"Die Webseite konnte nicht aufgerufen werden" - Virus

Galge · 11.09.2012, 10:11

Hallo liebe Trojaner

Wurde leider opfer des o.g. Virus.
Der Bildschirm wurde plötzlich weiß mit der o.g. Fehlermeldung.
Der Taskmanager ging nur für eine sek. auf.

Ich habe danach den abgesicherten-Modus gestartet und eine Systemwiederherstellung gemacht. Danach funktionierte wieder alles.
Nur bin ich mir natürlich nicht sicher, ob der Virus jetzt wirklich weg ist.
PS: Habe [W7] 64-bit System!

defogger_disable:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:50 on 11/09/2012 (Galge)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-

OTL

Code:

ATTFilter

OTL logfile created on: 11.09.2012 10:53:20 - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Galge\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,16 Gb Available Physical Memory | 76,96% Memory free
15,99 Gb Paging File | 14,08 Gb Available in Paging File | 88,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 406,95 Gb Free Space | 43,69% Space Free | Partition Type: NTFS
Drive E: | 698,54 Gb Total Space | 698,42 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: ANIMENIA | User Name: Galge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.10 17:50:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Galge\Desktop\OTL.exe
PRC - [2012.04.08 16:31:12 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.04.05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.07.15 18:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010.07.07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.27 12:41:20 | 001,137,280 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Programme\ASUS\GPU Boost Driver\GpuBoostServer.exe
PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2007.01.05 17:01:34 | 000,135,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
PRC - [2007.01.05 17:00:26 | 001,985,584 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
PRC - [2007.01.05 16:59:44 | 000,030,768 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
PRC - [2006.12.07 17:25:24 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2006.12.07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2010.06.01 10:38:40 | 000,061,440 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\flashobj.dll
MOD - [2010.02.08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.10 17:39:22 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.08.22 15:24:00 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.08 16:31:12 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.04.08 13:31:43 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.31 09:42:06 | 000,210,024 | ---- | M] (DTS) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\DTSAudioService64.exe -- (DTSAudioService)
SRV - [2011.05.04 05:18:00 | 004,137,464 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.01.05 17:00:26 | 001,985,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007.01.05 16:59:44 | 000,030,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006.12.07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006.12.07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.11.08 12:42:27 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV:64bit: - [2012.07.15 23:16:28 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.14 16:36:15 | 000,156,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.01.11 13:28:34 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.11.22 16:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2006.11.22 16:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2006.11.22 16:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2012.08.07 10:56:54 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120907.001\EX64.SYS -- (NAVEX15)
DRV - [2012.08.07 10:56:52 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120907.001\ENG64.SYS -- (NAVENG)
DRV - [2012.08.01 02:34:25 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.01 02:34:21 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010.09.16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.09.25 16:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV - [2006.11.22 16:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2006.11.22 16:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2006.11.22 16:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2004.12.30 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_ss&mntrId=b8578b06000000000000f46d0415880c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 87 08 93 80 57 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {911321B8-17F1-44c1-90A2-E92AF503F9A2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{465F315C-E442-4666-B05B-B06BC249B0DC}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{911321B8-17F1-44c1-90A2-E92AF503F9A2}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT2653012.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_ss&mntrId=b8578b06000000000000f46d0415880c"
FF - prefs.js..extensions.enabledAddons: info@maltegoetz.de:1.0.1
FF - prefs.js..extensions.enabledAddons: youtubeunblocker@unblocker.yt:0.2.0
FF - prefs.js..extensions.enabledAddons: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.0
FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.5
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.27 11:54:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 17:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.27 11:54:03 | 000,000,000 | ---D | M]
 
[2012.05.06 01:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\Extensions
[2012.08.28 10:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\Firefox\Profiles\5ywp62yf.default\extensions
[2012.08.28 10:12:03 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Galge\AppData\Roaming\mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012.08.22 15:26:54 | 000,000,000 | ---D | M] (Veoh Web Player) -- C:\Users\Galge\AppData\Roaming\mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2012.05.12 16:36:28 | 000,011,691 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\info@maltegoetz.de.xpi
[2012.05.12 16:49:17 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.07.21 00:47:06 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.08.25 23:23:23 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.05.12 16:49:17 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012.07.19 02:37:30 | 000,000,923 | ---- | M] () -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\searchplugins\conduit.xml
[2012.09.10 17:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.10 17:39:23 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.10 17:39:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 17:39:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.10 17:39:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.10 17:39:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.10 17:39:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.10 17:39:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2B0230-7DC0-4D8D-AA98-B3F49FC4EF4B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.10 17:50:48 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Galge\Desktop\OTL.exe
[2012.09.10 17:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.10 16:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.10 16:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.09.10 15:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\eenmqodvcsibfds
[2012.09.08 23:01:19 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\hybrid
[2012.09.08 22:45:20 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\HandBrake
[2012.09.08 22:45:12 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012.09.08 22:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2012.09.08 22:30:59 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\avidemux
[2012.09.04 03:08:38 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.09.04 03:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galge
[2012.09.04 03:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.09.02 18:13:47 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Local\LogMeIn Hamachi
[2012.08.26 04:44:07 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Local\Chromium
[2012.08.26 04:08:41 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\HpUpdate
[2012.08.26 04:08:34 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012.08.25 23:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge
[2012.08.25 23:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge
[2012.08.23 15:48:35 | 000,000,000 | R--D | C] -- C:\Users\Galge\Desktop\Techno
[2012.08.13 00:51:40 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Local\Deployment
[2012.08.13 00:51:40 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Local\Apps
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.11 10:50:12 | 000,000,168 | ---- | M] () -- C:\Users\Galge\defogger_reenable
[2012.09.11 10:45:44 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 10:45:44 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 10:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.11 10:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.11 10:36:35 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.10 22:19:10 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.10 22:19:10 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.10 22:18:47 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.09.10 20:39:21 | 000,159,368 | ---- | M] () -- C:\Users\Galge\Desktop\Bild1.jpg
[2012.09.10 17:50:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Galge\Desktop\OTL.exe
[2012.09.10 15:33:05 | 000,000,051 | ---- | M] () -- C:\ProgramData\dkrfzxliabbagca
[2012.09.07 17:44:51 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Rappelz.lnk
[2012.08.25 23:31:17 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Aion.lnk
[2012.08.23 16:25:37 | 000,007,596 | ---- | M] () -- C:\Users\Galge\AppData\Local\Resmon.ResmonCfg
[2012.08.16 07:47:50 | 000,288,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.11 10:50:12 | 000,000,168 | ---- | C] () -- C:\Users\Galge\defogger_reenable
[2012.09.10 20:39:20 | 000,159,368 | ---- | C] () -- C:\Users\Galge\Desktop\Bild1.jpg
[2012.09.10 15:32:59 | 000,000,051 | ---- | C] () -- C:\ProgramData\dkrfzxliabbagca
[2012.08.25 23:31:17 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Aion.lnk
[2012.07.24 21:19:51 | 000,000,000 | ---- | C] () -- C:\Users\Galge\md5.exe
[2012.05.07 23:26:49 | 000,000,880 | ---- | C] () -- C:\Users\Galge\AppData\Local\recently-used.xbel
[2012.04.27 11:49:42 | 000,239,337 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.04.27 11:49:42 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2012.04.24 03:10:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.04.14 17:01:40 | 000,007,596 | ---- | C] () -- C:\Users\Galge\AppData\Local\Resmon.ResmonCfg
[2012.04.11 10:40:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.04.11 10:40:34 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.11 10:40:34 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.11 10:40:34 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.04.08 14:08:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.08 14:08:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.08 12:28:50 | 001,596,826 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.08 11:58:04 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.04.08 11:58:04 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.04.08 11:58:00 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.04.08 11:58:00 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.04.08 11:52:18 | 000,048,219 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.04.08 11:51:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.04.08 11:51:33 | 000,032,976 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.11 04:06:32 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
 
========== LOP Check ==========
 
[2012.09.02 19:44:13 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\.minecraft
[2012.09.08 22:32:49 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\avidemux
[2012.07.26 15:33:10 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Babylon
[2012.04.21 22:44:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Broad Intelligence
[2012.07.15 23:19:41 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\DAEMON Tools Lite
[2012.06.28 20:26:21 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\DisplayTune
[2012.07.09 17:22:18 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\GameRanger
[2012.09.08 22:49:25 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\HandBrake
[2012.09.08 23:01:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\hybrid
[2012.04.08 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Leadertech
[2012.08.04 10:55:21 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\libimobiledevice
[2012.08.04 10:55:15 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\log
[2012.08.04 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Mp3tag
[2012.06.19 11:28:04 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Music Editor Free
[2012.07.20 01:11:34 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Nettalk
[2012.04.21 22:44:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\OpenCandy
[2012.04.08 12:07:42 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Opera
[2012.08.14 23:03:04 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Origin
[2012.08.26 06:52:53 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Spider Player
[2012.04.08 12:52:06 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\ts3overlay
[2012.08.05 14:29:32 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\uTorrent
[2012.08.04 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\WindSolutions
[2012.09.04 14:33:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

