|
Log-Analyse und Auswertung: Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings ExtensionWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.02.2013, 20:05 | #1 |
| Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Hallo, so ging es los: Ich entdeckte auf einer Landingsite eines Kunden unerwünschte Werbe-Links zu de.clickcompare.info/search. Beim Überfahren der Links mit der Maus erschien als Hover-Text: Giant Savings Extension Ich habe bisher folgendes in nachfolgender Reihenfolge gemacht: 1) Einen Total Scan mit McAfee. Ergebnis: 5 Dateien wurden als infiziert gemeldet, aber keine Programme. Habe die Dateien (leider) entfernen lassen (sorry). 4 der 5 Dateien enthielten den Namens-Bestandteil "Artemis!xxxxxxxxxxx". Das Problem bestand anschließend immer noch. 2) Habe dann das Programm Malwarebytes Anti-Malware heruntergeladen und einen Quick-Scan durchgeführt. Diesmal wurden 5 Anwendungen als Malware infiziert. Sie gehen aus der angehängten Log-Datei hervor. 3) Ergebnis bis hierhin: Problem bestand weiterhin. Zusätzlich konnte ich nicht mehr vernünftig booten (Bildschirm blieb völlig blank, Computer hat sich dabei aufgehängt). 4) Nach mehreren Versuchen konnte ich dann über den abgesicherten Modus wieder booten. Anschließend hängte sich der Computer aber auch dann bald wieder auf. Da ich zuletzt Malwarebytes Anti-Malware installiert hatte, habe ich das Programm nun wieder deinstalliert, um zu schauen, ob nun ein normales Booten möglich wäre. War aber nicht der Fall. 5) Daraufhin habe ich Malwarebytes Anti-Malware wieder installiert und einen erneuten Quick-Scan vorgenommen, der aber kein Ergebnis mehr brachte. 6) Dann habe ich die bei Trojaner-Board empfohlenen Schritte durchgeführt. Schritt 1: Defogger disabled (Zustand besteht noch) Schritt 2: Quick-Scan mit OTL.exe OTL.txt und Extra.txt sind angehängt. (OTL als OTLTeil1 und OTLTeil2, weil Datei zu groß war) Schritt 3: Scan mit GMER durchgeführt. Gmer.txt ist angehängt. Ergänzung: Log-Datei Anti-Malware, Extra.txt und Gmer.txt wurden vom System wieder gelöscht, weil Dateien zu groß. Deshalb Inhalte hier: a) Anti-Malware: Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 245762 Laufzeit: 39 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\fcn (Rogue.Residue) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\$RECYCLE.BIN\S-1-5-21-3339244594-544626258-3807575601-1000\$RCA6882.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\urflamingo\AppData\Local\Temp\is357113909\FunmoodsSetup.exe (Adware.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\urflamingo\Downloads\ADLSoft_UnCompressor.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) b) Extra.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.02.2013 14:43:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\urflamingo\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 73,40% Memory free 10,68 Gb Paging File | 10,12 Gb Available in Paging File | 94,79% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4597 4597 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 32,96 Gb Free Space | 22,88% Space Free | Partition Type: NTFS Drive D: | 178,85 Gb Total Space | 100,95 Gb Free Space | 56,44% Space Free | Partition Type: NTFS Drive E: | 140,50 Gb Total Space | 86,06 Gb Free Space | 61,25% Space Free | Partition Type: NTFS Drive H: | 59,65 Gb Total Space | 54,96 Gb Free Space | 92,13% Space Free | Partition Type: NTFS Drive I: | 3,69 Gb Total Space | 3,23 Gb Free Space | 87,60% Space Free | Partition Type: FAT32 Drive J: | 59,58 Gb Total Space | 59,49 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Computer Name: MM-PC | User Name: urflamingo | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .ini [@ = UltraEdit.ini] -- "C:\Program Files\IDM Computer Solutions\UltraEdit\UEdit32.exe" "%1" .js [@ = UltraEdit.js] -- "C:\Program Files\IDM Computer Solutions\UltraEdit\UEdit32.exe" "%1" .txt [@ = UltraEdit.txt] -- "C:\Program Files\IDM Computer Solutions\UltraEdit\UEdit32.exe" "%1" ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mit Corel PaintShop Pro X5 durchsuchen] -- "c:\Program Files\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe" "%L" (Corel, Inc.) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02D679FA-E63A-4059-9772-6FC6D6AC142B}" = lport=139 | protocol=6 | dir=in | app=system | "{043E3FFC-7117-4B2C-8B21-20925FCF0528}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{16FF8B36-5D07-44DE-92B7-833BBB7E5FEB}" = rport=5357 | protocol=6 | dir=out | app=system | "{1D300E59-457A-43DD-9D7B-84FC3B0D5A3D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{1EE0849A-1879-406B-9EFC-743868035508}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{23E75BE3-9D4D-4B78-9EDB-B34F7A138E8A}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{317B5AD7-2C95-4227-A4C3-5BF870D3F129}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{38E1824E-9906-4A21-B914-A28BB8FF6B3D}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{3ADF4903-2A4A-40FF-9076-7A6485EC258C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{3C23E681-5AAB-431A-8C6A-E4372C028CF3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{3EE83958-BB43-4304-837A-538C8786DFB5}" = lport=86 | protocol=6 | dir=in | name=broadcam video streaming server web server | "{55FE0961-35AE-4357-AA03-302AB46A7904}" = lport=1935 | protocol=6 | dir=in | name=broadcam video streaming server flash video server | "{6354F186-D7E2-4497-BAF3-DB5AAFF64963}" = lport=138 | protocol=17 | dir=in | app=system | "{68268F23-9072-4CE8-9189-6C271AB525DE}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{690D2B2E-B805-4602-945A-E41CA298DBF0}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{74589291-3CF1-431F-8C2C-41BE1A96E256}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{74C5AD49-746A-4886-B939-0637A74DA9C6}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{756E546E-DC7C-45F5-9F2F-6619032B7F31}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe | "{758F2D71-70A2-4B96-8002-CDE1DC23BC4B}" = rport=137 | protocol=17 | dir=out | app=system | "{76524D0B-5DC9-4CB3-B16D-7D60A02E0428}" = lport=10243 | protocol=6 | dir=in | app=system | "{76E50A2B-277A-44DE-8712-D1CC387F0305}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{7BDF9FDD-C73C-4110-B5FB-33C6F2648455}" = rport=445 | protocol=6 | dir=out | app=system | "{7BEA759A-6B5D-4352-8BC2-5E05443684CC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7DADB10B-7B0B-44AE-839A-D2A82E93F8EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7F2B5D55-C59E-439E-AD83-9F3A88A25056}" = lport=137 | protocol=17 | dir=in | app=system | "{81669914-9073-4E5B-83A2-E0E37B3841CC}" = lport=445 | protocol=6 | dir=in | app=system | "{86F950FF-38FA-4B60-9E83-B64C449F8663}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{892FE8C6-0083-48A8-B470-585DD14812E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{8D8828E7-01B9-4E26-9FF9-06F6179034F2}" = rport=10243 | protocol=6 | dir=out | app=system | "{8F9ABB1B-BC49-485A-B960-4046EA17371F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{9942CEA2-9253-4302-BE5D-D61EC4F61436}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{9C10C93A-78DD-4118-B0E9-03FF29169E82}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{9C847CDC-FB14-47EF-ACD1-65DF05CA0E45}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{9E4E1C04-EEFE-4A8B-8FC0-792A8349DB65}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{A06C1BEE-5ADA-447B-9B63-B19AE3530FEB}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{A54BCAD5-4992-4AFD-B111-392E9135E74A}" = lport=99 | protocol=6 | dir=in | name=express delegate server | "{A568342A-DE44-4554-A334-A374B7B602B8}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port | "{A996C89A-612D-489D-87C1-6F728E834823}" = lport=2869 | protocol=6 | dir=in | app=system | "{A9D442AE-5DC6-440A-9CB4-072AFF37DDCC}" = rport=5358 | protocol=6 | dir=out | app=system | "{AAFC4355-C7CE-457E-A6A1-38038996C388}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{ACA28D85-69DD-43C2-962A-27B14FDF0AFB}" = rport=138 | protocol=17 | dir=out | app=system | "{B75E0669-A6D3-4B19-B5C0-6D62A5B45F28}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{B79D4A5B-B31E-445F-A2E9-27D3FE9175EB}" = rport=139 | protocol=6 | dir=out | app=system | "{B7AC80E0-D998-4305-847A-E95585B03307}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{C32EA71F-0465-4F13-9736-5C8EEA4957AB}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{C6D69053-B721-4454-B707-8603541C123D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{C773A1BE-43FE-41AE-AA92-377408B96AC5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{C89EFD08-927D-4369-B206-26658D24D065}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{CAEDE33A-6A7B-4D89-86FA-28124409353F}" = lport=5358 | protocol=6 | dir=in | app=system | "{D2271DF1-5155-480A-A723-95B181EB3706}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{E3E62489-4459-41DB-9DBF-023605A5E537}" = lport=99 | protocol=6 | dir=in | name=express delegate server | "{E804ADDA-0993-4B88-B798-D01099FA6AC0}" = lport=5357 | protocol=6 | dir=in | app=system | "{E8296D4B-A3E0-49EC-BB8C-68B64E4B7CF0}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{E83AC3D6-6C98-46A9-BC99-6BC6FD7C01D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EC8CECE8-48D0-4EAE-B8AB-FD06DE6D9C81}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{004D73C0-E462-4052-B02F-9C7ED308E90B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{0063B18F-01FC-4D70-B691-3F65A64FD9A3}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | "{00A89A83-8350-4E26-B5C0-3FE49F6164A5}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | "{01280527-11FE-413B-B0A5-2E653E6DAB05}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{03D871EA-C32F-4FB7-9BD8-EFDB9401F7E7}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | "{043B13ED-E702-4F75-96D7-752DC0C199D6}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{07141DD2-8207-45A8-8195-A73E8E90A905}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{08454722-DE52-4758-9153-B4F53994BD74}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{09EEED09-F439-4DA5-B83D-9D9398FADB0A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{0EA1298F-BEEC-41A3-A0A0-D60DE497EA83}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{0EB54319-2C82-4500-927C-71F69CC1FDA9}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{1496D1C9-A373-440E-AFF1-9C5108DC2BA7}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{15ACB147-B421-491B-8B88-055424B8967B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{1A1DBC46-B0D5-4C30-8952-D70D54556127}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{1AE390D5-D9E6-45E4-AC8D-B412C25AE94F}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{1CBCF0D7-FF14-4ADD-A1AD-FFD99B0A03C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{215C5420-9BCD-4C95-819E-47C9BD4AF3E0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{269CF42F-34D7-44E1-8154-468A2B3E7B44}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{29147CB4-A521-4039-8507-70F6D9E4D147}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | "{2BBC3EB7-EE27-4F0E-8566-4A5F16A65A66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{32A540FC-EDA5-4489-93C2-E75A3627AA2E}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | "{398D407B-ABF6-487C-B664-FB54F654FB6A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{413E1D93-FE5E-4CB2-94E6-97A2B0379FA8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{41D6AC82-EAC6-485F-A44F-BFE48A54805A}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | "{4B151F9A-0A0C-445F-AA56-295569AF254B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{4E82DBBC-C18E-4656-8EDD-D815ECBF1AF0}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | "{5466A2D2-744B-49F1-8DBC-CDCC4C80B68F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{5844F1F2-E7C2-4CB6-9F94-CEF1CAD0AE98}" = dir=in | app=c:\program files\dimdim\plugin\application\dimdim.exe | "{5F643368-CF3C-4A94-B976-609FF6C4BBC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{73FBF46E-D59B-4486-A288-D877F374FA0B}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{7A610965-3B4F-4F7E-A99B-14583214B694}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{7E3BE107-017A-4A78-82F4-C6098CF9B7DC}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{804337CB-ADD7-42AA-9B6F-8F840949B6CA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{80D56DAA-42B7-4D43-A711-49BD98B97D3D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{871090D3-A641-4885-9698-18D50673D444}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8E19B5AF-3012-4CC6-A84A-085CB7AEBDC1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{8F7C18B5-C9E7-4F35-9EEB-03DDFBFE8030}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{970E2153-184F-482B-9B86-B46EAE130CBB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{A405C49B-DDC2-4FB4-AC47-94A1F259CBDC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A5E12802-4A4A-4ECF-958D-AC01FA238257}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{A654E937-BFB9-4374-9F32-DBC27BA82DEB}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | "{ADC8D6B4-998A-43BB-88E5-CD8287064C02}" = dir=in | app=c:\program files\dimdim\plugin\application\myscreen.exe | "{B18553B8-87CD-4550-8266-E05761ECABFB}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{B1D13401-1E69-4BD8-A9FD-44E08260620B}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{B22C5585-2C12-437B-97AE-96F08FB1B65A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{B3C88FFB-98E0-445F-B058-FA52B38F0135}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{B69CF2C2-E9CE-4CF5-844B-7A41FB10C076}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{BF302066-3C27-4E2C-A193-78229E8B2502}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{BF885272-C4B9-4618-9650-ECC4B1215435}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{BFA57FAD-B487-4010-8077-B8EB13B51382}" = protocol=17 | dir=in | app=c:\users\urflamingo\appdata\roaming\dropbox\bin\dropbox.exe | "{C792A8BA-5B2F-4EB1-8539-45D663AA9CD3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{C914D60D-9478-4ECD-BFB5-AA17AD5405BF}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{CA5EB39B-1B9D-4F23-978C-A01FA55F9E8A}" = dir=in | app=g:\setup\hpznui01.exe | "{CB3586A2-E4EF-4E6C-8C17-8F69B3224E72}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | "{CBFC9AA5-A5C5-4A6A-95F8-5C83B5FABF9B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{CDE1A9CE-34FC-4B97-B2F5-EBB1546C2239}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | "{D33ABC2F-7080-4E10-81F4-8A32FA839A7F}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | "{D3EDDE48-C4EA-4E79-931E-99C1C3FE97BD}" = dir=in | app=c:\program files\corel\windvd11\\windvd.exe | "{D45B1897-A57C-4B1B-A5C9-7B2D4874238F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{D6D65FEB-97FF-42DB-ACA8-AE13A7E487B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{D8B45C4F-38A6-4AB0-A745-71D1E5879CB1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{DB2C11B6-2404-47B9-9AB1-A04314A08C4A}" = protocol=6 | dir=in | app=c:\users\urflamingo\appdata\roaming\dropbox\bin\dropbox.exe | "{DB9C32FD-1B4E-4D3C-93F2-DF5363DAB956}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{DC27CC87-648B-4A18-8BC6-6A5A4BD9E274}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{E0AF6CD6-57D7-489E-BC91-672F937B9916}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{E10442C2-BB3B-4B07-BC75-97C763563B72}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | "{E2CFA75C-4409-4221-B274-6707FAB70AAB}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{EA2A9F7E-B66D-4052-BF7E-1F5C2B30A535}" = dir=in | app=c:\programdata\dimdim\updater\next.exe | "{EA715222-968E-4974-8D41-1FD687D30F37}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{EC53020A-7467-4CA5-95FC-BF969DEFFCE7}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{ECF826DF-699D-4272-9F93-B97719706FEC}" = protocol=6 | dir=out | app=system | "{EFBE49FC-464B-4040-A7A2-32FDB06887FE}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{F411E8D0-DD54-49EF-A900-9E2E96A1AEF6}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{F60D6A10-6EE2-4630-B47B-83D27787A14D}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "TCP Query User{0DB923EC-CBD4-499D-BD4D-1BAD73A059E8}C:\users\urflamingo\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\urflamingo\appdata\local\temp\cprogram filesopera\operaupgrader.exe | "TCP Query User{1E11C5E9-FBD5-48C7-B99B-796E9A1A5137}D:\eclipse\eclipse-php-helios-win32\eclipse\eclipsec.exe" = protocol=6 | dir=in | app=d:\eclipse\eclipse-php-helios-win32\eclipse\eclipsec.exe | "TCP Query User{4709E7DD-B7C5-4C71-A5F0-2213488554E8}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "TCP Query User{4B7100DE-FF98-40B4-9E56-E7E90BF35781}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{4BD9B7AF-D539-4C51-AD1E-901825965F8B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{97E6A076-6FE4-4DE2-8200-0276B82493B8}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{B183BE29-0FFE-4768-AE9A-F4CF51BA1D07}D:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\httpd.exe | "TCP Query User{E4C6A04A-CF81-47B8-A8E2-832B64A394A2}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{E5601C29-A6E4-49F1-A7AB-A681B280CA71}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | "TCP Query