:08	#9
Bananenshake	Systemprofil weg 1) Windows geht nach wie vor uneingeschränkt 2) Beim durchklicken ist mir aufgefallen, dass einmal der Ordner Autostart leer ist & der Malwarebytes Anti-Malware-Ordner. Ist das normal? Ansonsten ist mir nichts aufgefallen.

Systemprofil weg

Plagegeister aller Art und deren Bekämpfung: Systemprofil weg