Extras

Code:

ATTFilter

OTL Extras logfile created on: 11.09.2012 10:53:20 - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Galge\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,16 Gb Available Physical Memory | 76,96% Memory free
15,99 Gb Paging File | 14,08 Gb Available in Paging File | 88,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 406,95 Gb Free Space | 43,69% Space Free | Partition Type: NTFS
Drive E: | 698,54 Gb Total Space | 698,42 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: ANIMENIA | User Name: Galge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F3222C5-F306-4542-91EE-1F6589F307EE}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{0FFDC534-B7AE-40BF-9F35-B17DEF95D245}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1176C690-85DB-49AD-BC4A-3282C79D1D38}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{16279E64-438A-4F91-A4A4-CD48672733B7}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{1F94F356-D7BD-4D3D-926D-3DF16BB2B24B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{20228A87-F5F7-4689-953D-E111B4432D2F}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{27CBB4AA-61C6-455D-B6BF-189B99AEFB8B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2DB0DD88-64CE-4498-912A-D6BB4CE358AF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{2E441FD3-D128-410D-9F20-56AC44374E61}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{358E3051-2D92-4BF8-A3EE-3C1EFD129D67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{39E6B725-47FF-4262-B4AD-1FA637102540}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{3ACE96AB-483F-4EAA-AD3A-BC2E38869811}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | 
"{3F530206-AEBD-406A-8977-F5C4C19E0C34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{45AD5039-EA84-4149-9455-0E06D5AF73FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{48A60FF7-3787-42B8-B17C-60521468E9B2}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{4A1AAAAE-6FEB-431D-AA22-AAECBCA956DC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5A37DCCD-786C-499A-94B5-4EE371081882}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5B554241-71B7-4509-A494-2D5805D967B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5FC575BC-F669-406C-AA11-C5D894132189}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{66B3F2EE-DE2A-4CD1-B2A7-EC5DC11B9897}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{76B2025E-838B-4E1D-B916-31B7F4592415}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{7949C80E-32A5-49EC-BFD5-805DB82B020D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{7BCEF48E-5FDF-4D26-AE13-8F741EB6E15E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{81DF053A-43AE-405A-B1DF-D59AB6F63CED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{82185F3D-732D-4EAA-A4E5-706CEB34CC70}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{848699F7-6597-4BC7-84E7-43FD7C12D08A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{8491E183-0E90-4E48-AEBF-FB987C2B28F1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{86D6F946-D617-4BEA-8F45-40AD107E860E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{8E59E82F-763E-4C64-BE82-ABFE41E57C5D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{90758BB1-5C2F-4924-8353-1DB0BB3DE621}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{92130CB9-B05F-4A49-A608-F0B1B733091F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{922FCDB3-A854-42EA-9D4C-68DE08D8ECAF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{A756B68C-C378-4FFD-9D01-2F0F274CE94D}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec antivirus\rtvscan.exe | 
"{AAA348EE-45CB-480B-8C6B-469A95DB4084}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B7AC700C-C16D-4241-8282-9BC5A92E6052}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{BB64BE1B-4C76-4473-B073-24D8D559E3AA}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec antivirus\rtvscan.exe | 
"{BE5E8799-641E-4187-9D15-FA770DBA53EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C5EF4808-0163-40FC-80F7-37E100EBD14E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{CD89E222-240F-4E3C-88C4-34D155445DED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{D2685584-5FE5-4FDF-BC33-4CBB2132F6FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{D526E72D-DFF9-405E-8231-346CE8EE9FD0}" = protocol=6 | dir=in | app=f:\dvd-start.exe | 
"{D6441769-5EBA-4025-8188-150230E0E3F2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | 
"{D74F3349-8600-4243-9886-FC642D66F3B7}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{DD4FD94E-9343-4898-99E1-D822CDC2E445}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{E05A70B8-F38A-4546-B8F5-41EE499E0DCE}" = protocol=6 | dir=in | app=f:\dvd-start.exe | 
"{E302DA8C-8316-40A8-824C-D257E6B57520}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{E83FCA0C-07A8-4759-B587-4BB1A87BAE69}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{E93BF513-10EB-425A-83F9-1A0C127EEDC1}" = protocol=17 | dir=in | app=f:\dvd-start.exe | 
"{ED8156C3-CFEC-4E91-ABA6-76CAE10C34C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{EFA5F0DF-0C1D-414D-9A45-CFD2BD776084}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{EFFC3572-69B2-46D6-8DC7-CDFFFE3F7B9E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F123CD0D-AF7E-4E54-ADB6-78B0AAA8B0A5}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{F85FA162-CA56-4CC6-BB8E-55D800ECF4C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{FD7E118F-B197-4122-8EAF-509E13162DF8}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{FFB43B2F-C5EB-4CAE-9A37-F79967F0A8E2}" = protocol=17 | dir=in | app=f:\dvd-start.exe | 
"TCP Query User{00EFD332-452D-4486-8C48-99C43605C4C2}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{053EA376-7A6C-42D3-9781-23D6F4708755}C:\users\galge\desktop\anwendungen\procon\procon_1.1.3.1\procon.exe" = protocol=6 | dir=in | app=c:\users\galge\desktop\anwendungen\procon\procon_1.1.3.1\procon.exe | 
"TCP Query User{3C2BC8A2-28D4-40EC-AB1A-3730335AF1EF}C:\program files (x86)\liquid entertainment\battle realms\battle_realms_f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\liquid entertainment\battle realms\battle_realms_f.exe | 
"TCP Query User{43975ADB-4605-4E49-B8E5-2CB6B201112A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{778E56FA-D14D-4B32-A1F6-5E84249AC69A}C:\users\galge\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\galge\appdata\roaming\gameranger\gameranger\gameranger.exe | 
"TCP Query User{8386B41B-B071-4C90-B7AC-F6FD45CE7EEE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{0C6207C2-0A77-4274-9401-51EA9655271A}C:\program files (x86)\liquid entertainment\battle realms\battle_realms_f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\liquid entertainment\battle realms\battle_realms_f.exe | 
"UDP Query User{1BCD32EA-6895-449F-A2D7-91A69DEFC5D8}C:\users\galge\desktop\anwendungen\procon\procon_1.1.3.1\procon.exe" = protocol=17 | dir=in | app=c:\users\galge\desktop\anwendungen\procon\procon_1.1.3.1\procon.exe | 
"UDP Query User{71482323-6925-4576-A646-2B2F6C8795FD}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{951F1A8D-A221-4853-8EAF-15BA6AC88BE4}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{F34DD26B-38EC-442B-85D1-64913D904931}C:\users\galge\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\galge\appdata\roaming\gameranger\gameranger\gameranger.exe | 
"UDP Query User{F5F179BB-1228-4E8A-B775-A6ACBA3CE358}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A8D232A5-667B-44C5-AF79-BDFADBFD013B}" = Symantec AntiVirus Win64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"ffdshow64_is1" = ffdshow x64 v1.2.4431 [2012-04-16]
"GIMP-2_is1" = GIMP 2.8.0
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"MediaCoder x64" = MediaCoder x64 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.32
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA761E6-CA51-4FF2-A552-D51638BF0595}" = Battle Realms
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"‰´–…ƒvƒ‰ƒX" = ‰´–…ƒvƒ‰ƒX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-Shutdown" = Easy-Shutdown 1.3 
"ESN Sonar-0.70.4" = ESN Sonar
"FormatFactory" = FormatFactory 2.95
"Fraps" = Fraps (remove only)
"Freemake Video Downloader_is1" = Freemake Video Downloader
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Full)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"Music Editor Free" = Music Editor Free
"MyTomTom" = MyTomTom 3.1.0.530
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Nettalk_is1" = Nettalk 6.7
"Netzmanager" = Netzmanager
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.02.1578" = Opera 12.02
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Spider Player_is1" = Spider Player 2.5.3
"Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™
"Steam App 72850" = The Elder Scrolls V: Skyrim
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 2.0.1
"WinPcapInst" = WinPcap 4.1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.08.2012 16:46:53 | Computer Name = AnimeniA | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: veohwebplayer.exe, Version: 1.3.9.1000,
 Zeitstempel: 0x4fce0418  Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.7.0.0,
 Zeitstempel: 0x4dff2959  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051ae6  ID des fehlerhaften
 Prozesses: 0x924  Startzeit der fehlerhaften Anwendung: 0x01cd8239741ea904  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
Berichtskennung:
 d58f0a8c-ee2c-11e1-bf3a-f46d0415880c
 
Error - 31.08.2012 18:51:34 | Computer Name = AnimeniA | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.1.0, Zeitstempel:
 0x4f63d546  Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.1.0, Zeitstempel:
 0x4f63d546  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000016d5  ID des fehlerhaften Prozesses:
 0xf6c  Startzeit der fehlerhaften Anwendung: 0x01cd87ca8562bc5a  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Berichtskennung: 69553e92-f3be-11e1-b014-f46d0415880c
 