User{F6A915E4-25F0-411A-8FD7-A3A263EA07B2}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{FA00DE4A-B350-4B73-9CCA-70DAFEECE095}C:\program files\xenu\xenu.exe" = protocol=6 | dir=in | app=c:\program files\xenu\xenu.exe | "TCP Query User{FEE14686-E5C4-4166-BB7D-E8BEB2CF745F}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | "UDP Query User{1404D660-A928-43E1-98B0-AB863F955C8F}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | "UDP Query User{31415219-F804-4FAF-894B-43D10E39F9A7}D:\eclipse\eclipse-php-helios-win32\eclipse\eclipsec.exe" = protocol=17 | dir=in | app=d:\eclipse\eclipse-php-helios-win32\eclipse\eclipsec.exe | "UDP Query User{3B9837ED-2938-44DA-85FF-66889B1DBF8F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{6454B441-73F9-4856-A591-3D07B4BD47F4}D:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\httpd.exe | "UDP Query User{6BB773F2-B28D-4EE6-9452-30910B7F19CD}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{9EB45BFA-8BBB-4289-990D-013926D8DDE5}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "UDP Query User{A8301768-B4F1-4492-A529-181B2C1CEB5C}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{B84CC573-AE88-4590-B91B-C102914F0E94}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{C5B711AE-C1C3-4123-B7D0-028188D53AC3}C:\users\urflamingo\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\urflamingo\appdata\local\temp\cprogram filesopera\operaupgrader.exe | "UDP Query User{D009F1ED-70BF-402A-9253-E2F153EF5399}C:\program files\xenu\xenu.exe" = protocol=17 | dir=in | app=c:\program files\xenu\xenu.exe | "UDP Query User{D337733F-D8D8-4975-BA2D-AA558BB542D1}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | "UDP Query User{EB4AF8BE-46F6-4A26-AF0C-092726EE5D91}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = Corel PaintShop Pro X5 "_{1A1BD41E-9854-4957-8959-F9559A8862A7}" = Corel VideoStudio Ultimate X5 "_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = Corel WinDVD Pro 11 "_{CC9512A6-8BF7-4FD5-BCCF-05F6FCD19961}" = Corel MotionStudio 3D 1.0 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02E12A07-1BB9-44D6-A480-4EA42DB9E122}" = Boris Graffiti for Corel "{045E662E-452C-4A80-A8D1-22E5BCD74F94}_is1" = Firelab "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06005D86-3436-43E4-9014-3CC4A972D47B}" = Website Indexer "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{113BC587-C2A9-457F-9022-9DB31ABBDD90}_is1" = ffDiaporama 1.5 (20121126) "{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3 "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{15002A1B-C1E7-4E91-A3EC-5502BF924A32}" = Setup "{15180A90-1FC0-47E4-A150-3AECEF07B3B6}" = Corel PaintShop Pro X5 "{1522E36C-3739-41E4-8CD3-A4AFEA70086A}" = PSPPContent "{153DD765-C8C6-4893-8CEF-D965351D82EC}" = PSPPHelp "{154B0B16-ABCD-4A06-B0B7-8146B7A89B25}" = IPM_PSP_COM "{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = ICA "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86 "{1960DE09-3B90-4B66-A2AF-43BA79D29688}_is1" = iPosition Professional "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1A1BD41E-9854-4957-8959-F9559A8862A7}" = ICA "{1A50A265-2D60-4C08-A21F-26C98E3162C1}" = MAGIX Web Designer 7 Premium "{1BCA1F47-9498-46E3-895E-1C235D7AE967}_is1" = WebsiteBooster 2.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F57FEF3-3E49-4252-B977-B98D3A7C89D0}" = Corel VideoStudio Pro Title Pack "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13 "{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2DD67752-A84F-493D-884B-A857CEE14A88}" = Corel VideoStudio Pro Title Pack "{2E5C5BC1-9285-45DA-8885-29AFEA541C52}" = Setup "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{31026A89-8BB8-7712-8B73-F35FDFB38BCE}" = ClientTamer "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{326DEAB3-3F1C-4239-B43A-D2EA7CD934A0}" = MAGIX Video deluxe MX "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{466B8FC6-8D80-4DA1-BA2D-EC7094BD3C31}" = Corel VideoStudio Pro Title Pack "{47906131-1A8F-45A2-9EFD-CB6AD63B1F0A}" = MAGIX Speed burnR (MSI) "{48A00644-2D97-43B5-A614-603DECF3E5F6}" = Boris Graffiti for Corel "{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E52D627-F326-40DB-A74F-8C91BA6D88C6}" = Nero CoverDesigner "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{4FAFC48A-73CD-4ECF-BF89-32825E6360FA}" = Corel PDF Fusion "{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500 "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{580EC579-E476-469F-9EBF-F82D696FC67A}" = iClone SE "{5849AFE4-802B-4C4D-A79F-F988C2BB7A7F}" = Corel WinDVD "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3 "{5D71E42B-EA8B-4B05-94F1-D5965495EAF1}_is1" = Easy Directory Preview 4.0 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6473C0E9-9763-4D94-808A-B250540AA750}" = Sound Forge Audio Studio 10.0 "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66C70B5F-730F-4C5D-9FC5-8E56D0FE7D53}" = IPM_VS_Pro "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A6F7B28-E178-47AC-8654-A654ADA6C777}" = VSHelp "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition "{6E7CEC26-A2F0-41BF-B89D-61E6C9B112DB}" = Corel PDF Fusion Addins "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{777705B9-E6F6-44B4-BAA1-48E70ACE1740}" = C3D "{7777A2E0-3F99-4F4A-8BF1-507C04C45CD6}" = IPM_C3D "{77BE790A-2F0E-277A-B1D5-24AE58CA1C5E}" = CherryPicker "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82A34D1B-A36C-4B53-BFC8-2F3FDB32CFD9}" = IPM "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8598C8D6-D5AE-ABA2-6207-402F56B8FC78}" = Market Samurai "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AA4F966-EF4B-44D8-99AA-C4EA93B46863}" = VSClassic "{8EBB8452-274B-465D-8324-00B0832FBB00}" = SoftMaker Office 2010 Home & Business "{8EBB8452-274B-465D-8324-00B0832FBB02}" = SoftMaker Office Professional 2012 (Trial) "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8FF072CB-8675-430B-BCCD-F188AA754182}" = eM Client "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90497B65-8668-4E0A-B3D7-1B1862CBDBC1}" = MAGIX Foto & Grafik Designer 7 Download-Version "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{94EF4A0A-E8DA-FD7A-5E59-EDCD5C3CD5E2}" = Domain Samurai "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = ICA "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C7C04AB-4B97-49DB-88A0-454795349008}" = Nero CoverDesigner Help (CHM) "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A6192CB6-23D4-459C-B639-8F8722D075AC}" = MAGIX Foto & Grafik Designer 7 "{A6806D86-BFF3-49CD-8E2B-87BB3507E53F}" = Web Easy Professional 8 "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8 "{A8887C7B-0BCC-4FBF-BCEB-9BB4D4B14999}" = Setup "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A98AC393-5A37-44A9-A8E4-6AD6383D3F2D}_is1" = Kauftraffic "{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF1EA239-9F8A-475B-91BE-3DA009599D73}" = Acer My Start-up Screen "{B086BE75-3E6E-486B-9F89-467FB5715661}" = Business "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network "{B293F0E6-10B7-45FD-BACF-18826515C246}_is1" = Conference Recording Service "{B6D08A81-1CE7-4f27-B659-D45CC7253DF0}" = MatchWare MindView 3.0 BE Demo "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{BBEB33B4-4F84-460E-9441-A18104F01C68}" = C3DHelp "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C500336C-6EEA-49BF-8614-CCFF12E5628F}" = Setup "{C717B4D4-2EFA-4DC3-8EDB-79543E43666C}" = VSUltimate "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{C9C641B6-DB5C-4C84-B6C9-9540388DA0DA}" = WebMeeting Plug-in "{CA486743-5F44-40D5-A38B-77911FB27579}" = Contents "{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}" = ArcSoft MediaImpression for Kodak "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC9512A6-8BF7-4FD5-BCCF-05F6FCD19961}" = ICA "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE93C501-8C33-4F0F-9590-0C006F03C823}" = Screencast.com Desktop Uploader "{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup "{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D70ADC25-24FF-4F9C-A7DD-6D5B670CC013}" = MAGIX Screenshare "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DCDC6934-7428-489E-8651-90B53191488B}" = ISCOM "{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8 "{EEBEF66A-70FD-4DF6-B173-82D07E61853E}" = Share "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1676432-361C-44EE-9596-24C1BB5608B8}" = Nero CoverDesigner "{F281F43B-C568-4FD6-9629-2D74C36A1221}" = PDF Suite 2012 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "A4Desk_is1" = A4Desk(deutsche) 4.0 "Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection AAU 6.0.00.17 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Artisteer 2" = Artisteer 2 "Audacity_is1" = Audacity 2.0.2 "AudibleManager" = AudibleManager "AutocompletePro3_is1" = AutocompletePro "AVG Secure Search" = AVG Security Toolbar "AVMWLANCLI" = AVM FRITZ!WLAN "AVS Audio Converter_is1" = AVS Audio Converter 7 "AVS Screen Capture_is1" = AVS Screen Capture version 2.0.2 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS Video Editor_is1" = AVS Video Editor 6 "AVS Video Recorder_is1" = AVS Video Recorder 2.5 "AVS Video ReMaker_is1" = AVS Video ReMaker 4.1.2.147 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8 "AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3 "Banner Generator 1.00" = Banner Generator 1.00 "BILDmobil" = BILDmobil "Box Shot 3D" = Box Shot 3D "CdCoverCreator" = CdCoverCreator 2.5.3 "CD-DVD Druckerei 7_is1" = DATA BECKER CD-DVD Druckerei 7 "CherryPickerLive" = CherryPicker "CloudBerry Explorer for Amazon S3" = CloudBerry Explorer for Amazon S3 3.7 "CloudBerry Online Backup" = CloudBerry Online Backup 2.7.1 "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup" = DivX-Setup "DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Domain Samurai "ElsterFormular 11.1.3.3887" = ElsterFormular "E-MailVerifier" = E-MailVerifier 1.50 "FeedDemon_is1" = FeedDemon "FileZilla Client" = FileZilla Client 3.6.0.2 "Giant Savings Extension" = Giant Savings Extension "Google Chrome" = Google Chrome "GridVista" = Acer GridVista "HandBrake" = HandBrake 0.9.5 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "InstallShield_{B086BE75-3E6E-486B-9F89-467FB5715661}" = Business "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver "IrfanView" = IrfanView (remove only) "Keyword Warrior_is1" = Keyword Warrior "KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Basic) "LManager" = Launch Manager "LogoMaker_is1" = LogoMaker 3.0 "MAGIX 3D Maker D" = MAGIX 3D Maker (embeded) "MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9 "MAGIX Fotobuch" = MAGIX Fotobuch 3.6 "MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service "MAGIX Screenshare D" = MAGIX Screenshare "MAGIX Video deluxe 15 Plus D" = MAGIX Video deluxe 15 Plus 8.0.0.62 (D) "MAGIX Video deluxe 2008 PLUS D" = MAGIX Video deluxe 2008 PLUS 7.5.2.10 (D) "MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D) "MAGIX_MSI_Foto_Grafik_Designer_7" = MAGIX Foto & Grafik Designer 7 "MAGIX_MSI_Foto_Grafik_Designer_7_FPMX" = MAGIX Foto & Grafik Designer 7 Download-Version "MAGIX_MSI_Videodeluxe18" = MAGIX Video deluxe MX "MAGIX_MSI_Web_Designer_7_Premium" = MAGIX Web Designer 7 Premium "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Miracle Squeeze Page Builder_is1" = Miracle Squeeze Page Builder v2.0 "mlrjpwnu" = Favorit "Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSC" = McAfee Total Protection "Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D) "NewBlue Titler EX for Corel VSX5" = NewBlue Titler EX for Corel VSX5 "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "Opera 11.10.2092" = Opera 11.10 "PhotoPad" = PhotoPad Image Editor "PhotoStage" = PhotoStage Slideshow Producer "PinAutomation - Affiliate Robot v1.2_is1" = PinAutomation - Affiliate Robot v1.2 "PinDetective v1.2_is1" = PinDetective v1.2 "Pixel Ruler" = Pixel Ruler "Pixillion" = Pixillion Image Converter "Powerbullet Presenter free v1.35_is1" = Powerbullet Presenter "Prism" = Prism Videodatei-Konverter "proDAD-HeroglyphRoute-4.0" = proDAD Route 4.0 "proDAD-Mercalli-2.0" = proDAD Mercalli 2.0 "proDAD-Vitascene-2.0" = proDAD Vitascene 2.0 "Protect Disc License Helper" = Protect Disc License Helper 1.0.118 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Quick 3D Cover_is1" = Quick 3D Cover 2.0.1 "Recordpad" = RecordPad Sound Recorder "Riot" = Riot - Radical Image Optimization Tool "seopowersuite" = Rank Tracker "Shop for HP Supplies" = Shop for HP Supplies "SocialMediaManager" = ClientTamer "Software Informer_is1" = Software Informer 1.0 BETA "SopCast" = SopCast 3.2.8 "SuperMailer" = SuperMailer 5.20 "Switch" = Switch Sound File Converter "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 7" = TeamViewer 7 "TVUPlayer" = TVUPlayer 2.5.3.1 "Veetle TV" = Veetle TV 0.9.18 "VLC media player" = VLC media player 2.0.5 "vShare" = vShare Plugin "Web_3.0.3813.0" = Microsoft Expression Web 3 "WebMeeting Plug-in" = WebMeeting Plug-in "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite_Wave3" = Windows Live Essentials "Winload Toolbar" = Winload Toolbar "WinRAR archiver" = WinRAR "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "Xenu's Link Sleuth" = Xenu's Link Sleuth "XHeader" = XHeader "Xilisoft Video Converter Platinum 6" = Xilisoft Video Converter Platinum 6 "XnView_is1" = XnView 1.97.2 "Zattoo4" = Zattoo4 4.0.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "DSite" = Update for Mipony Download Accelerator "GoToMeeting" = GoToMeeting 5.1.0.880 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06.02.2013 18:27:29 | Computer Name = MM-PC | Source = WinMgmt | ID = 10 Description = Error - 06.02.2013 18:36:52 | Computer Name = MM-PC | Source = EventSystem | ID = 4609 Description = Error - 06.02.2013 18:37:06 | Computer Name = MM-PC | Source = WinMgmt | ID = 10 Description = Error - 06.02.2013 18:56:42 | Computer Name = MM-PC | Source = EventSystem | ID = 4609 Description = Error - 06.02.2013 18:56:49 | Computer Name = MM-PC | Source = WinMgmt | ID = 10 Description = Error - 06.02.2013 19:06:23 | Computer Name = MM-PC | Source = WinMgmt | ID = 10 Description = Error - 06.02.2013 20:17:00 | Computer Name = MM-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 18.0.2.4780 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 710 Anfangszeit: 01ce04bff0062622 Zeitpunkt der Beendigung: 686 Error - 07.02.2013 02:37:50 | Computer Name = MM-PC | Source = WinMgmt | ID = 10 Description = Error - 07.02.2013 02:48:04 | Computer Name = MM-PC | Source = EventSystem | ID = 4609 Description = Error - 07.02.2013 02:48:17 | Computer Name = MM-PC | Source = WinMgmt | ID = 10 Description = Error - 07.02.2013 08:32:45 | Computer Name = MM-PC | Source = EventSystem | ID = 4609 Description = Error encountered while reading event logs. < End of report > c) Gmer.txtGMER Logfile: Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-02-07 16:08:24 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB Running: gmer_2.0.18454.exe; Driver: C:\Users\URFLAM~1\AppData\Local\Temp\pgtdypoc.sys ---- User code sections - GMER 2.0 ---- .text C:\Windows\Explorer.EXE[1316] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7695B37C 4 Bytes [00, 26, 81, 01] ---- Registry - GMER 2.0 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{37605CD6-CC1A-9225-9ACA-4900517F7F93} ---- EOF - GMER 2.0 ---- 7) Hinweis zu den Ergebnissen: Bei OTL.txt taucht unter "CHR-Extension" die Wortgruppe "Giant Savings Extension" auf (= die Beschriftung der eingeblendeten Links). Außerdem taucht Gleiches auf bei 02-BHO und auch unter AAV 6.0.00.17 taucht die Wortgruppe auf. 02-BHO: Bei Programm Files gibt/gab es einen Ordner mit diesem Namen (am Ende eine ....dll mit dem Zusatz: 25 Apps) . Da ich weiterarbeiten muss und diese Dateien als andauernde Bedrohung empfunden habe, habe ich sie mit McAfee geshreddert, ebenso wie die Extensions unter Benutzer\AppData\Local\Google\Chrome\UserData\Default\Extensions\..........Wortgruppe\ \Crossrider und .....................\............\Wortgruppe , die unter CHR angezeigt werden/wurden. Ich hatte gehofft, damit schon alles erledigt zu haben. Diese Hoffnung hat allerdings getrogen. 8) Status: Thema Einloggen: Windows Vista Startbildschirm erscheint mit User-Einlogg-Fenster. Einloggen ist möglich, danach erscheint Schriftzug "Willkommen" und der Computer hängt sich auf. Thema McAfee: McAfee lässt sich nicht mehr aktivieren (springt immer nach ca 1 Sek. zurück auf "Echtzeit-Scan ist deaktiviert". Arbeiten im abgesicherten Modus mit Netzwerk-Einstellungen ist möglich - allerdings unter erheblichen Performance-Einbußen. Thema Werbe-Links: Die sind noch immer aktiv. Ich wäre Ihnen sehr dankbar, wenn Sie mir helfen könnten! Geändert von urflamingo (07.02.2013 um 21:02 Uhr) |
07.02.2013, 21:10 | #2 |
/// TB-Ausbilder | Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings ExtensionMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern und führe dort jeweils die folgenden Schritte aus: Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden. Bitte lade Junkware Removal Tool auf Deinen Desktop.
Schritt 3 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
08.02.2013, 00:22 | #3 |
| Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Es kommt mir zwar komisch vor, aber ich scheine hier meine Antwort posten zu können.