Error - 04.09.2012 15:06:52 | Computer Name = AnimeniA | Source = Application Hang | ID = 1002
Description = Programm DOW2.exe, Version 3.19.0.0 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 14a4    Startzeit:
 01cd8aca4236addc    Endzeit: 254    Anwendungspfad: c:\program files (x86)\steam\steamapps\common\dawn
 of war ii - retribution\DOW2.exe    Berichts-ID:   
 
Error - 04.09.2012 22:57:32 | Computer Name = AnimeniA | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 04.09.2012 22:57:34 | Computer Name = AnimeniA | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FreemakeVD.exe, Version: 3.0.1.0,
 Zeitstempel: 0x4f7dc213  Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.30319.1,
 Zeitstempel: 0x4ba1dbbe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000101d0  ID des fehlerhaften
 Prozesses: 0xb4c  Startzeit der fehlerhaften Anwendung: 0x01cd8b110772495d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVD.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Freemake\COM\MSVCR100.dll  Berichtskennung:
 706a434a-f705-11e1-809e-f46d0415880c
 
Error - 06.09.2012 08:28:48 | Computer Name = AnimeniA | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Rtvscan.exe, Version: 10.2.0.298,
 Zeitstempel: 0x4580ab9c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x624  Startzeit der fehlerhaften Anwendung: 0x01cd8c2b02f64b55  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 67cf5b8f-f81e-11e1-a26a-f46d0415880c
 
Error - 06.09.2012 11:06:17 | Computer Name = AnimeniA | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.50.5 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 117c    Startzeit:
 01cd8c3e67481b8c    Endzeit: 139    Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID:
   
 
Error - 07.09.2012 13:32:05 | Computer Name = AnimeniA | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.50.5 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 132c    Startzeit:
 01cd8d1e3673155d    Endzeit: 37    Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID:
   
 
Error - 07.09.2012 15:41:32 | Computer Name = AnimeniA | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.4.0.0, Zeitstempel:
 0x500530ad  Name des fehlerhaften Moduls: bf3.exe, Version: 1.4.0.0, Zeitstempel:
 0x500530ad  Ausnahmecode: 0xc0000005  Fehleroffset: 0x009c6670  ID des fehlerhaften Prozesses:
 0x1160  Startzeit der fehlerhaften Anwendung: 0x01cd8d3074e7dc1f  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Berichtskennung:
 05f02f5f-f924-11e1-b524-f46d0415880c
 
Error - 11.09.2012 04:39:21 | Computer Name = AnimeniA | Source = Symantec AntiVirus | ID = 16711685
Description =       Risiko gefunden!Risiko: Trojan.Maljava!gen23 in Datei: C:\Users\Galge\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\7f883755-503d3135
 von: Auto-Protect-Scan.  Aktion: Säubern erfolgreich : Zugriff erlaubt.  Beschreibung
 der Aktion: Die Datei wurde erfolgreich repariert.    
 
[ System Events ]
Error - 06.09.2012 08:28:57 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Symantec AntiVirus" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 06.09.2012 08:30:04 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.09.2012 08:30:04 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 06.09.2012 14:14:17 | Computer Name = AnimeniA | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?09.?2012 um 20:12:26 unerwartet heruntergefahren.
 
Error - 06.09.2012 14:18:00 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.09.2012 14:18:00 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 06.09.2012 22:28:24 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.09.2012 22:28:24 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 07.09.2012 08:29:43 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 07.09.2012 08:29:43 | Computer Name = AnimeniA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >

So ich hoffe, das ist richtig so!

MfG Galge

cosinus · 11.09.2012, 13:16

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Galge · 12.09.2012, 01:16

Malwarebytes Anti-Malware

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Galge :: ANIMENIA [Administrator]

11.09.2012 14:44:21
mbam-log-2012-09-11 (20-23-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 416384
Laufzeit: 1 Stunde(n), 17 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Galge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMAOPEOT\WORLD_21_target_5830[1].exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt.

(Ende)

ESET

Code:

ATTFilter

C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe	Win32/Toolbar.Zugo application

cosinus · 12.09.2012, 13:00

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! Bitte nachholen falls noch nicht getan!

NICHTS voreilig aus der Quarantäne löschen!

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Galge · 13.09.2012, 13:02

Hallo,

ich hab ein Problem bei Malwarebytes.
Er bleibt immer hängen, wenn er den Ordner von "Symantec" (anti-Virus-Programm) durchsuchen will!

cosinus · 13.09.2012, 20:25

Hm, warum lief Malwarebytes denn vorher durch?
Irgendwas verändert? Abgesehen von den Signaturen. Hast du irgendwas von Norton zwischen unseren Beiträgen installiert?

Galge · 13.09.2012, 23:42

Nein, es war so, man sollte ja für ESET alle Virenscanner etc. abschalten, danach hatte ich ja die Logs gepostet. Wieder alles angeschaltet, tja nur wollte dann Symantec akut nicht mehr auf Aktiv springen. Dann sollte ich ja nochmal Malwarebytes drüber laufen lassen, und da ist mir das dann aufgefallen, das der immer wieder bei Symantec hängen bleibt :/
PS: Das Anti-Virus Programm heisst nur Symantec (also nix mit Norton oder so^^)

MfG

cosinus · 14.09.2012, 14:29

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Galge · 14.09.2012, 15:05

So bitte

Code:

ATTFilter

# AdwCleaner v2.001 - Datei am 09/14/2012 um 16:05:02 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Galge - ANIMENIA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Galge\Desktop\!-Neu-!\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Galge\AppData\Local\Temp\Uninstall.exe
Datei Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\searchplugins\Conduit.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\uTorrentBar_DE
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\Galge\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Galge\AppData\Local\Temp\CT2653012
Ordner Gefunden : C:\Users\Galge\AppData\Local\Temp\CT2851647
Ordner Gefunden : C:\Users\Galge\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Galge\AppData\LocalLow\uTorrentBar_DE
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\ConduitCommon
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\CT2653012
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\CT2851647
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\Smartbar
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gefunden : HKLM\Software\uTorrentBar_DE
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DE1A42F-CF02-4FEA-BB18-2C5AE2E728DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB41DBE5-304E-47D8-8A0E-3FAEFEBC2943}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_ss&mntrId=b8578b06000000000000f46d0415880c