__________________Zunächst mal vielen Dank für die prompte Reaktion, lieber Matthias. Ich habe die ersten beiden Schritte ausgeführt und füge jetzt hier die TXT-Dateien ein:AdwCleaner Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.2 (02.02.2013:2) OS: Windows Vista (TM) Home Premium x86 Ran by urflamingo on 07.02.2013 at 22:50:36,27 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{043c5167-00bb-4324-af7e-62013faedacf} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{043c5167-00bb-4324-af7e-62013faedacf} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3339244594-544626258-3807575601-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer Successfully deleted: [Registry Key] hkey_local_machine\software\iminent Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions Successfully deleted: [Registry Key] hkey_current_user\software\softonic Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\autocompletepro.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\nctaudiocdgrabber2.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\vsharechrome Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\suggestmeyes.suggestmeyesbho Successfully deleted: [Registry Key] hkey_local_machine\software\classes\suggestmeyes.suggestmeyesbho.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\vshare.imedixprotocol Successfully deleted: [Registry Key] hkey_local_machine\software\classes\vshare.imedixprotocol.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\vshare.pugiobj Successfully deleted: [Registry Key] hkey_local_machine\software\classes\vshare.pugiobj.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\vshare.scripthelpers Successfully deleted: [Registry Key] hkey_local_machine\software\classes\vshare.scripthelpers.1 Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.BHO Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.BHO.1 Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.Sandbox Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.Sandbox.1 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.BHO Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.BHO.1 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.Sandbox Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.Sandbox.1 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2319825 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2431245 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{043c5167-00bb-4324-af7e-62013faedacf} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{043c5167-00bb-4324-af7e-62013faedacf} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{043c5167-00bb-4324-af7e-62013faedacf} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0fb6a909-6086-458f-bd92-1f8ee10042a0} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0fb6a909-6086-458f-bd92-1f8ee10042a0} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\drivercure" Successfully deleted: [Folder] "C:\Users\urflamingo\AppData\Roaming\drivercure" Successfully deleted: [Folder] "C:\Users\urflamingo\AppData\Roaming\opencandy" Successfully deleted: [Folder] "C:\Users\urflamingo\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\urflamingo\appdata\local\opencandy" Successfully deleted: [Folder] "C:\Users\urflamingo\appdata\locallow\boost_interprocess" Successfully deleted: [Folder] "C:\Users\urflamingo\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\urflamingo\appdata\locallow\vshare" Successfully deleted: [Folder] "C:\Program Files\autocompletepro" Successfully deleted: [Folder] "C:\Program Files\babylon" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\Program Files\vshare" ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" Successfully deleted: [File] C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\user.js Successfully deleted: [File] C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\searchplugins\askcom.xml Successfully deleted: [File] C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\searchplugins\conduit.xml Successfully deleted: [Folder] C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\conduitcommon Successfully deleted the following from C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\prefs.js user_pref("CT2319825..clientLogIsEnabled", false); user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); user_pref("CT2319825.AppTrackingLastCheckTime", "Thu Jan 10 2013 19:00:19 GMT+0100"); user_pref("CT2319825.BrowserCompStateIsOpen_129714600517272937", true); user_pref("CT2319825.BrowserCompStateIsOpen_129784504530494139", true); user_pref("CT2319825.CT2319825", "CT2319825"); user_pref("CT2319825.CurrentServerDate", "8-2-2013"); user_pref("CT2319825.DSChangedManually", false); user_pref("CT2319825.DSInstall", true); user_pref("CT2319825.DSProtectChoice", true); user_pref("CT2319825.DSProtectCount", 15); user_pref("CT2319825.DialogsAlignMode", "LTR"); user_pref("CT2319825.DialogsGetterLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100"); user_pref("CT2319825.DownloadReferralCookieData", ""); user_pref("CT2319825.EMailNotifierPollDate", "Thu Feb 07 2013 22:34:08 GMT+0100"); user_pref("CT2319825.FeedPollDate11908299", "Thu Feb 07 2013 22:34:09 GMT+0100"); user_pref("CT2319825.FirstServerDate", "22-11-2011"); user_pref("CT2319825.FirstTime", true); user_pref("CT2319825.FirstTimeFF3", true); user_pref("CT2319825.FixPageNotFoundErrors", true); user_pref("CT2319825.GroupingServerCheckInterval", 1440); user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); user_pref("CT2319825.HPInstall", true); user_pref("CT2319825.HPProtectChoice", true); user_pref("CT2319825.HPProtectCount", 2); user_pref("CT2319825.HasUserGlobalKeys", true); user_pref("CT2319825.HomePageProtectorEnabled", true); user_pref("CT2319825.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13"); user_pref("CT2319825.Initialize", true); user_pref("CT2319825.InitializeCommonPrefs", true); user_pref("CT2319825.InstallationAndCookieDataSentCount", 3); user_pref("CT2319825.InstallationType", "Unknown"); user_pref("CT2319825.InstalledDate", "Tue Nov 22 2011 11:31:21 GMT+0100"); user_pref("CT2319825.InvalidateCache", false); user_pref("CT2319825.IsAlertDBUpdated", true); user_pref("CT2319825.IsGrouping", false); user_pref("CT2319825.IsInitSetupIni", true); user_pref("CT2319825.IsMulticommunity", false); user_pref("CT2319825.IsOpenThankYouPage", true); user_pref("CT2319825.IsOpenUninstallPage", true); user_pref("CT2319825.IsProtectorsInit", true); user_pref("CT2319825.LanguagePackLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100"); user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440); user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"); user_pref("CT2319825.LastLogin_3.10.0.1", "Wed May 02 2012 15:56:34 GMT+0200"); user_pref("CT2319825.LastLogin_3.12.2.3", "Wed Jun 06 2012 14:55:00 GMT+0200"); user_pref("CT2319825.LastLogin_3.13.0.6", "Wed Jul 18 2012 17:20:25 GMT+0200"); user_pref("CT2319825.LastLogin_3.14.1.0", "Tue Aug 21 2012 16:05:18 GMT+0200"); user_pref("CT2319825.LastLogin_3.15.1.0", "Wed Nov 07 2012 16:49:18 GMT+0100"); user_pref("CT2319825.LastLogin_3.16.0.3", "Thu Feb 07 2013 22:34:09 GMT+0100"); user_pref("CT2319825.LastLogin_3.7.0.6", "Wed Nov 23 2011 13:34:45 GMT+0100"); user_pref("CT2319825.LastLogin_3.8.0.8", "Tue Dec 13 2011 13:30:50 GMT+0100"); user_pref("CT2319825.LastLogin_3.8.1.0", "Wed Jan 18 2012 18:25:02 GMT+0100"); user_pref("CT2319825.LastLogin_3.9.0.3", "Thu Mar 29 2012 12:12:21 GMT+0200"); user_pref("CT2319825.LatestVersion", "3.16.0.3"); user_pref("CT2319825.Locale", "de"); user_pref("CT2319825.MCDetectTooltipHeight", "83"); user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT2319825.MCDetectTooltipWidth", "295"); user_pref("CT2319825.MyStuffEnabledAtInstallation", true); user_pref("CT2319825.OriginalFirstVersion", "3.7.0.6"); user_pref("CT2319825.RadioIsPodcast", false); user_pref("CT2319825.RadioLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100"); user_pref("CT2319825.RadioLastUpdateIPServer", "3"); user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000"); user_pref("CT2319825.RadioMediaID", "11949532"); user_pref("CT2319825.RadioMediaType", "Media Player"); user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532"); user_pref("CT2319825.RadioShrinkedFromSetup", false); user_pref("CT2319825.RadioStationName", "1Live"); user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a"); user_pref("CT2319825.RadioVolume", "62"); user_pref("CT2319825.SavedHomepage", "chrome://branding/locale/browserconfig.properties"); user_pref("CT2319825.SearchCaption", "Winload Customized Web Search"); user_pref("CT2319825.SearchEngineBeforeUnload", "Winload Customized Web Search"); user_pref("CT2319825.SearchFromAddressBarIsInit", true); user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="); user_pref("CT2319825.SearchInNewTabEnabled", true); user_pref("CT2319825.SearchInNewTabIntervalMM", 1440); user_pref("CT2319825.SearchInNewTabLastCheckTime", "Thu Feb 07 2013 22:34:07 GMT+0100"); user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"); user_pref("CT2319825.SearchProtectorEnabled", false); user_pref("CT2319825.SearchProtectorToolbarDisabled", false); user_pref("CT2319825.SendProtectorDataViaLogin", true); user_pref("CT2319825.ServiceMapLastCheckTime", "Thu Feb 07 2013 22:34:08 GMT+0100"); user_pref("CT2319825.SettingsLastCheckTime", "Thu Feb 07 2013 22:34:07 GMT+0100"); user_pref("CT2319825.SettingsLastUpdate", "1360246716"); user_pref("CT2319825.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13"); user_pref("CT2319825.ThirdPartyComponentsInterval", 504); user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Fri Jan 25 2013 13:15:48 GMT+0100"); user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1331806000"); user_pref("CT2319825.ToolbarShrinkedFromSetup", false); user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825"); user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com user_pref("CT2319825.UserID", "UN37060978350400353"); user_pref("CT2319825.ValidationData_Search", 2); user_pref("CT2319825.ValidationData_Toolbar", 2); user_pref("CT2319825.WeatherNetwork", ""); user_pref("CT2319825.WeatherPollDate", "Thu Feb 07 2013 22:34:10 GMT+0100"); user_pref("CT2319825.WeatherUnit", "C"); user_pref("CT2319825.alertChannelId", "715912"); user_pref("CT2319825.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B user_pref("CT2319825.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B user_pref("CT2319825.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D user_pref("CT2319825.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262A442B564B4E3B243D2F2D2F2F33433A45373838615D61406A644F38514341424545574E594B user_pref("CT2319825.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D6850 user_pref("CT2319825.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A66 user_pref("CT2319825.backendstorage./9b+7e06cg5el8:", "6E6D6E6E736E74727672"); user_pref("CT2319825.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473747479747A787C78242F4B49474F42357D5D5C3D"); user_pref("CT2319825.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D user_pref("CT2319825.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A49 user_pref("CT2319825.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D user_pref("CT2319825.backendstorage./9b+7e31;cj2b>f!lad", "247E61393F236B25767279727B2B222D6F4250454E337B353F4F4B532E594E513E3540236055505853565049324B2A2A4E455033707361553E57 user_pref("CT2319825.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D327A344F4849524E562F59593E3540236055505853565049324B2A2A4E4550335F5B6571563 user_pref("CT2319825.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A user_pref("CT2319825.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B user_pref("CT2319825.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B user_pref("CT2319825.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D user_pref("CT2319825.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A395148536775636367757567 user_pref("CT2319825.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B user_pref("CT2319825.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A43 user_pref("CT2319825.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68 user_pref("CT2319825.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A72 user_pref("CT2319825.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A47 user_pref("CT2319825.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D user_pref("CT2319825.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A51 user_pref("CT2319825.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F67757868 user_pref("CT2319825.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C44 user_pref("CT2319825.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C78 user_pref("CT2319825.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57"); user_pref("CT2319825.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D73 user_pref("CT2319825.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B48 user_pref("CT2319825.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D user_pref("CT2319825.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F user_pref("CT2319825.backendstorage./9b-0?3g>d", "676F3C6C726D72747A7676724A2076774B7B25505051532A562754282B262B2D2C283260"); user_pref("CT2319825.backendstorage./9b-0?3g@6:5;", ""); user_pref("CT2319825.backendstorage./9b-0?3gfa7ef", "2B2E2C3D"); user_pref("CT2319825.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C6675 user_pref("CT2319825.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576"); user_pref("CT2319825.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750"); user_pref("CT2319825.backendstorage./9b5ba==9cjag", "3B693D6A6F7344407A7472717577744B204E217A7A"); user_pref("CT2319825.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6E6E736E74727576777A7B"); user_pref("CT2319825.backendstorage./9b9643g3/9e", "6A"); user_pref("CT2319825.backendstorage./9b<:222h64<", "393F352F3E"); user_pref("CT2319825.backendstorage./9b=+03eh8h8j?:", "4443"); user_pref("CT2319825.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52"); user_pref("CT2319825.backendstorage./9b?b0d:8aj62<h", "6D"); user_pref("CT2319825.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B"); user_pref("CT2319825.backendstorage.autocompletepro_enable", "31"); user_pref("CT2319825.backendstorage.autocompletepro_enable_auto", "31"); user_pref("CT2319825.backendstorage.id", "3330363638353632"); user_pref("CT2319825.backendstorage.shoppingapp.gk.exipres", "53756E2041707220313520323031322031343A33363A353220474D542B30323030"); user_pref("CT2319825.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79"); user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100"); user_pref("CT2319825.homepageProtectorEnableByLogin", true); user_pref("CT2319825.initDone", true); user_pref("CT2319825.isAppTrackingManagerOn", false); user_pref("CT2319825.isFirstRadioInstallation", false); user_pref("CT2319825.myStuffEnabled", true); user_pref("CT2319825.myStuffPublihserMinWidth", 400); user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); user_pref("CT2319825.myStuffServiceIntervalMM", 1440); user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); user_pref("CT2319825.oldAppsList", "128898076802619665,128898076802619666,111,1000082,129769053852558608,129309281463312841,129264494738128351,128903248917881403,1291363905724 user_pref("CT2319825.revertSettingsEnabled", true); user_pref("CT2319825.searchProtectorDialogDelayInSec", 10); user_pref("CT2319825.searchProtectorEnableByLogin", true); user_pref("CT2319825.testingCtid", ""); user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100"); user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Mon Jan 28 2013 19:08:56 GMT+0100"); user_pref("CT2319825.usagesFlag", 2); user_pref("CT2431245..clientLogIsEnabled", false); user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT2431245.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); user_pref("CT2431245.AppTrackingLastCheckTime", "Mon Jan 28 2013 19:22:01 GMT+0100"); user_pref("CT2431245.BrowserCompStateIsOpen_129453394044193841", true); user_pref("CT2431245.BrowserCompStateIsOpen_129633225487491098", true); user_pref("CT2431245.BrowserCompStateIsOpen_129659302539581540", true); user_pref("CT2431245.BrowserCompStateIsOpen_129682601309982614", true); user_pref("CT2431245.BrowserCompStateIsOpen_129780209672379590", true); user_pref("CT2431245.BrowserCompStateIsOpen_129790544018252482", true); user_pref("CT2431245.CT2431245", "CT2431245"); user_pref("CT2431245.CurrentServerDate", "8-2-2013"); user_pref("CT2431245.DSInstall", false); user_pref("CT2431245.DialogsAlignMode", "LTR"); user_pref("CT2431245.DialogsGetterLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100"); user_pref("CT2431245.DownloadReferralCookieData", ""); user_pref("CT2431245.EMailNotifierPollDate", "Thu Feb 07 2013 22:34:07 GMT+0100"); user_pref("CT2431245.FirstServerDate", "23-11-2011"); user_pref("CT2431245.FirstTime", true); user_pref("CT2431245.FirstTimeFF3", true); user_pref("CT2431245.FixPageNotFoundErrors", false); user_pref("CT2431245.GroupingServerCheckInterval", 1440); user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); user_pref("CT2431245.HPInstall", false); user_pref("CT2431245.HasUserGlobalKeys", true); user_pref("CT2431245.HomePageProtectorEnabled", false); user_pref("CT2431245.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13"); user_pref("CT2431245.Initialize", true); user_pref("CT2431245.InitializeCommonPrefs", true); user_pref("CT2431245.InstallationAndCookieDataSentCount", 3); user_pref("CT2431245.InstallationType", "Unknown"); user_pref("CT2431245.InstalledDate", "Wed Nov 23 2011 13:34:52 GMT+0100"); user_pref("CT2431245.InvalidateCache", false); user_pref("CT2431245.IsAlertDBUpdated", true); user_pref("CT2431245.IsGrouping", false); user_pref("CT2431245.IsInitSetupIni", true); user_pref("CT2431245.IsMulticommunity", false); user_pref("CT2431245.IsOpenThankYouPage", true); user_pref("CT2431245.IsOpenUninstallPage", true); user_pref("CT2431245.IsProtectorsInit", true); user_pref("CT2431245.LanguagePackLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100"); user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440); user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"); user_pref("CT2431245.LastLogin_3.10.0.1", "Sat Apr 28 2012 17:57:24 GMT+0200"); user_pref("CT2431245.LastLogin_3.11.0.3", "Mon May 07 2012 14:50:52 GMT+0200"); user_pref("CT2431245.LastLogin_3.12.2.3", "Fri May 25 2012 14:09:40 GMT+0200"); user_pref("CT2431245.LastLogin_3.13.0.6", "Wed Jul 18 2012 17:20:17 GMT+0200"); user_pref("CT2431245.LastLogin_3.14.1.0", "Tue Aug 21 2012 16:05:13 GMT+0200"); user_pref("CT2431245.LastLogin_3.15.1.0", "Wed Nov 07 2012 16:49:22 GMT+0100"); user_pref("CT2431245.LastLogin_3.16.0.3", "Thu Feb 07 2013 22:34:08 GMT+0100"); user_pref("CT2431245.LastLogin_3.8.0.8", "Tue Dec 13 2011 13:30:45 GMT+0100"); user_pref("CT2431245.LastLogin_3.8.1.0", "Tue Jan 10 2012 00:33:26 GMT+0100"); user_pref("CT2431245.LastLogin_3.9.0.3", "Wed Feb 22 2012 18:10:19 GMT+0100"); user_pref("CT2431245.LatestVersion", "3.16.0.3"); user_pref("CT2431245.Locale", "de-de"); user_pref("CT2431245.MCDetectTooltipHeight", "83"); user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT2431245.MCDetectTooltipWidth", "295"); user_pref("CT2431245.MyStuffEnabledAtInstallation", true); user_pref("CT2431245.OriginalFirstVersion", "3.8.0.8"); user_pref("CT2431245.RadioIsPodcast", false); user_pref("CT2431245.RadioLastCheckTime", "Thu Feb 07 2013 22:34:08 GMT+0100"); user_pref("CT2431245.RadioLastUpdateIPServer", "3"); user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000"); user_pref("CT2431245.RadioMediaID", "20503675"); user_pref("CT2431245.RadioMediaType", "Media Player"); user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT2431245_RECENT20503675"); user_pref("CT2431245.RadioShrinkedFromSetup", false); user_pref("CT2431245.RadioStationName", "DeutschlandRadio"); user_pref("CT2431245.RadioStationURL", "hxxp://www.dradio.de/streaming/dlr.asx"); user_pref("CT2431245.RadioVolume", "69"); user_pref("CT2431245.SHRINK_TOOLBAR", 1); user_pref("CT2431245.SearchCaption", "softonic-de3 Customized Web Search"); user_pref("CT2431245.SearchEngineBeforeUnload", "foxsearch"); user_pref("CT2431245.SearchFromAddressBarIsInit", true); user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="); user_pref("CT2431245.SearchInNewTabEnabled", true); user_pref("CT2431245.SearchInNewTabIntervalMM", 1440); user_pref("CT2431245.SearchInNewTabLastCheckTime", "Thu Feb 07 2013 22:34:06 GMT+0100"); user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"); user_pref("CT2431245.SearchProtectorEnabled", false); user_pref("CT2431245.SearchProtectorToolbarDisabled", false); user_pref("CT2431245.SendProtectorDataViaLogin", true); user_pref("CT2431245.ServiceMapLastCheckTime", "Thu Feb 07 2013 22:34:08 GMT+0100"); user_pref("CT2431245.SettingsLastCheckTime", "Thu Feb 07 2013 22:34:06 GMT+0100"); user_pref("CT2431245.SettingsLastUpdate", "1360246760"); user_pref("CT2431245.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13"); user_pref("CT2431245.ThirdPartyComponentsInterval", 504); user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Fri Jan 25 2013 13:15:51 GMT+0100"); user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1331806000"); user_pref("CT2431245.ToolbarShrinkedFromSetup", false); user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2431245"); user_pref("CT2431245.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com user_pref("CT2431245.UserID", "UN51380587381198388"); user_pref("CT2431245.ValidationData_Search", 2); user_pref("CT2431245.ValidationData_Toolbar", 2); user_pref("CT2431245.alertChannelId", "825452"); user_pref("CT2431245.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B user_pref("CT2431245.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B user_pref("CT2431245.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D user_pref("CT2431245.backendstorage./9b+7e.:2z527", "2423"); user_pref("CT2431245.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D6850 user_pref("CT2431245.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A66 user_pref("CT2431245.backendstorage./9b+7e06cg5el8:", "6E6D6B72717072747775"); user_pref("CT2431245.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747371787776787A7D7B242F4B49474F42357D5D5C3D"); user_pref("CT2431245.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D user_pref("CT2431245.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A49 user_pref("CT2431245.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D user_pref("CT2431245.backendstorage./9b+7e31;cj0j@l@ka$nn", "247E61393F236B25707879742A212C6E414F444D327A343C564C584C574D305A5A3F364124615651595457514A334C2B2B4F46513471746256 user_pref("CT2431245.backendstorage./9b+7e31;cj1<7;jjmb?kee)ss", "247E61393F236B256F7877732A212C6E414F444D327A343D4843475656594E4B575151355F5F443B4629665B565E595C564F385130305 user_pref("CT2431245.backendstorage./9b+7e31;cj2b>f!lad", "247E61393F236B25767279727B2B222D6F4250454E337B353F4F4B532E594E513E3540236055505853565049324B2A2A4E455033707361553E57 user_pref("CT2431245.backendstorage./9b+7e31;cj4<hlh@bl%oo", "247E61393F236B256F78757A2A212C6E414F444D327A3440485458544C4E58315B5B403742256257525A5558524B344D2C2C5047523572756 user_pref("CT2431245.backendstorage./9b+7e31;cj77=;i\"oabgo(shk", "247E61393F236B25737573712A212C6E414F444D327A3443434947552E5B4D4E535B345F5457443B4629665B565E595C564F38517E22 user_pref("CT2431245.backendstorage./9b+7e31;cj7;k;:@a$nn", "247E61393F236B25727275712A212C6E414F444D327A3443475747464C4D305A5A3F364124615651595457514A334C2B2B4F46513471746256 user_pref("CT2431245.