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\prefs.js

Gefunden : user_pref("CT2653012.1000082.isPlayDisplay", "true");
Gefunden : user_pref("CT2653012.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gefunden : user_pref("CT2653012.2653012a129780834468347070000000paramsGK0", "{\"updateReqTime\":1342658253566,\[...]
Gefunden : user_pref("CT2653012.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2653012.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT2653012.FirstTime", "true");
Gefunden : user_pref("CT2653012.FirstTimeFF3", "true");
Gefunden : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Gefunden : user_pref("CT2653012.UserID", "UN10374448457356202");
Gefunden : user_pref("CT2653012.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT2653012.autoDisableScopes", -1);
Gefunden : user_pref("CT2653012.browser.search.defaultthis.engineName", true);
Gefunden : user_pref("CT2653012.defaultSearch", "true");
Gefunden : user_pref("CT2653012.embeddedsData", "[{\"appId\":\"129199665576658841\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT2653012.enableAlerts", "always");
Gefunden : user_pref("CT2653012.enableSearchFromAddressBar", "true");
Gefunden : user_pref("CT2653012.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT2653012.fixPageNotFoundError", "false");
Gefunden : user_pref("CT2653012.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT2653012.fixUrls", true);
Gefunden : user_pref("CT2653012.installId", "ct2653012_veoh.exe");
Gefunden : user_pref("CT2653012.installType", "ConduitNSISIntegration");
Gefunden : user_pref("CT2653012.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2653012.isNewTabEnabled", false);
Gefunden : user_pref("CT2653012.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT2653012.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2653012.keyword", false);
Gefunden : user_pref("CT2653012.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Gefunden : user_pref("CT2653012.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT2653012.openThankYouPage", "false");
Gefunden : user_pref("CT2653012.openUninstallPage", "true");
Gefunden : user_pref("CT2653012.search.searchAppId", "129199665576658841");
Gefunden : user_pref("CT2653012.search.searchCount", "0");
Gefunden : user_pref("CT2653012.searchInNewTabEnabled", "false");
Gefunden : user_pref("CT2653012.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT2653012.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Gefunden : user_pref("CT2653012.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2653012.sendUsageEnabled", "false");
Gefunden : user_pref("CT2653012.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gefunden : user_pref("CT2653012.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1342658249791");
Gefunden : user_pref("CT2653012.serviceLayer_services_appTracking_lastUpdate", "1342658252971");
Gefunden : user_pref("CT2653012.serviceLayer_services_appsMetadata_lastUpdate", "1342658249625");
Gefunden : user_pref("CT2653012.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1342658249944");
Gefunden : user_pref("CT2653012.serviceLayer_services_login_10.10.20.14_lastUpdate", "1342684871605");
Gefunden : user_pref("CT2653012.serviceLayer_services_optimizer_lastUpdate", "1342658250271");
Gefunden : user_pref("CT2653012.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1342658250499");
Gefunden : user_pref("CT2653012.serviceLayer_services_searchAPI_lastUpdate", "1342658249374");
Gefunden : user_pref("CT2653012.serviceLayer_services_serviceMap_lastUpdate", "1342658249243");
Gefunden : user_pref("CT2653012.serviceLayer_services_toolbarContextMenu_lastUpdate", "1342658249909");
Gefunden : user_pref("CT2653012.serviceLayer_services_toolbarSettings_lastUpdate", "1342684871537");
Gefunden : user_pref("CT2653012.serviceLayer_services_translation_lastUpdate", "1342658249660");
Gefunden : user_pref("CT2653012.settingsINI", true);
Gefunden : user_pref("CT2653012.shouldFirstTimeDialog", "false");
Gefunden : user_pref("CT2653012.smartbar.CTID", "CT2653012");
Gefunden : user_pref("CT2653012.smartbar.Uninstall", "0");
Gefunden : user_pref("CT2653012.smartbar.homepage", true);
Gefunden : user_pref("CT2653012.smartbar.toolbarName", "Veoh Web Player ");
Gefunden : user_pref("CT2653012.toolbarBornServerTime", "19-7-2012");
Gefunden : user_pref("CT2653012.toolbarCurrentServerTime", "19-7-2012");
Gefunden : user_pref("CT2653012.toolbarDisabled", "true");
Gefunden : user_pref("CT2653012.twitter_v1.8.0_twitter_app_open_t_f", "false");
Gefunden : user_pref("CT2851647..clientLogIsEnabled", false);
Gefunden : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2851647.CTID", "CT2851647");
Gefunden : user_pref("CT2851647.CurrentServerDate", "14-9-2012");
Gefunden : user_pref("CT2851647.DSInstall", false);
Gefunden : user_pref("CT2851647.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2851647.DialogsGetterLastCheckTime", "Thu Sep 13 2012 16:00:19 GMT+0200");
Gefunden : user_pref("CT2851647.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2851647.EMailNotifierPollDate", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CT2851647.EnableClickToSearchBox", false);
Gefunden : user_pref("CT2851647.EnableSearchHistory", false);
Gefunden : user_pref("CT2851647.EnableSearchSuggest", false);
Gefunden : user_pref("CT2851647.FeedLastCount2532783744689806690", 210);
Gefunden : user_pref("CT2851647.FeedPollDate2429156812186649977", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813040823546", "Tue May 22 2012 19:48:14 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813130095866", "Tue May 22 2012 19:48:14 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813224203613", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813230837251", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813454291735", "Tue May 22 2012 19:48:15 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813729834876", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813860870021", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156814264681793", "Tue May 22 2012 19:48:15 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156814863075366", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156815257761081", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Gefunden : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Gefunden : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Gefunden : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Gefunden : user_pref("CT2851647.FirstServerDate", "22-5-2012");
Gefunden : user_pref("CT2851647.FirstTime", true);
Gefunden : user_pref("CT2851647.FirstTimeFF3", true);
Gefunden : user_pref("CT2851647.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2851647.HPInstall", false);
Gefunden : user_pref("CT2851647.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2851647.Initialize", true);
Gefunden : user_pref("CT2851647.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2851647.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2851647.InstallationId", "fftB414.tmp.exe");
Gefunden : user_pref("CT2851647.InstallationType", "XPE");
Gefunden : user_pref("CT2851647.InstalledDate", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CT2851647.IsGrouping", false);
Gefunden : user_pref("CT2851647.IsInitSetupIni", true);
Gefunden : user_pref("CT2851647.IsMulticommunity", false);
Gefunden : user_pref("CT2851647.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2851647.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2851647.LanguagePackLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2851647.LastLogin_3.12.0.8", "Wed May 23 2012 22:30:54 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.12.2.3", "Wed May 30 2012 15:56:30 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.13.0.6", "Mon Jul 16 2012 22:41:26 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.14.1.0", "Tue Aug 28 2012 03:12:59 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.15.1.0", "Fri Sep 14 2012 15:02:08 GMT+0200");
Gefunden : user_pref("CT2851647.LatestVersion", "3.14.1.0");
Gefunden : user_pref("CT2851647.Locale", "de");
Gefunden : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2851647.MCDetectTooltipShow", false);
Gefunden : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2851647.OriginalFirstVersion", "3.12.0.8");
Gefunden : user_pref("CT2851647.RadioShrinked", "expanded");
Gefunden : user_pref("CT2851647.RadioShrinkedFromSetup", false);
Gefunden : user_pref("CT2851647.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2851647.SearchBackToDefaultEngine", false);
Gefunden : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Gefunden : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gefunden : user_pref("CT2851647.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2851647.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Gefunden : user_pref("CT2851647.ServiceMapLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.SettingsLastCheckTime", "Fri Sep 14 2012 15:02:07 GMT+0200");
Gefunden : user_pref("CT2851647.SettingsLastUpdate", "1347288122");
Gefunden : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Gefunden : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Tue May 22 2012 18:48:10 GMT+0200");
Gefunden : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1331806000");
Gefunden : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Gefunden : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2851647.UserID", "UN05995112208083486");
Gefunden : user_pref("CT2851647.WeatherNetwork", "");
Gefunden : user_pref("CT2851647.WeatherPollDate", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.WeatherUnit", "C");
Gefunden : user_pref("CT2851647.alertChannelId", "1243681");
Gefunden : user_pref("CT2851647.approveUntrustedApps", false);
Gefunden : user_pref("CT2851647.autoDisableScopes", -1);
Gefunden : user_pref("CT2851647.backendstorage.cbcountry_000", "4445");
Gefunden : user_pref("CT2851647.backendstorage.cbfirsttime", "547565204D617920323220323031322031383A34383A31332[...]
Gefunden : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Gefunden : user_pref("CT2851647.componentAlertEnabled", false);
Gefunden : user_pref("CT2851647.components.1000034", false);
Gefunden : user_pref("CT2851647.components.1000234", false);
Gefunden : user_pref("CT2851647.components.129351532245744535", false);
Gefunden : user_pref("CT2851647.components.129351532247619549", false);
Gefunden : user_pref("CT2851647.components.129351532247619550", false);
Gefunden : user_pref("CT2851647.components.129416031642500897", false);
Gefunden : user_pref("CT2851647.components.129544681622671248", false);
Gefunden : user_pref("CT2851647.components.129791456886122866", false);
Gefunden : user_pref("CT2851647.components.2532783744689806690", false);
Gefunden : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2851647.initDone", true);
Gefunden : user_pref("CT2851647.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2851647.isFirstRadioInstallation", false);
Gefunden : user_pref("CT2851647.isSearchProtectorNotifyChanges", false);
Gefunden : user_pref("CT2851647.myStuffEnabled", true);
Gefunden : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2851647.navigateToUrlOnSearch", false);
Gefunden : user_pref("CT2851647.revertSettingsEnabled", true);
Gefunden : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2851647.testingCtid", "");
Gefunden : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.usageEnabled", false);
Gefunden : user_pref("CT2851647.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"6d5[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Galge\\AppData\\Roaming\\Mozilla\\F[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Gefunden : user_pref("CommunityToolbar.globalUserId", "ea5a7b6e-dc40-464b-943c-c8fd6585e857");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 22 2012 18:48:1[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "10d037df-9c9a-406d-9300-7714fa170003");
Gefunden : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Gefunden : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Gefunden : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=1[...]
Gefunden : user_pref("Smartbar.ConduitSearchEngineList", "");
Gefunden : user_pref("Smartbar.ConduitSearchUrlList", "");
Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=NT_ss&mntr[...]
Gefunden : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_s[...]