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6E414F444D327A344352574757532F5A4F515C4C594F3762575A473E492C58545E6A4F38513C user_pref("CT2431245.backendstorage./9b+7e31;cj8bie:fi%?plfqi,nkxtxp2\\\\", "247E61393F236B257673707A7A2B222D6F4250454E337B35454F5652475356324C5D59535E56395B586561655D3F69694E user_pref("CT2431245.backendstorage./9b+7e31;cj:?7:!habkgo(shk", "247E61393F236B257671717A742B222D6F4250454E337B35474C44472E554E4F58545C35605558453C472A676A584C354E403B5148533 user_pref("CT2431245.backendstorage./9b+7e31;cj;78>!kk", "247E61393F236B25747177792A212C6E414F444D327A344743444A2D57573C333E215E534E5651544E47304928284C434E315D5E67533C5544574 user_pref("CT2431245.backendstorage./9b+7e31;cj=2hl5<#mm", "247E61393F236B25717170742A212C6E414F444D327A34493E545841482F59593E3540236055505853565049324B2A2A4E455033707361553E5 user_pref("CT2431245.backendstorage./9b+7e31;cj=<jdbkg>od?gbrf,vv", "247E61393F236B2575777374722B222D6F4250454E337B354A4957514F58544B5C514C544F5F53396363483F4A5C5B5F6B5B6E5E52 user_pref("CT2431245.backendstorage./9b+7e31;cj=hkgij#ncf", "247E61393F236B256F6F73772A212C6E414F444D327A344954575355562F5A4F523F364124615651595457514A334C797C4F46513471746256 user_pref("CT2431245.backendstorage./9b+7e31;cj=jed6\"mbe", "247E61393F236B25717174782A212C6E414F444D327A3449565150422E594E513E3540236055505853565049324B2A2A4E455033707361553E user_pref("CT2431245.backendstorage./9b+7e31;cj?b9:mi>bk&pp", "247E61393F236B2576727379792B222D6F4250454E337B354C4F46475A564B4F58335D5D423944276459545C575A544D364F2E2E52495437 user_pref("CT2431245.backendstorage./9b+7e31;cjb<=9;:g=m&qfi", "247E61393F236B25766F7178792B222D6F4250454E337B354F494A464847544A5A335E5356433A4528655A555D585B554E37507D21534A5 user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D327A344F4849524E562F59593E3540234F4B5561462F48334A414C2F6B616E73706568666B7 user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444D327A344F4849524E562F5A4F523F364124504C56624730493B4B424D306C626F7471666967 user_pref("CT2431245.backendstorage./9b+7e31;cjc<g;:5#mm", "247E61393F236B25717270792A212C6E414F444D327A344F48534746412F59593E3540236055505853565049324B2A2A4E455033707361553E5 user_pref("CT2431245.backendstorage./9b+7e31;cjcf8;i<@bd@o(shk", "247E61393F236B257578747A722B222D6F4250454E337B355053454856494D4F514D5C35605558453C472A675C575F5A5D57503952202 user_pref("CT2431245.backendstorage./9b+7e31;cjdj8k?6#ncf", "247E61393F236B2576777276792B222D6F4250454E337B35515745584C43305B5053403742256257525A5558524B344D2C2C50475235727563 user_pref("CT2431245.backendstorage./9b+7e31;cje7=;?\"ll", "247E61393F236B2576727871782B222D6F4250454E337B3552444A484C2F59593E3540236055505853565049324B2A2A4E455033707361553E5 user_pref("CT2431245.backendstorage./9b+7e31;cje7=;?\"mbe", "247E61393F236B25766F747A722B222D6F4250454E337B3552444A484C2F5A4F523F364124615651595457514A334C797C4F46513471746256 user_pref("CT2431245.backendstorage./9b+7e31;cjeik4!kk", "247E61393F236B25767177722A212C6E414F444D327A34515557402D57573C333E215E534E5651544E47304928284C434E315D5E67533C5546455 user_pref("CT2431245.backendstorage./9b+7e31;cjf9glaga>>&qfi", "247E61393F236B25767078787B2B222D6F4250454E337B35534654594E544E4B4B335E5356433A4528655A555D585B554E37507D21534A5 user_pref("CT2431245.backendstorage./9b+7e31;cjfj8lljmfma'qq", "247E61393F236B25717278712A212C6E414F444D327A345256445858565952594D335D5D423944276459545C575A544D364F2E2E5249543 user_pref("CT2431245.backendstorage./9b+7e31;cjg9gl:j=aqpo(shk", "247E61393F236B257670727A732B222D6F4250454E337B355446545947574A4E5E5D5C35605558453C472A675C575F5A5D57503952202 user_pref("CT2431245.backendstorage./9b+7e31;cjg<:hb\"mbe", "247E61393F236B25767571752A212C6E414F444D327A34534846544E2E594E513E3540236055505853565049324B787B4E455033707361553E user_pref("CT2431245.backendstorage./9b+7e31;cjg<>::nb=odfautd,wlo", "247E61393F236B2575777675742B222D6F4250454E337B3554494B47475B4F4A5C51534E6261513964595C49404B2E6B605B635E6 user_pref("CT2431245.backendstorage./9b+7e31;cjhf>jfbo?gngtmk+vkn", "247E61393F236B2575787272792B222D6F4250454E337B3555534B57534F5C4C545B54615A583863585B483F4A2D6A5F5A625D605A user_pref("CT2431245.backendstorage./9b+7e31;cjhf@k?@b$nn", "247E61393F236B2576727777752B222D6F4250454E337B3555534D584C4D4F315B5B403742256257525A5558524B344D2C2C50475235727563 user_pref("CT2431245.backendstorage./9b+7e31;cji8a k@c", "247E61393F236B256F75287E2A6C3F4D424B30783253424B2A554A4D3A313C7E4B47515D422B4436463D482B5758614D364F3E514853656468746 user_pref("CT2431245.backendstorage./9b+7e31;cji;<ai\"mbe", "247E61393F236B256E7378762A212C6E414F444D327A345547484D552E594E513E3540236055505853565049324B787B4E455033707361553E user_pref("CT2431245.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078325348553D494B2D57573C333E215E534E5651544E47304928284C434E315D5E67533C55445 user_pref("CT2431245.backendstorage./9b+7e31;cji>k3?a#ncf", "247E61393F236B257678287E2A6C3F4D424B3078325348553D494B2D584D503D343F224E4F58442D4635483F4A575B624E3756513462705E78 user_pref("CT2431245.backendstorage./9b+7e31;cjig=ki\"mbe", "247E61393F236B2574717829202B6D404E434C31793354524856542D584D503D343F225F6250442D46383649404B2E5A5B645039524342554C user_pref("CT2431245.backendstorage./9b+7e31;cjih:>@f=$odg", "247E61393F236B2576757975772B222D6F4250454E337B355655474B4D534A315C5154413843266358535B5659534C354E7B7E51485336737 user_pref("CT2431245.backendstorage./9b+7e31;cjs>=keck$nn", "247E61393F236B25717470752A212C6E414F444D327A34204A4957514F57305A5A3F364124615651595457514A334C2B2B4F46513471746256 user_pref("CT2431245.backendstorage./9b+7e31;cjwy{b?lhld&@?", "247E61393F236B2576737776792B222D6F4250454E337B352527294F4C59555951334D4C423944276459545C575A544D364F2E2E52495437 user_pref("CT2431245.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A user_pref("CT2431245.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B user_pref("CT2431245.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B user_pref("CT2431245.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D user_pref("CT2431245.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F user_pref("CT2431245.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B user_pref("CT2431245.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A43 user_pref("CT2431245.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68 user_pref("CT2431245.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A72 user_pref("CT2431245.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A47 user_pref("CT2431245.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D user_pref("CT2431245.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A51 user_pref("CT2431245.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F67757868 user_pref("CT2431245.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C44 user_pref("CT2431245.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C78 user_pref("CT2431245.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57"); user_pref("CT2431245.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D73 user_pref("CT2431245.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B48 user_pref("CT2431245.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D user_pref("CT2431245.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D user_pref("CT2431245.backendstorage./9b-0?3g>d", "676F696B6F3F41437A77757575207A7C7C7C25797B7B532A212826565A575A2B295C2D2C"); user_pref("CT2431245.backendstorage./9b-0?3g@6:5;", ""); user_pref("CT2431245.backendstorage./9b-0?3gfa7ef", "2B2E2C3D"); user_pref("CT2431245.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059"); user_pref("CT2431245.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576"); user_pref("CT2431245.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750"); user_pref("CT2431245.backendstorage./9b5ba==9cjag", "6F6D3F3E6C6B756D7A4679767374774D7E7E7A7A21"); user_pref("CT2431245.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B72717072756E72717372"); user_pref("CT2431245.backendstorage./9b9643g3/9e", "6A"); user_pref("CT2431245.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D"); user_pref("CT2431245.backendstorage./9b<:222h64<", "393F352F3E"); user_pref("CT2431245.backendstorage./9b=+03eh8h8j?:", "4443"); user_pref("CT2431245.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52"); user_pref("CT2431245.backendstorage./9b?b0d:8aj62<h", "6D"); user_pref("CT2431245.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B"); user_pref("CT2431245.backendstorage.autocompletepro_enable", "31"); user_pref("CT2431245.backendstorage.autocompletepro_enable_auto", "31"); user_pref("CT2431245.backendstorage.cb_experience_000", "3837"); user_pref("CT2431245.backendstorage.cb_firstuse0100", "31"); user_pref("CT2431245.backendstorage.cb_user_id_000", "434239373634343739333439395F46697265666F78"); user_pref("CT2431245.backendstorage.cbcountry_000", "4445"); user_pref("CT2431245.backendstorage.cbcountry_001", "4445"); user_pref("CT2431245.backendstorage.cbfirsttime", "4D6F6E2041707220313620323031322031353A33303A343420474D542B30323030"); user_pref("CT2431245.backendstorage.cbopenmamsettings", "30"); user_pref("CT2431245.backendstorage.ct2431245ads1", "25374225323261647325323225334125354225374225323261696425323225334125323236323138382532322532432532327469746C65253232253341 user_pref("CT2431245.backendstorage.ct2431245current_term", ""); user_pref("CT2431245.backendstorage.ct2431245isadsdisabled", "66616C7365"); user_pref("CT2431245.backendstorage.ct2431245sdate", "37"); user_pref("CT2431245.backendstorage.for_aoi", "31333232303535323033"); user_pref("CT2431245.backendstorage.for_ccid", "6E756C6C"); user_pref("CT2431245.backendstorage.for_cdtr2", "31333232303535323033"); user_pref("CT2431245.backendstorage.for_cid", "4445"); user_pref("CT2431245.backendstorage.for_ip", "37382E34392E36342E3439"); user_pref("CT2431245.backendstorage.for_lcut", "31333630323732383532"); user_pref("CT2431245.backendstorage.for_rid", "3037"); user_pref("CT2431245.backendstorage.for_zoneid", "39353933"); user_pref("CT2431245.backendstorage.hxxp://www_safari-extensions_de/toolbar.magix.com", "31333437303232303232343632"); user_pref("CT2431245.backendstorage.hxxp://www_safari-extensions_de/toolbar.mydays.de", "31333538303938363531393731"); user_pref("CT2431245.backendstorage.nullads1", "25374225323261647325323225334125354225374225323261696425323225334125323236373033312532322532432532327469746C6525323225334125323 user_pref("CT2431245.backendstorage.nullcurrent_term", "6875617765692B7461626C6574"); user_pref("CT2431245.backendstorage.nullsdate", "39"); user_pref("CT2431245.backendstorage.pg_enable", "74727565"); user_pref("CT2431245.backendstorage.printitgreenstatus", "74727565"); user_pref("CT2431245.backendstorage.shoppingapp.gk.exipres", "467269204F637420313220323031322031383A34393A333220474D542B30323030"); user_pref("CT2431245.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79"); user_pref("CT2431245.backendstorage.url_history0001", "687474703A2F2F7777772E766964656F6C616E2E6F72672F766C632F66656174757265732E68746D6C3A3A3A636C69636B68616E646C65723A3A3A31 user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP user_pref("CT2431245.globalFirstTimeInfoLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100"); user_pref("CT2431245.homepageProtectorEnableByLogin", true); user_pref("CT2431245.initDone", true); user_pref("CT2431245.isAppTrackingManagerOn", false); user_pref("CT2431245.isFirstRadioInstallation", false); user_pref("CT2431245.myStuffEnabled", true); user_pref("CT2431245.myStuffPublihserMinWidth", 400); user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); user_pref("CT2431245.myStuffServiceIntervalMM", 1440); user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); user_pref("CT2431245.oldAppsList", "129009402577063104,129009402577844366,111,129790544018252482,129453393923725944,129453393922944692,129530497903908208,1000082,1290094025931 user_pref("CT2431245.revertSettingsEnabled", true); user_pref("CT2431245.searchProtectorDialogDelayInSec", 10); user_pref("CT2431245.searchProtectorEnableByLogin", true); user_pref("CT2431245.testingCtid", ""); user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100"); user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Mon Jan 28 2013 19:21:46 GMT+0100"); user_pref("CT2431245.usagesFlag", 2); user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13"); user_pref("CommunityToolbar.ConduitSearchList", "Winload Customized Web Search"); user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825", "\"6fac5a5ccc889c93a8aa363145b0ff3e3\""); user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245", "\"c998820adac1fe0de37caddbbdd30f253\""); user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\""); user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\""); user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", "\"0\""); user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", "\"1334580802\""); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "wVmmvqqOMqrv5xct1cJIHg=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "oIwsta2spzadhjRgiY1Nhw=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de-de", "xVl2ui1iX6CDJwlhoXazeQ=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "0uSPYx+Kl2jpu8sJZMeHjw=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "pMJrsOAIrcWADPEnEML9WA=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de-de", "pMJrsOAIrcWADPEnEML9WA=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "Dclc8oo4TTv7+mAkSlUSWg=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "9H/gICSaMqbmx+Gd+8W4Sg=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de-de", "U5mhHQKIYvMC666+kpF/Lw=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "K4Vqu91uAzWURlxJRdXJOg=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "Dq4oDE7bC6X7ZY06mrKiog=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de-de", "Dq4oDE7bC6X7ZY06mrKiog=="); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11.0.3", "\"4ead38b3e6bcd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"4ead38b3e6bcd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825", "\"e6715935bc61d8502735ee5f6c368a10\""); user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245", "\"e6715935bc61d8502735ee5f6c368a10\""); user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=CT2319825", "\"1321973106\""); user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2431245&octid=CT2431245", "\"1322734466\""); user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"1e001cf3dece04c518486f09a85ba2f9\""); user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"25e159cf149328da32047744404cb139\""); user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"06f678f209fb37444851b5c9a29096e4\""); user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\urflamingo\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\4zz1pslt.default\\conduitCommon\\modules\\3.16.0.3") user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3"); user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_6d9a862f", "356x332"); user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_ef8737ec", "356x332"); user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="); user_pref("CommunityToolbar.ToolbarsList", "CT2319825,CT2431245"); user_pref("CommunityToolbar.ToolbarsList2", "CT2319825,CT2431245"); user_pref("CommunityToolbar.ToolbarsList4", "CT2319825,CT2431245"); user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100"); user_pref("CommunityToolbar.globalUserId", "7e94f204-65f9-4c1d-9fe8-8ec2cda18057"); user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825"); user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Feb 04 2013 21:53:26 GMT+0100"); user_pref("CommunityToolbar.notifications.alertEnabled", true); user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Feb 07 2013 22:34:15 GMT+0100"); user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true); user_pref("CommunityToolbar.notifications.locale", "en"); user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Feb 07 2013 22:34:08 GMT+0100"); user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); user_pref("CommunityToolbar.notifications.showTrayIcon", false); user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); user_pref("CommunityToolbar.notifications.userId", "6ebe319b-0842-443a-8b73-7483fcdd92f6"); user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); user_pref("CommunityToolbar.originalSearchEngine", "foxsearch"); user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search"); user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"); user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13"); user_pref("extensions.BabylonToolbar_i.aflt", "babclient"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.babTrack", ""); user_pref("extensions.BabylonToolbar_i.hardId", "70567fb10000000000000016ea79b5bc"); user_pref("extensions.BabylonToolbar_i.id", "70567fb10000000000000016ea79b5bc"); user_pref("extensions.BabylonToolbar_i.instlDay", "15452"); user_pref("extensions.BabylonToolbar_i.instlRef", "std"); user_pref("extensions.BabylonToolbar_i.newTab", true); user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_def"); user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.srcExt", "def"); user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1713:57:20"); user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); user_pref("extensions.crossriderapp21810.adsOldValue", -1); user_pref("extensions.seoquake.params.370.icon", "AAABAAEAEBAAAAAAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAD///8B////Af///wHp6en/ubm5/4ODg/+JiYn/YmJi/ user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="); Emptied folder: C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\minidumps [68 files] ~~~ Chrome Successfully deleted: [Folder] C:\Users\urflamingo\appdata\local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\defdhglnppeioeflggkmglipcecffkhk ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07.02.2013 at 22:54:24,12 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Und hier Adw Cleaner No1:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.111 - Datei am 07/02/2013 um 23:39:02 erstellt # Aktualisiert am 05/02/2013 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : urflamingo - MM-PC # Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung # Ausgeführt unter : C:\Users\urflamingo\Downloads\adwcleaner (1).exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\halffneccaebicfdfajnbfgpglahfgoe ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v18.0.2 (de) Datei : C:\Users\urflamingo\AppData\Roaming\Mozilla\Firefox\Profiles\4zz1pslt.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v24.0.1312.57 Datei : C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v11.10.2092.0 Datei : C:\Users\urflamingo\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [1203 octets] - [07/02/2013 23:39:02] AdwCleaner[S1].txt - [39785 octets] - [07/02/2013 23:29:30] ########## EOF - C:\AdwCleaner[R1].txt - [1324 octets] ########## und hier Adw Cleaner No2:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.111 - Datei am 07/02/2013 um 23:50:00 erstellt # Aktualisiert am 05/02/2013 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : urflamingo - MM-PC # Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung # Ausgeführt unter : C:\Users\urflamingo\Downloads\adwcleaner (1).exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v18.0.2 (de) Datei : C:\Users\urflamingo\AppData\Roaming\Mozilla\Firefox\Profiles\4zz1pslt.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v24.0.1312.57 Datei : C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v11.10.2092.0 Datei : C:\Users\urflamingo\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [1393 octets] - [07/02/2013 23:39:02] AdwCleaner[R2].txt - [1134 octets] - [07/02/2013 23:50:00] AdwCleaner[S1].txt - [39785 octets] - [07/02/2013 23:29:30] AdwCleaner[S2].txt - [1455 octets] - [07/02/2013 23:41:47] ########## EOF - C:\AdwCleaner[R2].txt - [1315 octets] ########## Schritt 3 habe ich nicht ausgeführt, weil er nur auf ausdrückliche Anweisung ausgeführt werden soll. Mit dankbarem Gruß Urflamingo Hallo Matthias, das mit Schritt 3 hatte ich zunächst falsch verstanden. Natürlich war Combofix von Dir veranlasst. Habe Combofix installiert und laufen lassen. Etwas irritiert war ich, dass mir Combofix immer gesagt hat, dass McAfee Antivirus + Spyware aktiviert sei, obwohl sowohl Scans als auch Firewall deaktiviert waren. Im Anschluss hat Combofix einen automatischen Restart veranlasst, wonach sich Windows dann aber an der üblichen Stelle (Willkommens-Bildschirm) wieder aufgehängt hat. Hier die Combofix-Log-Datei: Combofix Logfile: Code:
ATTFilter ComboFix 13-02-07.02 - urflamingo 08.02.2013 14:11:16.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2043 [GMT 1:00] ausgeführt von:: c:\users\urflamingo\Downloads\ComboFix.exe AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . ADS - Windows: deleted 128 bytes in 1 streams. . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Acer\Acer Bio Protection\PwdFilter.dll c:\programdata\1993A8905C.sys c:\users\urflamingo\AppData\Local\404.php c:\users\urflamingo\AppData\Local\assembly\tmp c:\users\urflamingo\AppData\Local\fvtledlc.exe c:\users\urflamingo\AppData\Local\LICENSE.TXT c:\users\urflamingo\AppData\Roaming\1&1 c:\users\urflamingo\AppData\Roaming\1&1\1&1 EasyLogin\customer.xml c:\users\urflamingo\AppData\Roaming\1&1\1&1 EasyLogin\EasyLogin.log c:\users\urflamingo\AppData\Roaming\1&1\1&1 EasyLogin\update\EasyLogin_setup_DE.exe c:\users\urflamingo\g2mdlhlpx.exe c:\users\urflamingo\Media c:\users\urflamingo\Media\cache\headway.css c:\users\urflamingo\Media\cache\images\index.html c:\users\urflamingo\Media\cache\leafs.css c:\users\urflamingo\Media\cache\scripts.js c:\users\urflamingo\Media\css\breadcrumbs.css c:\users\urflamingo\Media\css\comments.css c:\users\urflamingo\Media\css\entries.css c:\users\urflamingo\Media\css\footer.css c:\users\urflamingo\Media\css\forms.css c:\users\urflamingo\Media\css\global.css c:\users\urflamingo\Media\css\header.css c:\users\urflamingo\Media\css\ie\ie.css c:\users\urflamingo\Media\css\ie\ie6.css c:\users\urflamingo\Media\css\ie\ie7.css c:\users\urflamingo\Media\css\leafs.css c:\users\urflamingo\Media\css\misc\bare-elements.css c:\users\urflamingo\Media\css\misc\print.css c:\users\urflamingo\Media\css\navigation.css c:\users\urflamingo\Media\css\plugins.css c:\users\urflamingo\Media\css\specific-leafs.css c:\users\urflamingo\Media\css\widgets.css c:\users\urflamingo\Media\css\wrapper.css c:\users\urflamingo\Media\images\blockquote.gif c:\users\urflamingo\Media\images\email.gif c:\users\urflamingo\Media\images\rss.gif c:\users\urflamingo\Media\images\social\facebook.png c:\users\urflamingo\Media\images\social\feed.png c:\users\urflamingo\Media\images\social\friendfeed.png c:\users\urflamingo\Media\images\social\linkedin.png c:\users\urflamingo\Media\images\social\stumbleupon.png c:\users\urflamingo\Media\images\social\twitter.png c:\users\urflamingo\Media\images\social\vimeo.png c:\users\urflamingo\Media\images\social\youtube.png c:\users\urflamingo\Media\index.php c:\users\urflamingo\Media\js\equal-columns.js c:\users\urflamingo\Media\js\ie6.js c:\users\urflamingo\Media\js\libraries\jquery.cycle.js c:\users\urflamingo\Media\js\libraries\unitpngfix\clear.gif c:\users\urflamingo\Media\js\libraries\unitpngfix\unitpngfix.js c:\windows\Hook.dll c:\windows\system32\drivers\tcpip.copy c:\windows\system32\spool\prtprocs\w32x86\ActPrint.dll c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe c:\windows\wininit.ini . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-08 bis 2013-02-08 )))))))))))))))))))))))))))))) . . 2013-02-08 13:21 . 2013-02-08 13:33 -------- d-----w- c:\users\urflamingo\AppData\Local\temp 2013-02-08 13:21 . 2013-02-08 13:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-07 22:06 . 