-\\ Opera v12.2.1578.0

Datei : C:\Users\Galge\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [24537 octets] - [14/09/2012 16:05:02]

########## EOF - C:\AdwCleaner[R1].txt - [24598 octets] ##########

cosinus · 14.09.2012, 16:00

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Galge · 14.09.2012, 16:12

Einmal das 2. Suchen vor dem Löschen

Code:

ATTFilter

# AdwCleaner v2.001 - Datei am 09/14/2012 um 17:04:05 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Galge - ANIMENIA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Galge\Desktop\!-Neu-!\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Galge\AppData\Local\Temp\Uninstall.exe
Datei Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\searchplugins\Conduit.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\uTorrentBar_DE
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\Galge\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Galge\AppData\Local\Temp\CT2653012
Ordner Gefunden : C:\Users\Galge\AppData\Local\Temp\CT2851647
Ordner Gefunden : C:\Users\Galge\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Galge\AppData\LocalLow\uTorrentBar_DE
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\ConduitCommon
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\CT2653012
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\CT2851647
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\Smartbar
Ordner Gefunden : C:\Users\Galge\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gefunden : HKLM\Software\uTorrentBar_DE
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DE1A42F-CF02-4FEA-BB18-2C5AE2E728DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB41DBE5-304E-47D8-8A0E-3FAEFEBC2943}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_ss&mntrId=b8578b06000000000000f46d0415880c

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\prefs.js

Gefunden : user_pref("CT2653012.1000082.isPlayDisplay", "true");
Gefunden : user_pref("CT2653012.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gefunden : user_pref("CT2653012.2653012a129780834468347070000000paramsGK0", "{\"updateReqTime\":1342658253566,\[...]
Gefunden : user_pref("CT2653012.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2653012.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT2653012.FirstTime", "true");
Gefunden : user_pref("CT2653012.FirstTimeFF3", "true");
Gefunden : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Gefunden : user_pref("CT2653012.UserID", "UN10374448457356202");
Gefunden : user_pref("CT2653012.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT2653012.autoDisableScopes", -1);
Gefunden : user_pref("CT2653012.browser.search.defaultthis.engineName", true);
Gefunden : user_pref("CT2653012.defaultSearch", "true");
Gefunden : user_pref("CT2653012.embeddedsData", "[{\"appId\":\"129199665576658841\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT2653012.enableAlerts", "always");
Gefunden : user_pref("CT2653012.enableSearchFromAddressBar", "true");
Gefunden : user_pref("CT2653012.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT2653012.fixPageNotFoundError", "false");
Gefunden : user_pref("CT2653012.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT2653012.fixUrls", true);
Gefunden : user_pref("CT2653012.installId", "ct2653012_veoh.exe");
Gefunden : user_pref("CT2653012.installType", "ConduitNSISIntegration");
Gefunden : user_pref("CT2653012.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2653012.isNewTabEnabled", false);
Gefunden : user_pref("CT2653012.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT2653012.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2653012.keyword", false);
Gefunden : user_pref("CT2653012.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Gefunden : user_pref("CT2653012.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT2653012.openThankYouPage", "false");
Gefunden : user_pref("CT2653012.openUninstallPage", "true");
Gefunden : user_pref("CT2653012.search.searchAppId", "129199665576658841");
Gefunden : user_pref("CT2653012.search.searchCount", "0");
Gefunden : user_pref("CT2653012.searchInNewTabEnabled", "false");
Gefunden : user_pref("CT2653012.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT2653012.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Gefunden : user_pref("CT2653012.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2653012.sendUsageEnabled", "false");
Gefunden : user_pref("CT2653012.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT2653012.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gefunden : user_pref("CT2653012.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1342658249791");
Gefunden : user_pref("CT2653012.serviceLayer_services_appTracking_lastUpdate", "1342658252971");
Gefunden : user_pref("CT2653012.serviceLayer_services_appsMetadata_lastUpdate", "1342658249625");
Gefunden : user_pref("CT2653012.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1342658249944");
Gefunden : user_pref("CT2653012.serviceLayer_services_login_10.10.20.14_lastUpdate", "1342684871605");
Gefunden : user_pref("CT2653012.serviceLayer_services_optimizer_lastUpdate", "1342658250271");
Gefunden : user_pref("CT2653012.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1342658250499");
Gefunden : user_pref("CT2653012.serviceLayer_services_searchAPI_lastUpdate", "1342658249374");
Gefunden : user_pref("CT2653012.serviceLayer_services_serviceMap_lastUpdate", "1342658249243");
Gefunden : user_pref("CT2653012.serviceLayer_services_toolbarContextMenu_lastUpdate", "1342658249909");
Gefunden : user_pref("CT2653012.serviceLayer_services_toolbarSettings_lastUpdate", "1342684871537");
Gefunden : user_pref("CT2653012.serviceLayer_services_translation_lastUpdate", "1342658249660");
Gefunden : user_pref("CT2653012.settingsINI", true);
Gefunden : user_pref("CT2653012.shouldFirstTimeDialog", "false");
Gefunden : user_pref("CT2653012.smartbar.CTID", "CT2653012");
Gefunden : user_pref("CT2653012.smartbar.Uninstall", "0");
Gefunden : user_pref("CT2653012.smartbar.homepage", true);
Gefunden : user_pref("CT2653012.smartbar.toolbarName", "Veoh Web Player ");
Gefunden : user_pref("CT2653012.toolbarBornServerTime", "19-7-2012");
Gefunden : user_pref("CT2653012.toolbarCurrentServerTime", "19-7-2012");
Gefunden : user_pref("CT2653012.toolbarDisabled", "true");
Gefunden : user_pref("CT2653012.twitter_v1.8.0_twitter_app_open_t_f", "false");
Gefunden : user_pref("CT2851647..clientLogIsEnabled", false);
Gefunden : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2851647.CTID", "CT2851647");
Gefunden : user_pref("CT2851647.CurrentServerDate", "14-9-2012");
Gefunden : user_pref("CT2851647.DSInstall", false);
Gefunden : user_pref("CT2851647.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2851647.DialogsGetterLastCheckTime", "Thu Sep 13 2012 16:00:19 GMT+0200");
Gefunden : user_pref("CT2851647.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2851647.EMailNotifierPollDate", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CT2851647.EnableClickToSearchBox", false);
Gefunden : user_pref("CT2851647.EnableSearchHistory", false);
Gefunden : user_pref("CT2851647.EnableSearchSuggest", false);
Gefunden : user_pref("CT2851647.FeedLastCount2532783744689806690", 210);
Gefunden : user_pref("CT2851647.FeedPollDate2429156812186649977", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813040823546", "Tue May 22 2012 19:48:14 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813130095866", "Tue May 22 2012 19:48:14 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813224203613", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813230837251", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813454291735", "Tue May 22 2012 19:48:15 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813729834876", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813860870021", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156814264681793", "Tue May 22 2012 19:48:15 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156814863075366", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156815257761081", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Gefunden : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Gefunden : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Gefunden : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Gefunden : user_pref("CT2851647.FirstServerDate", "22-5-2012");
Gefunden : user_pref("CT2851647.FirstTime", true);
Gefunden : user_pref("CT2851647.FirstTimeFF3", true);
Gefunden : user_pref("CT2851647.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2851647.HPInstall", false);
Gefunden : user_pref("CT2851647.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2851647.Initialize", true);
Gefunden : user_pref("CT2851647.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2851647.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2851647.InstallationId", "fftB414.tmp.exe");
Gefunden : user_pref("CT2851647.InstallationType", "XPE");
Gefunden : user_pref("CT2851647.InstalledDate", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CT2851647.IsGrouping", false);
Gefunden : user_pref("CT2851647.IsInitSetupIni", true);
Gefunden : user_pref("CT2851647.IsMulticommunity", false);
Gefunden : user_pref("CT2851647.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2851647.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2851647.LanguagePackLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2851647.LastLogin_3.12.0.8", "Wed May 23 2012 22:30:54 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.12.2.3", "Wed May 30 2012 15:56:30 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.13.0.6", "Mon Jul 16 2012 22:41:26 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.14.1.0", "Tue Aug 28 2012 03:12:59 GMT+0200");
Gefunden : user_pref("CT2851647.LastLogin_3.15.1.0", "Fri Sep 14 2012 15:02:08 GMT+0200");
Gefunden : user_pref("CT2851647.LatestVersion", "3.14.1.0");
Gefunden : user_pref("CT2851647.Locale", "de");
Gefunden : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2851647.MCDetectTooltipShow", false);
Gefunden : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2851647.OriginalFirstVersion", "3.12.0.8");
Gefunden : user_pref("CT2851647.RadioShrinked", "expanded");
Gefunden : user_pref("CT2851647.RadioShrinkedFromSetup", false);
Gefunden : user_pref("CT2851647.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2851647.SearchBackToDefaultEngine", false);
Gefunden : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Gefunden : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gefunden : user_pref("CT2851647.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2851647.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Gefunden : user_pref("CT2851647.ServiceMapLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.SettingsLastCheckTime", "Fri Sep 14 2012 15:02:07 GMT+0200");
Gefunden : user_pref("CT2851647.SettingsLastUpdate", "1347288122");
Gefunden : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Gefunden : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Tue May 22 2012 18:48:10 GMT+0200");
Gefunden : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1331806000");
Gefunden : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Gefunden : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2851647.UserID", "UN05995112208083486");
Gefunden : user_pref("CT2851647.WeatherNetwork", "");
Gefunden : user_pref("CT2851647.WeatherPollDate", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.WeatherUnit", "C");
Gefunden : user_pref("CT2851647.alertChannelId", "1243681");
Gefunden : user_pref("CT2851647.approveUntrustedApps", false);
Gefunden : user_pref("CT2851647.autoDisableScopes", -1);
Gefunden : user_pref("CT2851647.backendstorage.cbcountry_000", "4445");
Gefunden : user_pref("CT2851647.backendstorage.cbfirsttime", "547565204D617920323220323031322031383A34383A31332[...]
Gefunden : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Gefunden : user_pref("CT2851647.componentAlertEnabled", false);
Gefunden : user_pref("CT2851647.components.1000034", false);
Gefunden : user_pref("CT2851647.components.1000234", false);
Gefunden : user_pref("CT2851647.components.129351532245744535", false);
Gefunden : user_pref("CT2851647.components.129351532247619549", false);
Gefunden : user_pref("CT2851647.components.129351532247619550", false);
Gefunden : user_pref("CT2851647.components.129416031642500897", false);
Gefunden : user_pref("CT2851647.components.129544681622671248", false);
Gefunden : user_pref("CT2851647.components.129791456886122866", false);
Gefunden : user_pref("CT2851647.components.2532783744689806690", false);
Gefunden : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2851647.initDone", true);
Gefunden : user_pref("CT2851647.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2851647.isFirstRadioInstallation", false);
Gefunden : user_pref("CT2851647.isSearchProtectorNotifyChanges", false);
Gefunden : user_pref("CT2851647.myStuffEnabled", true);
Gefunden : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2851647.navigateToUrlOnSearch", false);
Gefunden : user_pref("CT2851647.revertSettingsEnabled", true);
Gefunden : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2851647.testingCtid", "");
Gefunden : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gefunden : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Tue May 22 2012 18:48:12 GMT+0200");
Gefunden : user_pref("CT2851647.usageEnabled", false);
Gefunden : user_pref("CT2851647.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"6d5[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Galge\\AppData\\Roaming\\Mozilla\\F[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Gefunden : user_pref("CommunityToolbar.globalUserId", "ea5a7b6e-dc40-464b-943c-c8fd6585e857");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 22 2012 18:48:1[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 22 2012 18:48:11 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "10d037df-9c9a-406d-9300-7714fa170003");
Gefunden : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Gefunden : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Gefunden : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=1[...]
Gefunden : user_pref("Smartbar.ConduitSearchEngineList", "");
Gefunden : user_pref("Smartbar.ConduitSearchUrlList", "");
Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=NT_ss&mntr[...]
Gefunden : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_s[...]

-\\ Opera v12.2.1578.0

Datei : C:\Users\Galge\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [24668 octets] - [14/09/2012 16:05:02]
AdwCleaner[R2].txt - [24598 octets] - [14/09/2012 17:04:05]

########## EOF - C:\AdwCleaner[R2].txt - [24659 octets] ##########

So und das nach dem Neustart:

Code:

ATTFilter

# AdwCleaner v2.001 - Datei am 09/14/2012 um 17:04:24 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Galge - ANIMENIA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Galge\Desktop\!-Neu-!\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Galge\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\uTorrentBar_DE
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Galge\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Galge\AppData\Local\Temp\CT2653012
Ordner Gelöscht : C:\Users\Galge\AppData\Local\Temp\CT2851647
Ordner Gelöscht : C:\Users\Galge\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Galge\AppData\LocalLow\uTorrentBar_DE
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\ConduitCommon
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\CT2653012
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\CT2851647
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\Smartbar
Ordner Gelöscht : C:\Users\Galge\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DE1A42F-CF02-4FEA-BB18-2C5AE2E728DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB41DBE5-304E-47D8-8A0E-3FAEFEBC2943}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_ss&mntrId=b8578b06000000000000f46d0415880c --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Galge\AppData\Roaming\Mozilla\Firefox\Profiles\5ywp62yf.default\prefs.js

Gelöscht : user_pref("CT2653012.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2653012.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT2653012.2653012a129780834468347070000000paramsGK0", "{\"updateReqTime\":1342658253566,\[...]
Gelöscht : user_pref("CT2653012.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2653012.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2653012.FirstTime", "true");
Gelöscht : user_pref("CT2653012.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Gelöscht : user_pref("CT2653012.UserID", "UN10374448457356202");
Gelöscht : user_pref("CT2653012.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2653012.autoDisableScopes", -1);
Gelöscht : user_pref("CT2653012.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2653012.defaultSearch", "true");
Gelöscht : user_pref("CT2653012.embeddedsData", "[{\"appId\":\"129199665576658841\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2653012.enableAlerts", "always");
Gelöscht : user_pref("CT2653012.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2653012.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2653012.fixPageNotFoundError", "false");
Gelöscht : user_pref("CT2653012.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2653012.fixUrls", true);
Gelöscht : user_pref("CT2653012.installId", "ct2653012_veoh.exe");
Gelöscht : user_pref("CT2653012.installType", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2653012.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2653012.isNewTabEnabled", false);
Gelöscht : user_pref("CT2653012.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2653012.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2653012.keyword", false);
Gelöscht : user_pref("CT2653012.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Gelöscht : user_pref("CT2653012.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2653012.openThankYouPage", "false");
Gelöscht : user_pref("CT2653012.openUninstallPage", "true");
Gelöscht : user_pref("CT2653012.search.searchAppId", "129199665576658841");
Gelöscht : user_pref("CT2653012.search.searchCount", "0");
Gelöscht : user_pref("CT2653012.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2653012.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2653012.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Gelöscht : user_pref("CT2653012.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2653012.sendUsageEnabled", "false");
Gelöscht : user_pref("CT2653012.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2653012.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2653012.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1342658249791");
Gelöscht : user_pref("CT2653012.serviceLayer_services_appTracking_lastUpdate", "1342658252971");
Gelöscht : user_pref("CT2653012.serviceLayer_services_appsMetadata_lastUpdate", "1342658249625");
Gelöscht : user_pref("CT2653012.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1342658249944");
Gelöscht : user_pref("CT2653012.serviceLayer_services_login_10.10.20.14_lastUpdate", "1342684871605");
Gelöscht : user_pref("CT2653012.serviceLayer_services_optimizer_lastUpdate", "1342658250271");
Gelöscht : user_pref("CT2653012.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1342658250499");
Gelöscht : user_pref("CT2653012.serviceLayer_services_searchAPI_lastUpdate", "1342658249374");
Gelöscht : user_pref("CT2653012.serviceLayer_services_serviceMap_lastUpdate", "1342658249243");
Gelöscht : user_pref("CT2653012.serviceLayer_services_toolbarContextMenu_lastUpdate", "1342658249909");
Gelöscht : user_pref("CT2653012.serviceLayer_services_toolbarSettings_lastUpdate", "1342684871537");
Gelöscht : user_pref("CT2653012.serviceLayer_services_translation_lastUpdate", "1342658249660");
Gelöscht : user_pref("CT2653012.settingsINI", true);
Gelöscht : user_pref("CT2653012.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2653012.smartbar.CTID", "CT2653012");
Gelöscht : user_pref("CT2653012.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2653012.smartbar.homepage", true);
Gelöscht : user_pref("CT2653012.smartbar.toolbarName", "Veoh Web Player ");
Gelöscht : user_pref("CT2653012.toolbarBornServerTime", "19-7-2012");
Gelöscht : user_pref("CT2653012.toolbarCurrentServerTime", "19-7-2012");
Gelöscht : user_pref("CT2653012.toolbarDisabled", "true");
Gelöscht : user_pref("CT2653012.twitter_v1.8.0_twitter_app_open_t_f", "false");
Gelöscht : user_pref("CT2851647..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2851647.CTID", "CT2851647");
Gelöscht : user_pref("CT2851647.CurrentServerDate", "14-9-2012");
Gelöscht : user_pref("CT2851647.DSInstall", false);
Gelöscht : user_pref("CT2851647.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2851647.DialogsGetterLastCheckTime", "Thu Sep 13 2012 16:00:19 GMT+0200");
Gelöscht : user_pref("CT2851647.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2851647.EMailNotifierPollDate", "Tue May 22 2012 18:48:11 GMT+0200");
Gelöscht : user_pref("CT2851647.EnableClickToSearchBox", false);
Gelöscht : user_pref("CT2851647.EnableSearchHistory", false);
Gelöscht : user_pref("CT2851647.EnableSearchSuggest", false);
Gelöscht : user_pref("CT2851647.FeedLastCount2532783744689806690", 210);
Gelöscht : user_pref("CT2851647.FeedPollDate2429156812186649977", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813040823546", "Tue May 22 2012 19:48:14 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813130095866", "Tue May 22 2012 19:48:14 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813224203613", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813230837251", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813454291735", "Tue May 22 2012 19:48:15 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813729834876", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813860870021", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156814264681793", "Tue May 22 2012 19:48:15 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156814863075366", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156815257761081", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Gelöscht : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Gelöscht : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Gelöscht : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Gelöscht : user_pref("CT2851647.FirstServerDate", "22-5-2012");
Gelöscht : user_pref("CT2851647.FirstTime", true);
Gelöscht : user_pref("CT2851647.FirstTimeFF3", true);
Gelöscht : user_pref("CT2851647.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2851647.HPInstall", false);
Gelöscht : user_pref("CT2851647.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2851647.Initialize", true);
Gelöscht : user_pref("CT2851647.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2851647.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2851647.InstallationId", "fftB414.tmp.exe");
Gelöscht : user_pref("CT2851647.InstallationType", "XPE");
Gelöscht : user_pref("CT2851647.InstalledDate", "Tue May 22 2012 18:48:11 GMT+0200");
Gelöscht : user_pref("CT2851647.IsGrouping", false);
Gelöscht : user_pref("CT2851647.IsInitSetupIni", true);
Gelöscht : user_pref("CT2851647.IsMulticommunity", false);
Gelöscht : user_pref("CT2851647.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2851647.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2851647.LanguagePackLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gelöscht : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2851647.LastLogin_3.12.0.8", "Wed May 23 2012 22:30:54 GMT+0200");
Gelöscht : user_pref("CT2851647.LastLogin_3.12.2.3", "Wed May 30 2012 15:56:30 GMT+0200");
Gelöscht : user_pref("CT2851647.LastLogin_3.13.0.6", "Mon Jul 16 2012 22:41:26 GMT+0200");
Gelöscht : user_pref("CT2851647.LastLogin_3.14.1.0", "Tue Aug 28 2012 03:12:59 GMT+0200");
Gelöscht : user_pref("CT2851647.LastLogin_3.15.1.0", "Fri Sep 14 2012 15:02:08 GMT+0200");
Gelöscht : user_pref("CT2851647.LatestVersion", "3.14.1.0");
Gelöscht : user_pref("CT2851647.Locale", "de");
Gelöscht : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2851647.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2851647.OriginalFirstVersion", "3.12.0.8");
Gelöscht : user_pref("CT2851647.RadioShrinked", "expanded");
Gelöscht : user_pref("CT2851647.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2851647.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2851647.SearchBackToDefaultEngine", false);
Gelöscht : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Gelöscht : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gelöscht : user_pref("CT2851647.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gelöscht : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2851647.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Gelöscht : user_pref("CT2851647.ServiceMapLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gelöscht : user_pref("CT2851647.SettingsLastCheckTime", "Fri Sep 14 2012 15:02:07 GMT+0200");
Gelöscht : user_pref("CT2851647.SettingsLastUpdate", "1347288122");
Gelöscht : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Gelöscht : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Tue May 22 2012 18:48:10 GMT+0200");
Gelöscht : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1331806000");
Gelöscht : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Gelöscht : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2851647.UserID", "UN05995112208083486");
Gelöscht : user_pref("CT2851647.WeatherNetwork", "");
Gelöscht : user_pref("CT2851647.WeatherPollDate", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.WeatherUnit", "C");
Gelöscht : user_pref("CT2851647.alertChannelId", "1243681");
Gelöscht : user_pref("CT2851647.approveUntrustedApps", false);
Gelöscht : user_pref("CT2851647.autoDisableScopes", -1);
Gelöscht : user_pref("CT2851647.backendstorage.cbcountry_000", "4445");
Gelöscht : user_pref("CT2851647.backendstorage.cbfirsttime", "547565204D617920323220323031322031383A34383A31332[...]
Gelöscht : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Gelöscht : user_pref("CT2851647.componentAlertEnabled", false);
Gelöscht : user_pref("CT2851647.components.1000034", false);
Gelöscht : user_pref("CT2851647.components.1000234", false);
Gelöscht : user_pref("CT2851647.components.129351532245744535", false);
Gelöscht : user_pref("CT2851647.components.129351532247619549", false);
Gelöscht : user_pref("CT2851647.components.129351532247619550", false);
Gelöscht : user_pref("CT2851647.components.129416031642500897", false);
Gelöscht : user_pref("CT2851647.components.129544681622671248", false);
Gelöscht : user_pref("CT2851647.components.129791456886122866", false);
Gelöscht : user_pref("CT2851647.components.2532783744689806690", false);
Gelöscht : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Tue May 22 2012 18:48:11 GMT+0200");
Gelöscht : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2851647.initDone", true);
Gelöscht : user_pref("CT2851647.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2851647.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2851647.isSearchProtectorNotifyChanges", false);
Gelöscht : user_pref("CT2851647.myStuffEnabled", true);
Gelöscht : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2851647.navigateToUrlOnSearch", false);
Gelöscht : user_pref("CT2851647.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2851647.testingCtid", "");
Gelöscht : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Thu Sep 13 2012 21:31:43 GMT+0200");
Gelöscht : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Tue May 22 2012 18:48:12 GMT+0200");
Gelöscht : user_pref("CT2851647.usageEnabled", false);
Gelöscht : user_pref("CT2851647.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"6d5[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Galge\\AppData\\Roaming\\Mozilla\\F[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "ea5a7b6e-dc40-464b-943c-c8fd6585e857");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 22 2012 18:48:1[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 22 2012 18:48:11 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "10d037df-9c9a-406d-9300-7714fa170003");
Gelöscht : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=NT_ss&mntr[...]
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110184&tt=3012_2&babsrc=HP_s[...]