2013-02-07 22:06 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-02-07 21:50 . 2013-02-07 21:50 -------- d-----w- c:\windows\ERUNT 2013-02-07 21:48 . 2013-02-07 21:48 -------- dc----w- C:\JRT 2013-02-06 23:21 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-06 20:56 . 2013-02-06 20:56 -------- d-----w- c:\users\urflamingo\AppData\Roaming\Malwarebytes 2013-02-06 20:56 . 2013-02-06 20:56 -------- d-----w- c:\programdata\Malwarebytes 2013-02-06 20:56 . 2013-02-06 23:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-05 17:10 . 2013-02-05 17:11 -------- d-----w- c:\users\urflamingo\AppData\Roaming\vlc 2013-02-05 17:08 . 2013-02-05 17:08 -------- d-----w- c:\program files\VideoLAN 2013-02-03 11:05 . 2013-02-03 11:04 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-30 22:42 . 2013-01-30 22:42 -------- d-----w- c:\program files\CdCoverCreator 2013-01-30 22:18 . 2013-01-30 22:18 -------- d-----w- c:\users\urflamingo\AppData\Roaming\DSite 2013-01-30 15:25 . 2013-01-30 15:25 -------- d-----w- c:\users\urflamingo\Corel 2013-01-30 15:18 . 2010-11-16 15:24 13880 ----a-w- c:\windows\system32\drivers\regi.sys 2013-01-28 18:04 . 2013-01-30 18:29 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-01-28 18:03 . 2013-01-28 18:03 -------- d--h--w- c:\programdata\Common Files 2013-01-28 18:01 . 2013-01-28 18:01 -------- d-----w- c:\program files\Common Files\Nero 2013-01-28 18:00 . 2013-01-28 18:03 -------- d-----w- c:\programdata\Nero 2013-01-28 17:57 . 2013-01-28 18:03 -------- d-----w- c:\program files\Nero 2013-01-19 00:30 . 2013-01-19 00:30 -------- d-----w- c:\program files\Miracle Squeeze Page Builder 2013-01-19 00:23 . 2013-01-19 00:23 -------- d-----w- c:\program files\PinDetective 2013-01-19 00:13 . 2013-01-19 00:13 -------- d-----w- c:\program files\PinAutomation - Affiliate Robot 2013-01-18 00:40 . 2013-01-18 00:40 -------- d-----w- c:\program files\Citrix 2013-01-13 23:34 . 2010-02-02 11:30 331136 ----a-w- c:\windows\EMVUn.EXE 2013-01-13 23:34 . 2013-01-13 23:34 -------- d-----w- c:\program files\E-MailVerifier 2013-01-13 23:33 . 2013-01-13 23:33 -------- d-----w- c:\users\urflamingo\AppData\Roaming\SuperMailer 2013-01-13 23:33 . 2010-03-17 09:45 331136 ----a-w- c:\windows\SMUn.EXE 2013-01-13 23:33 . 2013-01-13 23:33 -------- d-----w- c:\program files\SuperMailer 2013-01-13 17:05 . 2013-01-13 17:05 -------- d-----w- c:\users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 2013-01-13 17:03 . 2013-01-13 17:03 -------- d-----w- c:\program files\Market Samurai 2013-01-09 22:52 . 2013-01-09 22:52 -------- dc----w- C:\Betriebssystem . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-03 11:04 . 2012-11-06 15:51 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-03 11:04 . 2011-07-11 10:52 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-08 23:33 . 2012-07-31 12:10 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-08 23:33 . 2011-08-09 09:59 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-31 11:31 . 2012-12-31 11:31 170752 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-12-31 11:31 . 2012-12-31 11:31 76768 ----a-w- c:\windows\system32\drivers\fltsrv.sys 2012-12-16 13:12 . 2012-12-22 13:23 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2012-12-22 13:23 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-11-23 01:35 . 2013-01-09 12:53 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-11-20 04:22 . 2013-01-09 12:51 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-11-14 02:09 . 2012-12-13 11:10 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58 . 2012-12-13 11:10 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 11:10 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49 . 2012-12-13 11:10 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 11:10 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44 . 2012-12-13 11:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2012-11-13 01:29 . 2012-12-12 11:24 2048 ----a-w- c:\windows\system32\tzres.dll 2013-02-06 17:54 . 2013-02-06 17:51 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{a938761b-202b-4828-87e4-f21fec37d02d}] 2011-12-07 13:47 92040 ----a-w- c:\program files\PDF Suite 2012\PDFIEHelper.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11aa5c56-b4e2-4b8f-803a-d340415532f3}"= "c:\program files\PDF Suite 2012\PDFIEPlugin.dll" [2011-12-07 750472] . [HKEY_CLASSES_ROOT\clsid\{11aa5c56-b4e2-4b8f-803a-d340415532f3}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1] [HKEY_CLASSES_ROOT\TypeLib\{99e9d44c-f699-4ab3-8f4b-46dd12e9a9f6}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\urflamingo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\urflamingo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\urflamingo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 68856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "SMASH"="c:\program files\SoftMaker Office Professional 2012 (Trial)\smash.exe" [2012-05-07 233507] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "DriverScanner"="c:\progra~1\Uniblue\DRIVER~1\launcher.exe" [2011-10-20 338296] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936] "TrayServer"="c:\progra~1\MAGIX\VIDEO_~2\TrayServer.exe" [2008-08-07 90112] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904] "Skytel"="Skytel.exe" [2007-11-20 1826816] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "CorelCreatorClient"="c:\program files\Corel\Corel PDF Fusion\CorelCreatorClient.exe" [2012-04-25 667648] "DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\urflamingo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2008-09-09 02:16 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba] 2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Acer\Acer Bio Protection\PwdFilter . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk backupExtension=.CommonStartup backup=c:\windows\pss\Acer VCM.lnk.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dimdim.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dimdim.lnk backupExtension=.CommonStartup backup=c:\windows\pss\Dimdim.lnk.CommonStartup . [HKLM\~\startupfolder\C:^Users^urflamingo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk] path=c:\users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk backupExtension=.Startup backup=c:\windows\pss\Orion.lnk.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1&1 EasyLogin] 2010-12-29 07:58 1111040 ----a-w- c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent] 2008-07-24 13:54 147456 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient] 2006-12-27 23:02 1454080 ----a-r- c:\program files\avmwlanstick\WLanGUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray] 2008-04-25 19:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2008-07-24 13:54 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio] 2008-05-30 10:24 544768 ----a-w- c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2008-05-14 15:05 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC] 2008-08-01 07:51 405504 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2008-07-20 09:45 182808 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2008-06-04 12:03 817672 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-07-18 16:23 13543968 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-07-18 16:23 92704 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI] 2007-10-23 08:56 200704 ----a-w- c:\windows\PLFSetI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad] 2010-02-05 12:48 884740 ----a-w- c:\program files\NCH Swift Sound\Recordpad\recordpad.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-05-07 08:19 6139904 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer] 2009-11-25 17:50 2011205 ----a-w- c:\program files\Software Informer\softinfo.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2008-04-25 02:08 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] 2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000] 2008-09-09 02:15 3676160 ----a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 17:14 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 23:33] . 2013-02-07 c:\windows\Tasks\DriverScanner.job - c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-12-26 12:43] . 2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:17] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:17] . 2013-02-06 c:\windows\Tasks\next.job - c:\programdata\Dimdim\Updater\next.exe [2010-09-15 13:52] . 2013-02-06 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59] . 2013-01-30 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://de.intl.acer.yahoo.com uInternet Settings,ProxyOverride = fritz.box;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\urflamingo\AppData\Roaming\Mozilla\Firefox\Profiles\4zz1pslt.default\ FF - prefs.js: browser.search.selectedEngine - foxsearch FF - ExtSQL: !HIDDEN! 2009-09-02 10:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - ExtSQL: !HIDDEN! 2009-09-30 14:14; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - ExtSQL: !HIDDEN! 2010-02-21 23:42; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} . . ------- Dateityp-Verknüpfung ------- . .txt=UltraEdit.txt . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file) HKLM-Run-PrintDisp - c:\windows\system32\PrintDisp.exe HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-1und1 Update - c:\program files\1&1\LiveUpdate\m2LUTray.exe MSConfigStartUp-Getdo - c:\users\urflamingo\AppData\Roaming\Adobe\Update\flacor.dat MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe MSConfigStartUp-oxgoqy - c:\users\urflamingo\appdata\local\oxgoqy.exe MSConfigStartUp-PDFPrint - c:\program files\pdf24\pdf24.exe MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe MSConfigStartUp-VIP Organizer - c:\program files\VIP Quality Software\VIP Organizer\VIP Organizer.exe MSConfigStartUp-{AE5F6803-1805-7315-39B0-CB7BBC8EC0CA} - c:\users\urflamingo\AppData\Roaming\Duybci\maeco.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-02-08 14:32 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3339244594-544626258-3807575601-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*5*0*¬ \OpenWithList] @Class="Shell" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(1764) c:\users\urflamingo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\program files\McAfee Online Backup\MOBKshell.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\mfevtps.exe c:\program files\Common Files\McAfee\SystemCore\mfefire.exe c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\program files\McAfee\MAT\McPvTray.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-02-08 14:40:21 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-02-08 13:40 . Vor Suchlauf: 18 Verzeichnis(se), 36.774.187.008 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 38.477.262.848 Bytes frei . - - End Of File - - ECBB9F2468A47F066340B53B3CFB1ECA Mit dankbarem Gruß und der Hoffnung auf einen positiven Ausgang Urflamingo Hallo, Erfolg No1 ist da! Die Werbeeinblendungen finden nicht mehr statt. Dieser Sumpf scheint trocken gelegt. Jetzt wäre es toll, wenn wir noch erreichen könnten, dass das Notebook auch wieder im Normal-Modus läuft. Gruß urflamingo |
08.02.2013, 17:17 | #4 |
/// TB-Ausbilder | Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Servus, es freut mich, dass die Werbelinks schon mal weg sind. Führe bitte OTL im abgesicherten Modus aus:
Code:
ATTFilter c:\users\urflamingo\AppData\Roaming\*. activex netsvcs msconfig drivers32 safebootminimal safebootnetwork hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT
|
08.02.2013, 18:39 | #5 |
| Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Hallo Matthias, vielen Dank für Deine schnellen Reaktionen. Das ist wirklich super! Hier nun die Inhalte von Logfile OTLneu.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.02.2013 18:10:54 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\urflamingo\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 76,57% Memory free 10,67 Gb Paging File | 10,18 Gb Available in Paging File | 95,34% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4597 4597 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 35,78 Gb Free Space | 24,84% Space Free | Partition Type: NTFS Drive D: | 178,85 Gb Total Space | 100,95 Gb Free Space | 56,44% Space Free | Partition Type: NTFS Drive E: | 140,50 Gb Total Space | 86,21 Gb Free Space | 61,36% Space Free | Partition Type: NTFS Drive H: | 59,65 Gb Total Space | 55,37 Gb Free Space | 92,83% Space Free | Partition Type: NTFS Drive I: | 3,69 Gb Total Space | 3,23 Gb Free Space | 87,60% Space Free | Partition Type: FAT32 Drive J: | 59,58 Gb Total Space | 59,49 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Computer Name: MM-PC | User Name: urflamingo | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.07 14:19:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\urflamingo\Downloads\OTL.exe PRC - [2012.11.09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2012.11.09 06:50:10 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe PRC - [2012.09.12 12:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2012.09.10 21:08:30 | 000,513,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe PRC - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013.01.11 16:31:19 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c7d8599466a6a2a62641149253082cf4\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll MOD - [2013.01.11 16:28:39 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\be7e9d179601b68d944bca0774562154\CustomMarshalers.ni.dll MOD - [2013.01.10 23:30:24 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\d8790cade73bde092e1a268821f6c650\stdole.ni.dll MOD - [2013.01.10 19:39:15 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll MOD - [2013.01.10 19:29:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.10 19:02:34 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll MOD - [2013.01.10 18:52:25 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.10 18:28:17 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 18:27:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.12.13 12:48:28 | 000,662,120 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll MOD - [2012.12.12 23:31:10 | 000,180,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.dll MOD - [2012.12.12 23:31:10 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll MOD - [2012.10.05 11:59:08 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012.10.05 11:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.10.05 11:59:03 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2009.03.30 05:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2009.03.30 05:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.30 05:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2008.10.09 13:10:12 | 000,226,656 | ---- | M] () -- C:\Windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\office.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1) SRV - [2013.02.06 18:54:40 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.09 00:33:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.16 21:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.11.09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2012.11.09 06:50:10 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV - [2012.11.09 06:48:10 | 000,203,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2012.10.26 19:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService) SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2012.04.25 10:45:20 | 000,073,728 | ---- | M] (Global Graphics Software Ltd) [On_Demand | Stopped] -- C:\Windows\System32\CorelCreatorMessages.exe -- (CorelCreatorMessages) SRV - [2012.03.02 09:49:04 | 000,032,256 | ---- | M] (CloudBerry Lab Inc.) [Auto | Stopped] -- C:\Program Files\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe -- (CloudBerry Backup Service) SRV - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.12.07 14:47:40 | 000,886,664 | ---- | M] (Interactive Brands Inc.) [Auto | Stopped] -- C:\Program Files\PDF Suite 2012\ConversionService.exe -- (PDF Suite 2012 Service) SRV - [2011.12.07 14:47:32 | 000,813,960 | ---- | M] (Interactive Brands Inc.) [On_Demand | Stopped] -- C:\Program Files\PDF Suite 2012\HelperService.exe -- (PDF Suite 2012 Helper Service) SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.10.20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc) SRV - [2010.04.13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2008.09.09 03:15:52 | 003,602,432 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2008.07.20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.06.02 08:25:40 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.05.14 16:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.01.10 16:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\URFLAM~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2013.01.30 19:29:34 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012.12.31 12:31:43 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.11.09 06:56:16 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2012.11.09 06:53:32 | 000,210,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2012.11.09 06:52:12 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2012.11.09 06:51:12 | 000,565,352 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2012.11.09 06:50:20 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2012.11.09 06:50:00 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2012.11.09 06:49:40 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2012.11.09 06:49:10 | 000,132,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2012.09.14 16:26:32 | 000,064,832 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\McPvDrv.sys -- (McPvDrv) DRV - [2012.04.20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK) DRV - [2010.11.16 16:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2010.04.13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter) DRV - [2009.06.22 20:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.22 19:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.06.22 19:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.03.28 14:38:00 | 000,034,128 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dfmirage.sys -- (dfmirage) DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2008.09.09 03:15:48 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.07.18 17:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.18 15:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.06.25 06:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.05.19 17:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.05.05 02:05:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.01.16 17:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.10.18 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.03.28 06:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2006.12.28 00:02:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE295DE296 IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{8DF2838F-9A1E-49C0-B00E-DC8CC7617363}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{967A10CF-F7FE-44E6-A6FF-2D82A45CB247}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{A6C933D4-11C0-4AD0-8DEA-83C05F3BCD0C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{F598805B-AFDB-41A7-8FFD-1CE006901343}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..extensions.enabledAddons: finder%40meingutscheincode.de:3.0.3 FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8 FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.10 FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2 FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.7 FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0 FF - prefs.js..extensions.enabledAddons: %7BD19CA586-DD6C-4a0a-96F8-14644F340D60%7D:14.4.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@dimdim.com/DimdimPlugin: C:\Program Files\Dimdim\Plugin\Application\npDimDimControl.dll (Dimdim, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.09.30 13:14:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.21 23:42:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.04.08 15:31:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFConverter2012@ib.com: C:\Program Files\PDF Suite 2012\firefoxextension2012 [2012.01.19 18:05:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.12.13 23:19:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013.02.07 01:03:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.10.07 16:59:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 18:54:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 22:42:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.11.29 12:56:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.09.30 13:14:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 18:54:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 22:42:35 | 000,000,000 | ---D | M] [2010.10.25 11:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Extensions [2010.10.25 11:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2013.02.07 23:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions [2010.04.28 10:06:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.14 17:09:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2013.01.29 16:13:30 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012.08.01 15:04:23 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2010.07.23 10:39:00 | 000,000,000 | ---D | M] (FireFox accelerator) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\{E78313ED-E64C-451B-9B5F-8A66A8D08A64} [2010.09.14 20:58:58 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\firefox@tvunetworks.com [2010.11.12 17:43:05 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\support@predictad.com [2011.10.16 22:59:03 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\extensions\finder@meingutscheincode.de.xpi [2012.12.13 14:31:30 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\extensions\firebug@software.joehewitt.com.xpi [2011.10.16 22:59:41 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012.09.10 14:32:17 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013.02.06 18:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.02.07 01:03:18 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE [2012.12.13 23:19:46 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2013.02.06 18:54:42 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll [2012.07.05 13:55:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.10 14:04:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.05 13:55:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.12.11 09:33:29 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2012.07.05 13:55:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.18 13:49:37 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012.07.05 13:55:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.05 13:55:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: McAfee (Enabled) CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPPDLicenseHelper.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Dimdim NPRuntime Plugin for Netscape browsers (Enabled) = C:\Program Files\Dimdim\Plugin\Application\npDimDimControl.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: SiteAdvisor = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.02.08 14:32:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120702145158.dll (McAfee, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (PDF Suite 2012 Helper) - {a938761b-202b-4828-87e4-f21fec37d02d} - C:\Program Files\PDF Suite 2012\PDFIEHelper.dll (Interactive Brands Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (PDF Suite 2012 Toolbar) - {11aa5c56-b4e2-4b8f-803a-d340415532f3} - C:\Program Files\PDF Suite 2012\PDFIEPlugin.dll (Interactive Brands Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CorelCreatorClient] C:\Program Files\Corel\Corel PDF Fusion\CorelCreatorClient.exe (Global Graphics Software Ltd.) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_15_Plus\Trayserver.exe (MAGIX AG) O4 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\Launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000..\Run: [SMASH] C:\Program Files\SoftMaker Office Professional 2012 (Trial)\smash.exe (SoftMaker Software GmbH) O4 - Startup: C:\Users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\urflamingo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09B45471-8CDB-459E-84D6-40A2D15A253E}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F56A700-1388-464F-B01B-632C2938717E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{463FB10B-4FC8-44CD-824A-096C81AA3247}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4C48850-96A6-48A4-B659-90FD593E694E}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD4F4B37-B879-4A13-9722-9E613DE9BE89}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\urflamingo\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\urflamingo\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597) ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dimdim.lnk - C:\Program Files\Dimdim\Plugin\Application\Dimdim.exe - () MsConfig - StartUpFolder: C:^Users^urflamingo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk - - File not found MsConfig - StartUpReg: 1&1 EasyLogin - hkey= - key= - C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin) MsConfig - StartUpReg: BkupTray - hkey= - key= - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: eAudio - hkey= - key= - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: ePower_DMC - hkey= - key= - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) MsConfig - StartUpReg: LManager - hkey= - key= - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: PLFSetI - hkey= - key= - C:\Windows\PLFSetI.exe () MsConfig - StartUpReg: Recordpad - hkey= - key= - C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe (NCH Software) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Software Informer - hkey= - key= - C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.) MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) MsConfig - StartUpReg: ZPdtWzdVitaKey MC3000 - hkey= - key= - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) Drivers32: msacm.dvacm_vspx5 - c:\Program Files\Corel\Corel VideoStudio Ultimate X5\Common Files\VIO\DVACM.acm (Corel TW Corp.) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.pDAD - C:\Windows\System32\prodad-codec.dll (proDAD GmbH) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) Drivers32: VIDC.WMV3 - C:\Windows\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet: Messenger - Service SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet: mfevtp - C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET|COMMAND /RS HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET|COMMAND /64 /RS CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2013.02.08 14:40:23 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.08 14:40:22 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Local\temp [2013.02.08 14:32:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.08 13:54:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.08 13:54:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.08 13:54:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.08 13:43:21 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.08 13:42:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.07 23:06:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.02.07 22:50:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.07 22:48:00 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.07 00:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.07 00:21:51 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.06 21:56:49 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\Malwarebytes [2013.02.06 21:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.06 21:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.06 18:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.05 18:10:27 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\vlc [2013.02.05 18:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.02.05 18:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.02.03 12:05:42 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.03 12:05:07 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.03 12:05:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.03 12:05:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.01.31 17:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.01.30 23:42:09 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CdCoverCreator [2013.01.30 23:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CdCoverCreator [2013.01.30 23:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\CdCoverCreator [2013.01.30 23:18:57 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony [2013.01.30 23:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony [2013.01.30 23:18:50 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\DSite [2013.01.30 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\Corel [2013.01.30 16:18:35 | 000,013,880 | ---- | C] (InterVideo) -- C:\Windows\System32\drivers\regi.sys [2013.01.28 19:05:51 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\Documents\Nero [2013.01.28 19:04:25 | 000,031,576 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2013.01.28 19:03:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.01.28 19:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero [2013.01.28 19:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2013.01.28 19:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2013.01.28 18:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2013.01.22 21:21:49 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\Documents\Recordpad [2013.01.19 01:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miracle Squeeze Page Builder [2013.01.19 01:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Miracle Squeeze Page Builder [2013.01.19 01:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\PinDetective [2013.01.19 01:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\PinAutomation - Affiliate Robot [2013.01.18 16:28:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus [2013.01.18 01:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix [2013.01.17 16:33:51 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\Documents\MAGIX Speed [2013.01.17 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\Documents\MAGIX Downloads [2013.01.17 15:50:01 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\Documents\Corel MotionStudio 3D [2013.01.14 00:34:52 | 000,331,136 | ---- | C] (Mirko Böer) -- C:\Windows\EMVUn.EXE [2013.01.14 00:34:51 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\E-MailVerifier [2013.01.14 00:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\E-MailVerifier [2013.01.14 00:33:38 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\SuperMailer [2013.01.14 00:33:15 | 000,331,136 | ---- | C] (Mirko Böer) -- C:\Windows\SMUn.EXE [2013.01.14 00:33:14 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperMailer [2013.01.14 00:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\SuperMailer [2013.01.13 18:05:27 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 [2013.01.13 18:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai [2013.01.09 23:52:42 | 000,000,000 | ---D | C] -- C:\Betriebssystem [2010.12.10 23:56:46 | 000,475,704 | ---- | C] (NCH Software) -- C:\ProgramData\prismsetup.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.08 18:05:02 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk [2013.02.08 17:59:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.08 15:24:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.08 15:24:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.02.08 15:24:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.08 15:24:17 | 000,143,914 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.02.08 14:32:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.02.07 23:43:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.07 23:32:37 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.07 21:25:07 | 000,634,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.07 21:08:47 | 000,073,728 | ---- | M] () -- C:\Users\urflamingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.07 16:14:03 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2013.02.07 14:14:58 | 000,000,000 | ---- | M] () -- C:\Users\urflamingo\defogger_reenable [2013.02.07 00:22:14 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.06 23:37:25 | 000,705,482 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.06 23:37:25 | 000,661,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.06 23:37:25 | 000,159,046 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.06 23:37:25 | 000,130,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.06 22:19:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.06 18:00:04 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\next.job [2013.02.06 18:00:03 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2013.02.05 18:09:08 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.02.03 12:04:37 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.03 12:04:36 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.02.03 12:04:36 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.02.03 12:04:36 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.03 12:04:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.03 12:04:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.03 11:56:35 | 000,000,960 | ---- | M] () -- C:\Users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.03 11:56:22 | 000,000,938 | ---- | M] () -- C:\Users\urflamingo\Desktop\Dropbox.lnk [2013.02.03 11:55:15 | 000,047,104 | ---- | M] () -- C:\Users\urflamingo\AppData\Local\WebpageIcons.db [2013.01.31 17:39:18 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.01.31 17:39:18 | 000,001,875 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.01.31 00:37:30 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000ED4.LCS [2013.01.30 23:42:10 | 000,000,840 | ---- | M] () -- C:\Users\urflamingo\Desktop\CdCoverCreator.lnk [2013.01.30 23:18:59 | 000,000,756 | ---- | M] () -- C:\Users\urflamingo\Desktop\MiPony.lnk [2013.01.30 19:29:34 | 000,031,576 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2013.01.30 16:19:19 | 000,000,040 | -H-- | M] () -- C:\Windows\System32\ivireg.ivr [2013.01.30 16:18:50 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk [2013.01.30 12:38:44 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job [2013.01.19 01:42:19 | 000,000,206 | ---- | M] () -- C:\Windows\EurekaLog.ini [2013.01.19 01:30:45 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk [2013.01.19 01:23:01 | 000,000,841 | ---- | M] () -- C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk [2013.01.19 01:13:09 | 000,001,069 | ---- | M] () -- C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk [2013.01.18 14:56:31 | 000,000,970 | ---- | M] () -- C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk [2013.01.17 18:36:47 | 000,029,053 | ---- | M] () -- C:\Users\urflamingo\Documents\Versuch1.ffd [2013.01.17 16:34:34 | 000,000,046 | ---- | M] () -- C:\Windows\Speed.INI [2013.01.17 15:50:01 | 000,000,024 | ---- | M] () -- C:\Windows\System32\DKRNL.JAX [2013.01.16 16:18:43 | 000,007,592 | ---- | M] () -- C:\Users\urflamingo\AppData\Local\d3d9caps.dat [2013.01.14 23:37:49 | 000,024,576 | ---- | M] () -- C:\Users\urflamingo\Documents\verguetungssysteme.dsam [2013.01.14 23:23:40 | 000,322,760 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2013.01.14 13:43:56 | 000,143,914 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.01.14 00:34:52 | 000,002,269 | R--- | M] () -- C:\Windows\E-MailVerifier_Uninstall.in [2013.01.14 00:34:52 | 000,000,715 | ---- | M] () -- C:\Users\urflamingo\Desktop\E-MailVerifier.lnk [2013.01.14 00:33:15 | 000,003,306 | R--- | M] () -- C:\Windows\SuperMailer_Uninstall.in [2013.01.14 00:33:15 | 000,000,695 | ---- | M] () -- C:\Users\urflamingo\Desktop\SuperMailer.lnk [2013.01.13 18:04:09 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.08 13:54:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.08 13:54:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.08 13:54:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.08 13:54:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.08 13:54:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.07 14:14:58 | 000,000,000 | ---- | C] () -- C:\Users\urflamingo\defogger_reenable [2013.02.07 00:22:14 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.05 18:09:08 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.01.31 17:39:18 | 000,001,875 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.01.30 23:42:10 | 000,000,840 | ---- | C] () -- C:\Users\urflamingo\Desktop\CdCoverCreator.lnk [2013.01.30 23:18:59 | 000,000,756 | ---- | C] () -- C:\Users\urflamingo\Desktop\MiPony.lnk [2013.01.30 16:19:10 | 000,000,040 | -H-- | C] () -- C:\Windows\System32\ivireg.ivr [2013.01.30 16:18:50 | 000,001,746 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel WinDVD Pro 11.lnk [2013.01.30 16:18:50 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk [2013.01.19 01:30:45 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk [2013.01.19 01:23:01 | 000,000,841 | ---- | C] () -- C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk [2013.01.19 01:13:09 | 000,001,069 | ---- | C] () -- C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk [2013.01.18 14:56:31 | 000,000,970 | ---- | C] () -- C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk [2013.01.17 18:36:46 | 000,029,053 | ---- | C] () -- C:\Users\urflamingo\Documents\Versuch1.ffd [2013.01.17 16:33:51 | 000,000,046 | ---- | C] () -- C:\Windows\Speed.INI [2013.01.17 15:50:01 | 000,000,024 | ---- | C] () -- C:\Windows\System32\DKRNL.JAX [2013.01.14 23:21:59 | 000,024,576 | ---- | C] () -- C:\Users\urflamingo\Documents\verguetungssysteme.dsam [2013.01.14 00:34:52 | 000,002,269 | R--- | C] () -- C:\Windows\E-MailVerifier_Uninstall.in [2013.01.14 00:34:52 | 000,000,715 | ---- | C] () -- C:\Users\urflamingo\Desktop\E-MailVerifier.lnk [2013.01.14 00:33:15 | 000,003,306 | R--- | C] () -- C:\Windows\SuperMailer_Uninstall.in [2013.01.14 00:33:15 | 000,000,695 | ---- | C] () -- C:\Users\urflamingo\Desktop\SuperMailer.lnk [2013.01.13 18:04:09 | 000,000,788 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk [2013.01.13 18:04:08 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk [2013.01.03 01:04:36 | 000,237,568 | R--- | C] () -- C:\Windows\System32\qtmlClient.dll [2013.01.03 01:04:36 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.4.ini [2012.04.25 10:46:18 | 000,126,976 | ---- | C] () -- C:\Windows\System32\corelcreatorpm.dll [2012.04.25 10:45:22 | 000,010,240 | ---- | C] () -- C:\Windows\System32\CorelCreatorMessagesPS.dll [2012.04.06 16:11:27 | 000,035,451 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\snippets.html [2012.04.06 16:11:27 | 000,030,634 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\style.css [2012.04.06 16:11:27 | 000,003,421 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\single.php [2012.04.06 16:11:27 | 000,001,066 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\tag.php [2012.04.06 16:11:27 | 000,000,893 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\wvr-settings.php [2012.04.06 16:11:27 | 000,000,738 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\wvr-admin-style.css [2012.04.06 16:11:26 | 000,029,025 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\screenshot.png [2012.04.06 16:11:26 | 000,004,629 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\rtl.css [2012.04.06 16:11:26 | 000,001,900 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page.php [2012.04.06 16:11:26 | 000,001,802 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\sidebar-footer.php [2012.04.06 16:11:26 | 000,001,702 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\sidebar.php [2012.04.06 16:11:26 | 000,001,507 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\search.php [2012.04.06 16:11:26 | 000,000,522 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-wrapperonly.php [2012.04.06 16:11:26 | 000,000,493 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\sidebar-altright.php [2012.04.06 16:11:26 | 000,000,490 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\sidebar-altleft.php [2012.04.06 16:11:25 | 000,002,843 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-sitemap.php [2012.04.06 16:11:25 | 000,002,710 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-posts-excerpt2col.php [2012.04.06 16:11:25 | 000,002,498 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-posts-title2col.php [2012.04.06 16:11:25 | 000,002,495 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-posts-excerpt.php [2012.04.06 16:11:25 | 000,002,485 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-posts2col.php [2012.04.06 16:11:25 | 000,002,484 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-posts-title.php [2012.04.06 16:11:25 | 000,002,473 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-posts.php [2012.04.06 16:11:25 | 000,001,554 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-onecolumniframe.php [2012.04.06 16:11:24 | 000,003,797 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\loop.php [2012.04.06 16:11:24 | 000,001,796 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-multicolcontent.php [2012.04.06 16:11:24 | 000,001,793 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-altright.php [2012.04.06 16:11:24 | 000,001,779 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-altleft.php [2012.04.06 16:11:24 | 000,001,736 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-customheader.php [2012.04.06 16:11:24 | 000,001,453 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\onecolumn-page.php [2012.04.06 16:11:23 | 000,004,568 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\loop-twocol.php [2012.04.06 16:11:23 | 000,004,149 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\loop-pwp.php [2012.04.06 16:11:23 | 000,001,380 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\index.php [2012.04.06 16:11:22 | 000,092,084 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\help.html [2012.04.06 16:11:22 | 000,044,722 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\functions.php [2012.04.06 16:11:22 | 000,010,354 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\header.php [2012.04.06 16:11:22 | 000,007,629 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\header-custom.php [2012.04.06 16:11:22 | 000,001,227 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\gallery.php [2012.04.06 16:11:21 | 000,020,595 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\css-help.html [2012.04.06 16:11:21 | 000,003,862 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\editor-style.css [2012.04.06 16:11:21 | 000,003,070 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\comments.php [2012.04.06 16:11:21 | 000,001,971 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\footer.php [2012.04.06 16:11:21 | 000,000,765 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\editor-style-rtl.css [2012.04.06 16:11:20 | 000,004,094 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\attachment.php [2012.04.06 16:11:20 | 000,002,380 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\author.php [2012.04.06 16:11:20 | 000,001,361 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\category.php [2012.04.06 16:11:19 | 000,002,084 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\archive.php [2012.03.29 12:47:01 | 004,191,424 | ---- | C] () -- C:\Windows\ConferenceRS.exe [2012.03.23 19:49:26 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.01.02 23:38:30 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.12.29 17:16:26 | 000,049,559 | ---- | C] () -- C:\Users\urflamingo\hotelreservierung.de.htm [2011.12.27 13:00:57 | 000,000,021 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\mc.pixel.data [2011.12.21 00:47:45 | 000,002,826 | ---- | C] () -- C:\Users\urflamingo\.recently-used.xbel [2011.10.01 11:36:14 | 000,000,095 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\sgkpbhtr.bat [2011.06.15 21:48:18 | 000,004,280 | ---- | C] () -- C:\Users\urflamingo\UST Erklärung 2009.elfo [2011.02.02 12:34:36 | 000,000,000 | ---- | C] () -- C:\Users\urflamingo\.gtk-bookmarks [2011.02.02 11:52:59 | 000,753,388 | ---- | C] () -- C:\Users\urflamingo\.fonts.cache-1 [2011.01.25 18:56:23 | 000,413,408 | ---- | C] () -- C:\Users\urflamingo\web_developer-1.1.9-fx+sm.xpi [2011.01.24 20:25:48 | 002,294,376 | ---- | C] () -- C:\Users\urflamingo\BlogPimp-GridEasy-Designhilfe-1.1.psd [2011.01.10 23:45:09 | 000,000,096 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\ptvice.bat [2011.01.10 14:23:27 | 000,023,843 | ---- | C] () -- C:\Users\urflamingo\screenshot.png [2011.01.10 14:23:27 | 000,000,536 | ---- | C] () -- C:\Users\urflamingo\style.css [2011.01.10 14:23:23 | 000,005,098 | ---- | C] () -- C:\Users\urflamingo\comments.php [2011.01.10 14:23:23 | 000,000,360 | ---- | C] () -- C:\Users\urflamingo\custom.css [2011.01.10 14:23:23 | 000,000,264 | ---- | C] () -- C:\Users\urflamingo\header.php [2011.01.10 14:23:23 | 000,000,163 | ---- | C] () -- C:\Users\urflamingo\index.php [2011.01.10 14:23:23 | 000,000,138 | ---- | C] () -- C:\Users\urflamingo\functions.php [2011.01.10 14:23:23 | 000,000,110 | ---- | C] () -- C:\Users\urflamingo\footer.php [2010.12.13 23:48:17 | 000,014,882 | ---- | C] () -- C:\ProgramData\HelpGuide.html [2010.12.13 23:48:17 | 000,004,411 | ---- | C] () -- C:\ProgramData\facebook-logo.png [2010.12.13 23:48:17 | 000,002,137 | ---- | C] () -- C:\ProgramData\facebook-icon.png [2010.11.21 11:15:57 | 000,023,888 | ---- | C] () -- C:\Users\urflamingo\AppData\Roaming\UserTile.png [2010.11.07 18:47:13 | 000,086,016 | ---- | C] () -- C:\Users\urflamingo\Neugierig.camrec [2010.10.31 16:57:46 | 002,785,494 | ---- | C] () -- C:\Users\urflamingo\.websiteauditor.properties [2010.10.31 16:44:25 | 000,453,954 | ---- | C] () -- C:\Users\urflamingo\.linkassistant.properties [2010.10.25 16:34:27 | 000,411,904 | ---- | C] () -- C:\Users\urflamingo\.ranktracker.properties [2010.10.25 11:53:34 | 000,511,426 | ---- | C] () -- C:\Users\urflamingo\.spyglass.properties [2010.06.27 19:33:37 | 000,007,592 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\d3d9caps.dat [2010.04.13 11:20:40 | 1088,888,832 | ---- | C] () -- C:\Users\urflamingo\Cwolpersweb ME u.a..camrec [2010.03.01 20:26:09 | 000,047,104 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\WebpageIcons.db [2010.02.06 18:03:55 | 000,001,028 | ---- | C] () -- C:\Users\urflamingo\AppData\Roaming\WavCodec.wff [2009.11.19 14:09:32 | 000,017,896 | ---- | C] () -- C:\Users\urflamingo\Akquisitionsseminar.pdf [2009.09.20 09:27:40 | 000,000,132 | ---- | C] () -- C:\Users\urflamingo\AppData\Roaming\wklnhst.dat [2009.08.31 14:13:31 | 000,000,094 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\mlrjpwnu.bat [2009.08.13 10:31:48 | 000,143,914 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.13 08:14:50 | 000,143,914 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.10.04 22:22:34 | 000,073,728 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < c:\users\urflamingo\AppData\Roaming\*. > [2010.08.24 10:32:56 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Acer [2008.07.30 03:10:28 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Acer GameZone Console [2012.02.09 17:27:39 