-\\ Opera v12.2.1578.0

Datei : C:\Users\Galge\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [24668 octets] - [14/09/2012 16:05:02]
AdwCleaner[R2].txt - [24729 octets] - [14/09/2012 17:04:05]
AdwCleaner[S1].txt - [25200 octets] - [14/09/2012 17:04:24]

########## EOF - C:\AdwCleaner[S1].txt - [25261 octets] ##########

cosinus · 14.09.2012, 21:52

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Galge · 15.09.2012, 02:16

1.) Also nach der Wiederherstellung funktioniert eig. alles wie so sonst, ich hab noch nichts festgestellt.

2.) Nein

3.) Nur wie gesagt war das mit Symantec!

MfG

cosinus · 15.09.2012, 13:49

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Galge · 15.09.2012, 14:53

So hier bitte:

Code:

ATTFilter

OTL logfile created on: 15.09.2012 15:40:37 - Run 2
OTL by OldTimer - Version 3.2.61.4     Folder = C:\Users\Galge\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 71,68% Memory free
15,99 Gb Paging File | 13,99 Gb Available in Paging File | 87,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 397,36 Gb Free Space | 42,66% Space Free | Partition Type: NTFS
Drive E: | 698,54 Gb Total Space | 698,42 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: ANIMENIA | User Name: Galge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.15 15:38:30 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Galge\Desktop\OTL.exe
PRC - [2012.04.08 16:31:12 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.04.05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.07.15 18:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010.07.07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.27 12:41:20 | 001,137,280 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Programme\ASUS\GPU Boost Driver\GpuBoostServer.exe
PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2007.01.05 17:01:34 | 000,135,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
PRC - [2007.01.05 17:00:26 | 001,985,584 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
PRC - [2007.01.05 16:59:44 | 000,030,768 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
PRC - [2006.12.07 17:25:24 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2006.12.07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.06.01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2010.06.01 10:38:40 | 000,061,440 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\flashobj.dll
MOD - [2010.02.08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.10 17:39:22 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.08.22 15:24:00 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.08 16:31:12 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.04.08 13:31:43 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.31 09:42:06 | 000,210,024 | ---- | M] (DTS) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\DTSAudioService64.exe -- (DTSAudioService)
SRV - [2011.05.04 05:18:00 | 004,137,464 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.01.05 17:00:26 | 001,985,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007.01.05 16:59:44 | 000,030,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006.12.07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006.12.07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.11.08 12:42:27 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV:64bit: - [2012.07.15 23:16:28 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.14 16:36:15 | 000,156,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.01.11 13:28:34 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.11.22 16:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2006.11.22 16:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2006.11.22 16:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2012.09.06 00:50:43 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120914.002\EX64.SYS -- (NAVEX15)
DRV - [2012.09.06 00:50:41 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120914.002\ENG64.SYS -- (NAVENG)
DRV - [2012.08.01 02:34:25 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.01 02:34:21 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010.09.16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.09.25 16:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV - [2006.11.22 16:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2006.11.22 16:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2006.11.22 16:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2004.12.30 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 87 08 93 80 57 CD 01  [binary data]
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No CLSID value found
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\..\SearchScopes\{465F315C-E442-4666-B05B-B06BC249B0DC}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\..\SearchScopes\{911321B8-17F1-44c1-90A2-E92AF503F9A2}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: info@maltegoetz.de:1.0.1
FF - prefs.js..extensions.enabledAddons: youtubeunblocker@unblocker.yt:0.2.0
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.5
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.1
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.27 11:54:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 17:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.27 11:54:03 | 000,000,000 | ---D | M]
 