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Adobe [2010.11.08 22:42:49 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\AnvSoft [2010.09.30 18:27:01 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Apple Computer [2012.12.06 18:36:36 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\APP_NAME_NON_STRING [2010.11.30 19:41:39 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\ArcSoft [2010.03.25 17:23:51 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Artisteer [2013.01.22 23:10:19 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Audacity [2010.11.12 21:07:25 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Audio Record Edit Toolbox [2009.08.17 12:09:52 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Avanquest [2013.01.18 14:58:37 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\AVS4YOU [2011.06.29 20:27:08 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Buhl Data Service [2010.02.09 21:53:06 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\CD-DVD Druckerei 7 [2012.01.06 12:02:11 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\CherryPickerLive [2010.02.11 18:18:32 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\ColorSchemer [2013.01.30 16:46:54 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Corel [2008.10.05 20:23:29 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\CyberLink [2011.02.10 23:13:03 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Desktop Apps [2010.10.23 14:58:07 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\dimdim [2012.12.26 20:40:31 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\DivX [2010.05.05 16:24:20 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 [2011.03.19 19:43:57 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Downloaded Installations [2013.02.07 00:08:44 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Dropbox [2013.01.30 23:18:50 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\DSite [2010.10.15 20:09:48 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Duybci [2011.12.31 18:28:17 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\DVDVideoSoft [2010.02.15 18:25:51 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\elsterformular [2008.10.04 17:50:10 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\eSobi [2010.10.20 15:52:13 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\eXPert PDF 5 [2010.02.16 12:13:16 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\eXPert PDF Editor [2012.12.13 16:08:53 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\ffDiaporama [2013.02.04 13:40:49 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\FileZilla [2009.11.19 13:24:13 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Firelab [2011.04.04 11:31:13 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\founder.de Website Booster [2009.12.01 11:26:43 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\GetRightToGo [2008.10.04 15:36:22 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Google [2011.12.21 01:00:29 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\gtk-2.0 [2011.03.31 17:35:09 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Gutscheinmieze [2011.03.08 22:16:22 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\HandBrake [2009.11.18 19:40:43 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Hemera [2009.10.07 10:10:06 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\HP [2009.10.18 22:03:37 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\HTML Executable [2008.10.04 15:10:48 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Identities [2010.03.09 23:44:56 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\IDMComp [2008.10.09 14:03:33 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\InstallShield [2010.12.11 09:40:58 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Leawo [2012.01.08 18:36:16 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\LogoMaker [2008.10.04 15:11:16 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Macromedia [2012.12.14 17:27:38 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\MAGIX [2013.02.06 21:56:49 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Malwarebytes [2013.01.13 18:05:27 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 [2010.03.15 15:48:15 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\MatchWare [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Media Center Programs [2010.12.11 02:31:51 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\mediAvatar [2013.01.03 00:24:35 | 000,000,000 | --SD | M] -- c:\users\urflamingo\AppData\Roaming\Microsoft [2010.11.19 02:20:14 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\mirabyte [2008.10.13 15:50:38 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Mozilla [2012.12.18 13:44:28 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\NCH Software [2010.11.09 15:36:15 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\NCH Swift Sound [2011.03.10 14:43:14 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Nitro PDF [2011.03.05 00:26:03 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Notepad++ [2010.04.27 10:25:30 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Nvu [2009.08.01 19:13:50 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\OpenOffice.org [2011.04.18 11:31:46 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Opera [2010.10.15 11:57:41 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Orqu [2013.02.08 18:08:38 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\PDF Software [2010.11.21 11:15:56 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\PeerNetworking [2012.01.20 13:05:21 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\PhoenixLabs [2013.01.03 01:08:05 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\proDAD [2010.02.09 21:58:31 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\ProtectDisc [2010.03.11 22:56:44 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Publish Providers [2012.12.28 22:30:51 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\QTIndexSwapper [2010.02.05 13:49:55 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Recordpad [2009.08.24 01:34:31 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\ScreeNet iSaver [2010.05.06 20:14:23 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\SmartDraw [2012.01.08 08:40:36 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\SocialMediaManager [2012.12.14 16:11:32 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\SoftMaker [2010.10.24 20:16:42 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Software Informer [2010.12.28 14:54:53 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Sony [2013.01.14 00:33:38 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\SuperMailer [2010.04.21 16:26:01 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\TechSmith [2009.09.20 09:27:39 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Template [2012.12.13 21:08:08 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Titler [2013.01.17 15:49:50 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Ulead Systems [2012.12.26 20:39:47 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Uniblue [2013.02.05 18:11:35 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\vlc [2009.12.17 23:44:10 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\WinRAR [2012.01.08 16:34:02 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Xilisoft [2011.01.20 10:17:32 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\XnView ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\urflamingo\Documents\Jazz on the Sea.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\urflamingo\Documents\Capture3.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\urflamingo\Documents\Capture2.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\urflamingo\Documents\Capture1.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\urflamingo\Documents\Capture.wav:TOC.WMV < End of report > Gruß urflamingo |
09.02.2013, 11:50 | #6 |
/// TB-Ausbilder | Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Servus, jetzt könnte es etwas knifflig werden, da ich in der Logdatei nichts sehe, das für die Blockade verantwortlich sein könnte. Führe bitte die folgenden Schritte im abgesicherten Modus aus: Schritt 1 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Schritt 2 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
09.02.2013, 13:00 | #7 |
| Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Hallo Matthias, beim letzten "Normalstart-Versuch" kam ich zum 1. Mal einen Schritt weiter. Nach dem Willkommens-Bildschirm öffnete sich das Desktop-Bild mit den positionierten Programmen. Dort war allerdings dann Schluss. Dort hat sich der PC dann wieder aufgehängt. Hier nun zu Schritt 1 die aswMBR.txt aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-09 12:39:32 ----------------------------- 12:39:32.411 OS Version: Windows 6.0.6002 Service Pack 2 12:39:32.411 Number of processors: 2 586 0x1706 12:39:32.411 ComputerName: MM-PC UserName: 12:39:33.331 Initialize success 12:41:02.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 12:41:02.829 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3 12:41:02.829 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 12:41:02.844 Disk 1 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3 12:41:02.891 Disk 0 MBR read successfully 12:41:02.891 Disk 0 MBR scan 12:41:02.891 Disk 0 unknown MBR code 12:41:02.907 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048 12:41:02.922 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147501 MB offset 20973568 12:41:02.938 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143872 MB offset 323055616 12:41:02.969 Disk 0 Partition 4 00 12 Compaq diag NTFS 3630 MB offset 617705472 12:41:02.985 Disk 0 scanning sectors +625139712 12:41:03.031 Disk 0 scanning C:\Windows\system32\drivers 12:41:11.346 Service scanning 12:41:30.300 Modules scanning 12:41:33.639 Disk 0 trace - called modules: 12:41:33.654 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 12:41:33.654 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bfd2a8] 12:41:33.670 3 CLASSPNP.SYS[8b1d28b3] -> nt!IofCallDriver -> [0x853a02d8] 12:41:33.685 5 acpi.sys[82e9c6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d71028] 12:41:33.685 Scan finished successfully 12:42:28.207 Disk 0 MBR has been saved successfully to "D:\MBR.dat" 12:42:28.207 The log file has been saved successfully to "D:\aswMBR.txt" Und zu Schritt 2 die TDSSKiller....log.txt 12:43:38.0829 2152 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 12:43:39.0765 2152 ============================================================ 12:43:39.0765 2152 Current date / time: 2013/02/09 12:43:39.0765 12:43:39.0765 2152 SystemInfo: 12:43:39.0765 2152 12:43:39.0765 2152 OS Version: 6.0.6002 ServicePack: 2.0 12:43:39.0765 2152 Product type: Workstation 12:43:39.0765 2152 ComputerName: MM-PC 12:43:39.0765 2152 UserName: urflamingo 12:43:39.0765 2152 Windows directory: C:\Windows 12:43:39.0765 2152 System windows directory: C:\Windows 12:43:39.0765 2152 Processor architecture: Intel x86 12:43:39.0765 2152 Number of processors: 2 12:43:39.0765 2152 Page size: 0x1000 12:43:39.0765 2152 Boot type: Safe boot with network 12:43:39.0765 2152 ============================================================ 12:43:40.0326 2152 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 12:43:40.0685 2152 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 12:43:40.0732 2152 Drive \Device\Harddisk2\DR2 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 12:43:40.0732 2152 ============================================================ 12:43:40.0732 2152 \Device\Harddisk0\DR0: 12:43:40.0732 2152 MBR partitions: 12:43:40.0732 2152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800 12:43:40.0732 2152 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x11900000 12:43:40.0732 2152 \Device\Harddisk1\DR1: 12:43:40.0763 2152 MBR partitions: 12:43:40.0763 2152 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x165B59F5 12:43:40.0763 2152 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x165B5A3B, BlocksNum 0x774D8A4 12:43:40.0810 2152 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x1DD0331E, BlocksNum 0x772A3A3 12:43:40.0810 2152 \Device\Harddisk2\DR2: 12:43:40.0810 2152 MBR partitions: 12:43:40.0810 2152 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00 12:43:40.0810 2152 ============================================================ 12:43:40.0888 2152 C: <-> \Device\Harddisk0\DR0\Partition1 12:43:40.0919 2152 D: <-> \Device\Harddisk1\DR1\Partition1 12:43:40.0981 2152 E: <-> \Device\Harddisk0\DR0\Partition2 12:43:40.0981 2152 J: <-> \Device\Harddisk1\DR1\Partition3 12:43:41.0013 2152 H: <-> \Device\Harddisk1\DR1\Partition2 12:43:41.0013 2152 ============================================================ 12:43:41.0013 2152 Initialize success 12:43:41.0013 2152 ============================================================ 12:44:25.0332 4068 ============================================================ 12:44:25.0332 4068 Scan started 12:44:25.0332 4068 Mode: Manual; 12:44:25.0332 4068 ============================================================ 12:44:26.0065 4068 ================ Scan system memory ======================== 12:44:26.0065 4068 System memory - ok 12:44:26.0065 4068 ================ Scan services ============================= 12:44:26.0237 4068 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 12:44:26.0237 4068 ACDaemon - ok 12:44:26.0409 4068 [ A6FE70357A68AD1E279CD1012419CCE6 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys 12:44:26.0409 4068 acedrv11 - ok 12:44:26.0455 4068 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 12:44:26.0455 4068 ACPI - ok 12:44:26.0533 4068 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 12:44:26.0533 4068 AdobeARMservice - ok 12:44:26.0611 4068 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 12:44:26.0611 4068 AdobeFlashPlayerUpdateSvc - ok 12:44:26.0658 4068 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 12:44:26.0674 4068 adp94xx - ok 12:44:26.0721 4068 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 12:44:26.0721 4068 adpahci - ok 12:44:26.0752 4068 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 12:44:26.0752 4068 adpu160m - ok 12:44:26.0767 4068 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 12:44:26.0767 4068 adpu320 - ok 12:44:26.0814 4068 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 12:44:26.0814 4068 AeLookupSvc - ok 12:44:26.0877 4068 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys 12:44:26.0877 4068 Afc - ok 12:44:26.0939 4068 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 12:44:26.0939 4068 AFD - ok 12:44:26.0986 4068 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 12:44:26.0986 4068 agp440 - ok 12:44:27.0017 4068 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 12:44:27.0017 4068 aic78xx - ok 12:44:27.0064 4068 [ 4490B8BDF38750458EB9B24835FDA8FE ] AlfaFF C:\Windows\system32\Drivers\AlfaFF.sys 12:44:27.0064 4068 AlfaFF - ok 12:44:27.0142 4068 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 12:44:27.0142 4068 ALG - ok 12:44:27.0173 4068 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 12:44:27.0173 4068 aliide - ok 12:44:27.0189 4068 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 12:44:27.0189 4068 amdagp - ok 12:44:27.0204 4068 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 12:44:27.0204 4068 amdide - ok 12:44:27.0251 4068 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 12:44:27.0251 4068 AmdK7 - ok 12:44:27.0267 4068 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 12:44:27.0267 4068 AmdK8 - ok 12:44:27.0298 4068 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 12:44:27.0298 4068 Appinfo - ok 12:44:27.0329 4068 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 12:44:27.0329 4068 arc - ok 12:44:27.0376 4068 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 12:44:27.0376 4068 arcsas - ok 12:44:27.0532 4068 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 12:44:27.0610 4068 aspnet_state - ok 12:44:27.0641 4068 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 12:44:27.0641 4068 AsyncMac - ok 12:44:27.0657 4068 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys 12:44:27.0657 4068 atapi - ok 12:44:27.0719 4068 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 12:44:27.0719 4068 AudioEndpointBuilder - ok 12:44:27.0735 4068 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 12:44:27.0735 4068 Audiosrv - ok 12:44:27.0781 4068 [ 740970262714E0575F23A917A2A53A31 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys 12:44:27.0781 4068 avgtp - ok 12:44:27.0859 4068 [ 9BD46C1D2F33A890B7226EDF543F18AA ] AVM WLAN Connection Service C:\Program Files\avmwlanstick\WlanNetService.exe 12:44:27.0859 4068 AVM WLAN Connection Service - ok 12:44:27.0922 4068 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\Windows\system32\drivers\avmeject.sys 12:44:27.0922 4068 avmeject - ok 12:44:27.0984 4068 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 12:44:28.0000 4068 Beep - ok 12:44:28.0047 4068 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 12:44:28.0078 4068 BFE - ok 12:44:28.0109 4068 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll 12:44:28.0296 4068 BITS - ok 12:44:28.0343 4068 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 12:44:28.0343 4068 blbdrive - ok 12:44:28.0405 4068 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 12:44:28.0421 4068 Bonjour Service - ok 12:44:28.0452 4068 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 12:44:28.0452 4068 bowser - ok 12:44:28.0499 4068 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 12:44:28.0499 4068 BrFiltLo - ok 12:44:28.0530 4068 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 12:44:28.0530 4068 BrFiltUp - ok 12:44:28.0561 4068 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 12:44:28.0561 4068 Browser - ok 12:44:28.0577 4068 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 12:44:28.0577 4068 Brserid - ok 12:44:28.0624 4068 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 12:44:28.0624 4068 BrSerWdm - ok 12:44:28.0655 4068 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 12:44:28.0655 4068 BrUsbMdm - ok 12:44:28.0686 4068 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 12:44:28.0686 4068 BrUsbSer - ok 12:44:28.0702 4068 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 12:44:28.0702 4068 BTHMODEM - ok 12:44:28.0764 4068 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe 12:44:28.0764 4068 BUNAgentSvc - ok 12:44:28.0780 4068 catchme - ok 12:44:28.0795 4068 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 12:44:28.0795 4068 cdfs - ok 12:44:28.0842 4068 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 12:44:28.0842 4068 cdrom - ok 12:44:28.0905 4068 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 12:44:28.0905 4068 CertPropSvc - ok 12:44:28.0951 4068 [ 67B20DA4727F54AEA29FDDAD810C898D ] cfwids C:\Windows\system32\drivers\cfwids.sys 12:44:28.0951 4068 cfwids - ok 12:44:28.0967 4068 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys 12:44:28.0967 4068 circlass - ok 12:44:28.0998 4068 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 12:44:28.0998 4068 CLFS - ok 12:44:29.0076 4068 [ 5CA9B1062C0C3E3AE19C23AD9D8A5048 ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe 12:44:29.0076 4068 CLHNService - ok 12:44:29.0154 4068 [ 34E7BE3042F7905D5582E0C666205202 ] CloudBerry Backup Service C:\Program Files\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe 12:44:29.0154 4068 CloudBerry Backup Service - ok 12:44:29.0201 4068 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:44:29.0248 4068 clr_optimization_v2.0.50727_32 - ok 12:44:29.0295 4068 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:44:29.0419 4068 clr_optimization_v4.0.30319_32 - ok 12:44:29.0466 4068 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 12:44:29.0466 4068 CmBatt - ok 12:44:29.0497 4068 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 12:44:29.0497 4068 cmdide - ok 12:44:29.0513 4068 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 12:44:29.0513 4068 Compbatt - ok 12:44:29.0529 4068 COMSysApp - ok 12:44:29.0591 4068 [ 5E39149218CF703B8FD2E1854A4CEDE7 ] CorelCreatorMessages C:\Windows\system32\CorelCreatorMessages.exe 12:44:29.0591 4068 CorelCreatorMessages - ok 12:44:29.0763 4068 cpuz132 - ok 12:44:29.0778 4068 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 12:44:29.0778 4068 crcdisk - ok 12:44:29.0809 4068 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 12:44:29.0809 4068 Crusoe - ok 12:44:29.0872 4068 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 12:44:29.0872 4068 CryptSvc - ok 12:44:29.0950 4068 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 12:44:29.0997 4068 DcomLaunch - ok 12:44:30.0043 4068 [ 699EF0FD9AE72B7F5AD756E382C73E0E ] dfmirage C:\Windows\system32\DRIVERS\dfmirage.sys 12:44:30.0043 4068 dfmirage - ok 12:44:30.0059 4068 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 12:44:30.0059 4068 DfsC - ok 12:44:30.0153 4068 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 12:44:30.0215 4068 DFSR - ok 12:44:30.0277 4068 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 12:44:30.0277 4068 Dhcp - ok 12:44:30.0324 4068 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 12:44:30.0324 4068 disk - ok 12:44:30.0355 4068 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys 12:44:30.0355 4068 DKbFltr - ok 12:44:30.0387 4068 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 12:44:30.0387 4068 Dnscache - ok 12:44:30.0433 4068 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 12:44:30.0433 4068 dot3svc - ok 12:44:30.0465 4068 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 12:44:30.0465 4068 Dot4 - ok 12:44:30.0480 4068 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 12:44:30.0480 4068 Dot4Print - ok 12:44:30.0480 4068 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 12:44:30.0496 4068 dot4usb - ok 12:44:30.0527 4068 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 12:44:30.0527 4068 DPS - ok 12:44:30.0574 4068 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 12:44:30.0574 4068 drmkaud - ok 12:44:30.0621 4068 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 12:44:30.0636 4068 DXGKrnl - ok 12:44:30.0667 4068 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 12:44:30.0667 4068 E1G60 - ok 12:44:30.0730 4068 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 12:44:30.0730 4068 EapHost - ok 12:44:30.0792 4068 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 12:44:30.0792 4068 Ecache - ok 12:44:30.0901 4068 [ 2CE2DDCB1A41ED4488A2A8B98D286B3D ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 12:44:30.0917 4068 eDataSecurity Service - ok 12:44:30.0948 4068 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 12:44:30.0964 4068 ehRecvr - ok 12:44:30.0964 4068 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 12:44:30.0979 4068 ehSched - ok 12:44:30.0979 4068 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 12:44:30.0979 4068 ehstart - ok 12:44:31.0042 4068 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 12:44:31.0042 4068 elxstor - ok 12:44:31.0104 4068 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 12:44:31.0135 4068 EMDMgmt - ok 12:44:31.0167 4068 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 12:44:31.0167 4068 ErrDev - ok 12:44:31.0229 4068 [ 27D2754314D12EB27D81D462FD0D86C0 ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 12:44:31.0229 4068 ETService - ok 12:44:31.0276 4068 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 12:44:31.0291 4068 EventSystem - ok 12:44:31.0323 4068 [ 82E7EB9F12321052CD9A904B13724EE2 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys 12:44:31.0323 4068 ewusbnet - ok 