[2012.05.06 01:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\Extensions
[2012.09.14 17:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\Firefox\Profiles\5ywp62yf.default\extensions
[2012.05.12 16:36:28 | 000,011,691 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\info@maltegoetz.de.xpi
[2012.05.12 16:49:17 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.07.21 00:47:06 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.09.14 15:02:04 | 000,270,876 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.05.12 16:49:17 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Galge\AppData\Roaming\mozilla\firefox\profiles\5ywp62yf.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012.09.10 17:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.10 17:39:23 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.10 17:39:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 17:39:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.10 17:39:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.10 17:39:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.10 17:39:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.10 17:39:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214310950-730897569-3731794000-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1214310950-730897569-3731794000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2B0230-7DC0-4D8D-AA98-B3F49FC4EF4B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - i420vfw.dll File not found
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - yv12vfw.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.15 15:38:27 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Galge\Desktop\OTL.exe
[2012.09.12 00:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.12 00:38:07 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Galge\Desktop\esetsmartinstaller_enu.exe
[2012.09.11 14:43:02 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\Malwarebytes
[2012.09.11 14:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.11 14:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.11 14:42:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.11 14:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.11 11:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012.09.11 11:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012.09.11 11:50:14 | 000,000,000 | ---D | C] -- C:\Users\Galge\Documents\Guild Wars 2
[2012.09.10 17:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.10 16:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.10 16:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.09.10 15:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\eenmqodvcsibfds
[2012.09.08 23:01:19 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\hybrid
[2012.09.08 22:45:20 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\HandBrake
[2012.09.08 22:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2012.09.08 22:30:59 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\avidemux
[2012.09.04 03:08:38 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.09.04 03:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galge
[2012.09.04 03:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.09.02 18:13:47 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Local\LogMeIn Hamachi
[2012.08.26 04:44:07 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Local\Chromium
[2012.08.26 04:08:41 | 000,000,000 | ---D | C] -- C:\Users\Galge\AppData\Roaming\HpUpdate
[2012.08.26 04:08:34 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012.08.25 23:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge
[2012.08.25 23:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge
[2012.08.23 15:48:35 | 000,000,000 | R--D | C] -- C:\Users\Galge\Desktop\Techno
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.15 15:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.15 15:38:30 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Galge\Desktop\OTL.exe
[2012.09.15 11:52:59 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 11:52:59 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 11:44:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.15 11:43:56 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.14 21:23:47 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.14 21:23:47 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.14 21:23:20 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.09.12 00:38:08 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Galge\Desktop\esetsmartinstaller_enu.exe
[2012.09.11 14:43:40 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.11 11:50:36 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.09.11 10:50:12 | 000,000,168 | ---- | M] () -- C:\Users\Galge\defogger_reenable
[2012.09.10 20:39:21 | 000,159,368 | ---- | M] () -- C:\Users\Galge\Desktop\Bild1.jpg
[2012.09.10 15:33:05 | 000,000,051 | ---- | M] () -- C:\ProgramData\dkrfzxliabbagca
[2012.09.07 17:44:51 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Rappelz.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.25 23:31:17 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Aion.lnk
[2012.08.23 16:25:37 | 000,007,596 | ---- | M] () -- C:\Users\Galge\AppData\Local\Resmon.ResmonCfg
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.11 14:42:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.11 11:50:36 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.09.11 10:50:12 | 000,000,168 | ---- | C] () -- C:\Users\Galge\defogger_reenable
[2012.09.10 20:39:20 | 000,159,368 | ---- | C] () -- C:\Users\Galge\Desktop\Bild1.jpg
[2012.09.10 15:32:59 | 000,000,051 | ---- | C] () -- C:\ProgramData\dkrfzxliabbagca
[2012.08.25 23:31:17 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Aion.lnk
[2012.07.24 21:19:51 | 000,000,000 | ---- | C] () -- C:\Users\Galge\md5.exe
[2012.05.07 23:26:49 | 000,000,880 | ---- | C] () -- C:\Users\Galge\AppData\Local\recently-used.xbel
[2012.04.27 11:49:42 | 000,239,337 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.04.27 11:49:42 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2012.04.24 03:10:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.04.14 17:01:40 | 000,007,596 | ---- | C] () -- C:\Users\Galge\AppData\Local\Resmon.ResmonCfg
[2012.04.11 10:40:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.04.11 10:40:34 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.11 10:40:34 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.11 10:40:34 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.04.08 14:08:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.08 14:08:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.08 12:28:50 | 001,596,826 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.08 11:58:04 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.04.08 11:58:04 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.04.08 11:58:00 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.04.08 11:58:00 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.04.08 11:52:18 | 000,048,219 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.04.08 11:51:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.04.08 11:51:33 | 000,032,976 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.11 04:06:32 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
 
========== LOP Check ==========
 
[2012.09.14 18:57:17 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\.minecraft
[2012.09.08 22:32:49 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\avidemux
[2012.04.21 22:44:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Broad Intelligence
[2012.07.15 23:19:41 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\DAEMON Tools Lite
[2012.06.28 20:26:21 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\DisplayTune
[2012.07.09 17:22:18 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\GameRanger
[2012.09.08 22:49:25 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\HandBrake
[2012.09.08 23:01:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\hybrid
[2012.04.08 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Leadertech
[2012.08.04 10:55:21 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\libimobiledevice
[2012.08.04 10:55:15 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\log
[2012.08.04 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Mp3tag
[2012.06.19 11:28:04 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Music Editor Free
[2012.07.20 01:11:34 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Nettalk
[2012.04.08 12:07:42 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Opera
[2012.08.14 23:03:04 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Origin
[2012.08.26 06:52:53 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Spider Player
[2012.04.08 12:52:06 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\ts3overlay
[2012.08.05 14:29:32 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\uTorrent
[2012.08.04 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\WindSolutions
[2012.09.04 14:33:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.14 18:57:17 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\.minecraft
[2012.04.25 09:58:42 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Adobe
[2012.07.26 04:50:09 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Apple Computer
[2012.09.08 22:32:49 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\avidemux
[2012.04.21 22:44:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Broad Intelligence
[2012.07.15 23:19:41 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\DAEMON Tools Lite
[2012.06.28 20:26:21 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\DisplayTune
[2012.09.10 23:32:38 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\dvdcss
[2012.07.09 17:22:18 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\GameRanger
[2012.09.08 22:49:25 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\HandBrake
[2012.04.27 11:55:55 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\HP
[2012.09.02 02:31:11 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\HpUpdate
[2012.09.08 23:01:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\hybrid
[2012.04.08 11:20:32 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Identities
[2012.04.08 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Leadertech
[2012.08.04 10:55:21 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\libimobiledevice
[2012.08.04 10:55:15 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\log
[2012.04.08 13:14:49 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Logishrd
[2012.04.08 13:26:45 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Logitech
[2012.04.08 12:05:20 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Macromedia
[2012.09.11 14:43:02 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Media Center Programs
[2012.04.11 10:41:16 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Media Player Classic
[2012.09.02 18:22:08 | 000,000,000 | --SD | M] -- C:\Users\Galge\AppData\Roaming\Microsoft
[2012.06.08 11:58:50 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\mIRC
[2012.05.06 01:37:49 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Mozilla
[2012.08.04 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Mp3tag
[2012.06.19 11:28:04 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Music Editor Free
[2012.07.20 01:11:34 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Nettalk
[2012.08.23 19:40:57 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\NVIDIA
[2012.04.08 12:07:42 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Opera
[2012.08.14 23:03:04 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Origin
[2012.07.10 14:37:03 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Skype
[2012.08.26 06:52:53 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Spider Player
[2012.04.08 12:52:06 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\ts3overlay
[2012.08.05 14:29:32 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\uTorrent
[2012.09.15 14:44:29 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\vlc
[2012.08.04 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\WindSolutions
[2012.04.21 22:33:25 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\WinRAR
[2012.04.27 11:54:31 | 000,000,000 | ---D | M] -- C:\Users\Galge\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2012.08.10 20:02:10 | 001,421,024 | ---- | M] (GameRanger Technologies) -- C:\Users\Galge\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
[2012.04.08 13:23:03 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Galge\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.07.07 13:06:13 | 000,065,536 | R--- | M] () -- C:\Users\Galge\AppData\Roaming\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F8287203FA05_4196_A6DF_946113EFA737.exe
[2012.04.08 11:34:37 | 000,010,134 | R--- | M] () -- C:\Users\Galge\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2012.08.04 10:40:46 | 004,156,848 | ---- | M] (WindSolutions) -- C:\Users\Galge\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

13.09.2012, 20:25	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	"Die Webseite konnte nicht aufgerufen werden" - Virus Hm, warum lief Malwarebytes denn vorher durch? Irgendwas verändert? Abgesehen von den Signaturen. Hast du irgendwas von Norton zwischen unseren Beiträgen installiert? __________________ --> "Die Webseite konnte nicht aufgerufen werden" - Virus

14.09.2012, 21:52	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	"Die Webseite konnte nicht aufgerufen werden" - Virus Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

"Die Webseite konnte nicht aufgerufen werden" - Virus

Plagegeister aller Art und deren Bekämpfung: "Die Webseite konnte nicht aufgerufen werden" - Virus