12:44:31.0385 4068 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 12:44:31.0385 4068 exfat - ok 12:44:31.0447 4068 Fabs - ok 12:44:31.0494 4068 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 12:44:31.0494 4068 fastfat - ok 12:44:31.0541 4068 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 12:44:31.0557 4068 fdc - ok 12:44:31.0603 4068 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 12:44:31.0603 4068 fdPHost - ok 12:44:31.0603 4068 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 12:44:31.0619 4068 FDResPub - ok 12:44:31.0619 4068 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 12:44:31.0619 4068 FileInfo - ok 12:44:31.0650 4068 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 12:44:31.0650 4068 Filetrace - ok 12:44:31.0744 4068 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe 12:44:31.0806 4068 FirebirdServerMAGIXInstance - ok 12:44:31.0822 4068 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 12:44:31.0822 4068 flpydisk - ok 12:44:31.0869 4068 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 12:44:31.0869 4068 FltMgr - ok 12:44:31.0915 4068 [ 27C75AC6D6FC808D8244D9C9CEA681D1 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys 12:44:31.0915 4068 fltsrv - ok 12:44:31.0993 4068 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 12:44:32.0025 4068 FontCache - ok 12:44:32.0071 4068 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 12:44:32.0071 4068 FontCache3.0.0.0 - ok 12:44:32.0103 4068 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 12:44:32.0103 4068 Fs_Rec - ok 12:44:32.0165 4068 [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys 12:44:32.0165 4068 FWLANUSB - ok 12:44:32.0212 4068 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 12:44:32.0212 4068 gagp30kx - ok 12:44:32.0259 4068 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 12:44:32.0290 4068 gpsvc - ok 12:44:32.0368 4068 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca6630c49e7455 C:\Program Files\Google\Update\GoogleUpdate.exe 12:44:32.0368 4068 gupdate1ca6630c49e7455 - ok 12:44:32.0368 4068 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 12:44:32.0383 4068 gupdatem - ok 12:44:32.0446 4068 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 12:44:32.0461 4068 gusvc - ok 12:44:32.0508 4068 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 12:44:32.0508 4068 HdAudAddService - ok 12:44:32.0571 4068 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 12:44:32.0571 4068 HDAudBus - ok 12:44:32.0586 4068 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 12:44:32.0602 4068 HidBth - ok 12:44:32.0617 4068 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 12:44:32.0617 4068 HidIr - ok 12:44:32.0649 4068 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 12:44:32.0649 4068 hidserv - ok 12:44:32.0680 4068 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 12:44:32.0680 4068 HidUsb - ok 12:44:32.0758 4068 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys 12:44:32.0758 4068 HipShieldK - ok 12:44:32.0805 4068 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 12:44:32.0805 4068 hkmsvc - ok 12:44:32.0820 4068 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 12:44:32.0820 4068 HpCISSs - ok 12:44:32.0945 4068 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 12:44:32.0961 4068 hpqcxs08 - ok 12:44:33.0007 4068 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 12:44:33.0007 4068 hpqddsvc - ok 12:44:33.0070 4068 [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 12:44:33.0101 4068 HPSLPSVC - ok 12:44:33.0163 4068 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 12:44:33.0163 4068 HSFHWAZL - ok 12:44:33.0226 4068 [ FADD7095163CB3CB4073793EBB50FE75 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 12:44:33.0241 4068 HSF_DPV - ok 12:44:33.0288 4068 [ 058783BEDD17615D1FECE09F77960436 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 12:44:33.0288 4068 HSXHWAZL - ok 12:44:33.0335 4068 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 12:44:33.0335 4068 HTTP - ok 12:44:33.0397 4068 [ 348C3A9D01E68A0222A246346924AA55 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 12:44:33.0397 4068 hwdatacard - ok 12:44:33.0429 4068 [ 460B1945C3E6B0419A76E1B507B90B71 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys 12:44:33.0429 4068 hwusbdev - ok 12:44:33.0460 4068 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 12:44:33.0460 4068 i2omp - ok 12:44:33.0522 4068 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 12:44:33.0522 4068 i8042prt - ok 12:44:33.0600 4068 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 12:44:33.0616 4068 IAANTMON - ok 12:44:33.0663 4068 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 12:44:33.0663 4068 iaStor - ok 12:44:33.0678 4068 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 12:44:33.0694 4068 iaStorV - ok 12:44:33.0772 4068 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 12:44:33.0787 4068 idsvc - ok 12:44:33.0897 4068 [ 33FFC1E1117C4BE00A07AEDD72AE68B1 ] IGBASVC C:\Program Files\Acer\Acer Bio Protection\BASVC.exe 12:44:33.0975 4068 IGBASVC - ok 12:44:34.0006 4068 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 12:44:34.0006 4068 iirsp - ok 12:44:34.0053 4068 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 12:44:34.0068 4068 IKEEXT - ok 12:44:34.0115 4068 [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15 C:\Windows\system32\drivers\int15.sys 12:44:34.0115 4068 int15 - ok 12:44:34.0209 4068 [ 219CA9A36D6DE2EC04F958C907673436 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 12:44:34.0240 4068 IntcAzAudAddService - ok 12:44:34.0287 4068 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 12:44:34.0287 4068 intelide - ok 12:44:34.0302 4068 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 12:44:34.0302 4068 intelppm - ok 12:44:34.0318 4068 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 12:44:34.0318 4068 IPBusEnum - ok 12:44:34.0333 4068 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:44:34.0333 4068 IpFilterDriver - ok 12:44:34.0349 4068 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 12:44:34.0365 4068 iphlpsvc - ok 12:44:34.0365 4068 IpInIp - ok 12:44:34.0396 4068 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 12:44:34.0396 4068 IPMIDRV - ok 12:44:34.0411 4068 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 12:44:34.0411 4068 IPNAT - ok 12:44:34.0427 4068 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 12:44:34.0427 4068 IRENUM - ok 12:44:34.0443 4068 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 12:44:34.0443 4068 isapnp - ok 12:44:34.0505 4068 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 12:44:34.0505 4068 iScsiPrt - ok 12:44:34.0521 4068 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 12:44:34.0521 4068 iteatapi - ok 12:44:34.0552 4068 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 12:44:34.0552 4068 iteraid - ok 12:44:34.0583 4068 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 12:44:34.0583 4068 kbdclass - ok 12:44:34.0599 4068 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 12:44:34.0599 4068 kbdhid - ok 12:44:34.0645 4068 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 12:44:34.0645 4068 KeyIso - ok 12:44:34.0677 4068 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 12:44:34.0692 4068 KSecDD - ok 12:44:34.0755 4068 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 12:44:34.0755 4068 KtmRm - ok 12:44:34.0786 4068 [ 86D7F66AC2C0123ED81B2F3E835845C2 ] L1E C:\Windows\system32\DRIVERS\L1E60x86.sys 12:44:34.0786 4068 L1E - ok 12:44:34.0817 4068 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 12:44:34.0864 4068 LanmanServer - ok 12:44:34.0911 4068 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 12:44:34.0911 4068 LightScribeService - ok 12:44:34.0911 4068 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 12:44:34.0911 4068 lltdio - ok 12:44:34.0957 4068 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 12:44:34.0957 4068 lltdsvc - ok 12:44:34.0973 4068 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 12:44:34.0973 4068 lmhosts - ok 12:44:35.0004 4068 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 12:44:35.0004 4068 LSI_FC - ok 12:44:35.0020 4068 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 12:44:35.0020 4068 LSI_SAS - ok 12:44:35.0067 4068 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 12:44:35.0067 4068 LSI_SCSI - ok 12:44:35.0098 4068 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 12:44:35.0098 4068 luafv - ok 12:44:35.0129 4068 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 12:44:35.0129 4068 MBAMProtector - ok 12:44:35.0191 4068 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 12:44:35.0207 4068 MBAMScheduler - ok 12:44:35.0238 4068 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 12:44:35.0254 4068 MBAMService - ok 12:44:35.0347 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 12:44:35.0347 4068 McAfee SiteAdvisor Service - ok 12:44:35.0472 4068 [ C58F15CD4EF79210455512CF0C449F39 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe 12:44:35.0488 4068 McComponentHostService - ok 12:44:35.0488 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 12:44:35.0488 4068 McMPFSvc - ok 12:44:35.0488 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 12:44:35.0488 4068 mcmscsvc - ok 12:44:35.0503 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 12:44:35.0503 4068 McNaiAnn - ok 12:44:35.0535 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 12:44:35.0535 4068 McNASvc - ok 12:44:35.0644 4068 [ C7DA06C9A9AEEFBE37AAC281EA6385D5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe 12:44:35.0644 4068 McODS - ok 12:44:35.0644 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 12:44:35.0644 4068 McProxy - ok 12:44:35.0691 4068 [ E2E5B3BE663570089F352D311B3D335F ] McPvDrv C:\Windows\system32\drivers\McPvDrv.sys 12:44:35.0691 4068 McPvDrv - ok 12:44:35.0722 4068 [ 6C2D89C52DA8592C57FB0DC7BAB36FF7 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 12:44:35.0737 4068 McShield - ok 12:44:35.0769 4068 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 12:44:35.0769 4068 Mcx2Svc - ok 12:44:35.0815 4068 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 12:44:35.0815 4068 mdmxsdk - ok 12:44:35.0878 4068 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 12:44:35.0878 4068 megasas - ok 12:44:35.0909 4068 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 12:44:35.0925 4068 MegaSR - ok 12:44:35.0956 4068 [ BA3004F4C0A0CD19DB9C2C0AB3A84EFE ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 12:44:35.0956 4068 mfeapfk - ok 12:44:35.0987 4068 [ 39C20B7D9AC19BFE616CA09DD3A240AF ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 12:44:35.0987 4068 mfeavfk - ok 12:44:36.0003 4068 [ E3470DECDA0A4015A0CA00ED645F2EBE ] mfebopk C:\Windows\system32\drivers\mfebopk.sys 12:44:36.0003 4068 mfebopk - ok 12:44:36.0034 4068 [ 4E13EA496E202BCB4FCC342D96FAF83A ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 12:44:36.0049 4068 mfefire - ok 12:44:36.0081 4068 [ C8AC8147E02ED8795E1FD946165BACCF ] mfefirek C:\Windows\system32\drivers\mfefirek.sys 12:44:36.0081 4068 mfefirek - ok 12:44:36.0127 4068 [ 7AAF92954D8D2801B17A1163C60ABFE9 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 12:44:36.0127 4068 mfehidk - ok 12:44:36.0159 4068 [ 62D55D882D58A1250348F324BC0AFC06 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys 12:44:36.0174 4068 mferkdet - ok 12:44:36.0205 4068 [ 82B7415D5A8FB24D3F6736400F5E1600 ] mfevtp C:\Windows\system32\mfevtps.exe 12:44:36.0205 4068 mfevtp - ok 12:44:36.0221 4068 [ 15F92BCD5CB189F5CC7D2F2381F179AC ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 12:44:36.0221 4068 mfewfpk - ok 12:44:36.0268 4068 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 12:44:36.0268 4068 MMCSS - ok 12:44:36.0299 4068 MobilityService - ok 12:44:36.0330 4068 [ 35176FA09A0FC58DB630991A81A0BA39 ] MOBKbackup C:\Program Files\McAfee Online Backup\MOBKbackup.exe 12:44:36.0330 4068 MOBKbackup - ok 12:44:36.0361 4068 [ E896775837A8BCE436348DF460522394 ] MOBKFilter C:\Windows\system32\DRIVERS\MOBK.sys 12:44:36.0361 4068 MOBKFilter - ok 12:44:36.0393 4068 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 12:44:36.0393 4068 Modem - ok 12:44:36.0408 4068 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 12:44:36.0408 4068 monitor - ok 12:44:36.0424 4068 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 12:44:36.0424 4068 mouclass - ok 12:44:36.0439 4068 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 12:44:36.0439 4068 mouhid - ok 12:44:36.0455 4068 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 12:44:36.0455 4068 MountMgr - ok 12:44:36.0549 4068 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 12:44:36.0549 4068 MozillaMaintenance - ok 12:44:36.0564 4068 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 12:44:36.0564 4068 mpio - ok 12:44:36.0580 4068 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 12:44:36.0580 4068 mpsdrv - ok 12:44:36.0627 4068 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 12:44:36.0627 4068 MpsSvc - ok 12:44:36.0673 4068 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 12:44:36.0673 4068 Mraid35x - ok 12:44:36.0689 4068 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 12:44:36.0689 4068 MRxDAV - ok 12:44:36.0705 4068 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 12:44:36.0705 4068 mrxsmb - ok 12:44:36.0751 4068 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:44:36.0751 4068 mrxsmb10 - ok 12:44:36.0767 4068 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:44:36.0767 4068 mrxsmb20 - ok 12:44:36.0783 4068 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 12:44:36.0783 4068 msahci - ok 12:44:36.0814 4068 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 12:44:36.0814 4068 msdsm - ok 12:44:36.0861 4068 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 12:44:36.0861 4068 MSDTC - ok 12:44:36.0876 4068 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 12:44:36.0876 4068 Msfs - ok 12:44:36.0892 4068 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 12:44:36.0892 4068 msisadrv - ok 12:44:36.0923 4068 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 12:44:36.0923 4068 MSiSCSI - ok 12:44:36.0923 4068 msiserver - ok 12:44:36.0954 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 12:44:36.0954 4068 MSK80Service - ok 12:44:36.0970 4068 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 12:44:36.0970 4068 MSKSSRV - ok 12:44:36.0985 4068 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 12:44:36.0985 4068 MSPCLOCK - ok 12:44:36.0985 4068 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 12:44:36.0985 4068 MSPQM - ok 12:44:37.0032 4068 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 12:44:37.0032 4068 MsRPC - ok 12:44:37.0048 4068 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 12:44:37.0048 4068 mssmbios - ok 12:44:37.0063 4068 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 12:44:37.0079 4068 MSTEE - ok 12:44:37.0110 4068 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 12:44:37.0110 4068 Mup - ok 12:44:37.0188 4068 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 12:44:37.0204 4068 napagent - ok 12:44:37.0235 4068 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 12:44:37.0235 4068 NativeWifiP - ok 12:44:37.0344 4068 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe 12:44:37.0360 4068 NAUpdate - ok 12:44:37.0407 4068 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 12:44:37.0422 4068 NDIS - ok 12:44:37.0453 4068 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 12:44:37.0453 4068 NdisTapi - ok 12:44:37.0469 4068 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 12:44:37.0469 4068 Ndisuio - ok 12:44:37.0500 4068 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 12:44:37.0500 4068 NdisWan - ok 12:44:37.0516 4068 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 12:44:37.0516 4068 NDProxy - ok 12:44:37.0563 4068 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 12:44:37.0563 4068 Net Driver HPZ12 - ok 12:44:37.0578 4068 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 12:44:37.0578 4068 NetBIOS - ok 12:44:37.0609 4068 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 12:44:37.0609 4068 netbt - ok 12:44:37.0625 4068 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 12:44:37.0625 4068 Netlogon - ok 12:44:37.0687 4068 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 12:44:37.0687 4068 Netman - ok 12:44:37.0765 4068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:44:37.0828 4068 NetMsmqActivator - ok 12:44:37.0828 4068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:44:37.0828 4068 NetPipeActivator - ok 12:44:37.0843 4068 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 12:44:37.0859 4068 netprofm - ok 12:44:37.0875 4068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:44:37.0875 4068 NetTcpActivator - ok 12:44:37.0890 4068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:44:37.0890 4068 NetTcpPortSharing - ok 12:44:37.0999 4068 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys 12:44:38.0015 4068 NETw5v32 - ok 12:44:38.0031 4068 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 12:44:38.0031 4068 nfrd960 - ok 12:44:38.0062 4068 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 12:44:38.0062 4068 NlaSvc - ok 12:44:38.0109 4068 [ F01C0516A88FFC54D891475947B96A7A ] nlsX86cc C:\Windows\system32\NLSSRV32.EXE 12:44:38.0124 4068 nlsX86cc - ok 12:44:38.0155 4068 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 12:44:38.0155 4068 Npfs - ok 12:44:38.0187 4068 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 12:44:38.0187 4068 nsi - ok 12:44:38.0202 4068 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 12:44:38.0202 4068 nsiproxy - ok 12:44:38.0249 4068 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 12:44:38.0280 4068 Ntfs - ok 12:44:38.0327 4068 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 12:44:38.0327 4068 NTIBackupSvc - ok 12:44:38.0374 4068 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys 12:44:38.0374 4068 NTIDrvr - ok 12:44:38.0467 4068 [ 547BFA3591C70674B0BFC99354AB78B3 ] NTIPPKernel C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys 12:44:38.0467 4068 NTIPPKernel - ok 12:44:38.0499 4068 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 12:44:38.0499 4068 NTISchedulerSvc - ok 12:44:38.0530 4068 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 12:44:38.0530 4068 ntrigdigi - ok 12:44:38.0545 4068 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 12:44:38.0545 4068 Null - ok 12:44:38.0577 4068 [ 2C7AC27710E8D41C1EB7D1599187D237 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys 12:44:38.0577 4068 NVHDA - ok 12:44:38.0748 4068 [ CB0D6F8F65B8766FF2AAAA78881FD9F8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 12:44:38.0889 4068 nvlddmkm - ok 12:44:38.0935 4068 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 12:44:38.0935 4068 nvraid - ok 12:44:38.0967 4068 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 12:44:38.0967 4068 nvstor - ok 12:44:38.0998 4068 [ 15315BB51E9025FE41B482681C6E7BA2 ] nvsvc C:\Windows\system32\nvvsvc.exe 12:44:38.0998 4068 nvsvc - ok 12:44:39.0029 4068 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 12:44:39.0029 4068 nv_agp - ok 12:44:39.0029 4068 NwlnkFlt - ok 12:44:39.0029 4068 NwlnkFwd - ok 12:44:39.0076 4068 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 12:44:39.0076 4068 ohci1394 - ok 12:44:39.0138 4068 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:44:39.0154 4068 ose - ok 12:44:39.0201 4068 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 12:44:39.0216 4068 p2pimsvc - ok 12:44:39.0232 4068 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 12:44:39.0232 4068 p2psvc - ok 12:44:39.0263 4068 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 12:44:39.0263 4068 Parport - ok 12:44:39.0294 4068 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 12:44:39.0294 4068 partmgr - ok 12:44:39.0325 4068 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 12:44:39.0325 4068 Parvdm - ok 12:44:39.0357 4068 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 12:44:39.0357 4068 PcaSvc - ok 12:44:39.0388 4068 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 12:44:39.0388 4068 pci - ok 12:44:39.0419 4068 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 12:44:39.0419 4068 pciide - ok 12:44:39.0435 4068 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 12:44:39.0435 4068 pcmcia - ok 12:44:39.0513 4068 [ BC0226AAA30602FAE30DA145E83E0C09 ] PDF Suite 2012 Helper Service C:\Program Files\PDF Suite 2012\HelperService.exe 12:44:39.0544 4068 PDF Suite 2012 Helper Service - ok 12:44:39.0575 4068 [ 7D35111BA7E38B9C0842939A023BF560 ] PDF Suite 2012 Service C:\Program Files\PDF Suite 2012\ConversionService.exe 12:44:39.0591 4068 PDF Suite 2012 Service - ok 12:44:39.0637 4068 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 12:44:39.0653 4068 PEAUTH - ok 12:44:39.0731 4068 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 12:44:39.0778 4068 pla - ok 12:44:39.0809 4068 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 12:44:39.0856 4068 PlugPlay - ok 12:44:39.0887 4068 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 12:44:39.0887 4068 Pml Driver HPZ12 - ok 12:44:39.0903 4068 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 12:44:39.0918 4068 PNRPAutoReg - ok 12:44:39.0934 4068 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 12:44:39.0949 4068 PNRPsvc - ok 12:44:39.0981 4068 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 12:44:39.0981 4068 PolicyAgent - ok 12:44:40.0043 4068 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 12:44:40.0043 4068 PptpMiniport - ok 12:44:40.0059 4068 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 12:44:40.0059 4068 Processor - ok 12:44:40.0090 4068 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 12:44:40.0090 4068 ProfSvc - ok 12:44:40.0105 4068 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 12:44:40.0105 4068 ProtectedStorage - ok 12:44:40.0137 4068 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 12:44:40.0137 4068 PSched - ok 12:44:40.0137 4068 [ 1DCBB35090CC4B2BD3D661E6089523C6 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys 12:44:40.0152 4068 PSDFilter - ok 12:44:40.0152 4068 [ E26E46D619469964AC3609620F443867 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys 12:44:40.0152 4068 PSDNServ - ok 12:44:40.0168 4068 [ 3E1D134AF2806867D06047C4CC33CC65 ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys 12:44:40.0168 4068 psdvdisk - ok 12:44:40.0199 4068 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 12:44:40.0199 4068 PSI_SVC_2 - ok 12:44:40.0230 4068 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 12:44:40.0230 4068 PxHelp20 - ok 12:44:40.0293 4068 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 12:44:40.0324 4068 ql2300 - ok 12:44:40.0371 4068 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 12:44:40.0371 4068 ql40xx - ok 12:44:40.0402 4068 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 12:44:40.0402 4068 QWAVE - ok 12:44:40.0417 4068 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 12:44:40.0433 4068 QWAVEdrv - ok 12:44:40.0449 4068 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 12:44:40.0449 4068 RasAcd - ok 12:44:40.0464 4068 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 12:44:40.0464 4068 RasAuto - ok 12:44:40.0480 4068 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 12:44:40.0480 4068 Rasl2tp - ok 12:44:40.0511 4068 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 12:44:40.0527 4068 RasMan - ok 12:44:40.0558 4068 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 12:44:40.0558 4068 RasPppoe - ok 12:44:40.0589 4068 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 12:44:40.0589 4068 RasSstp - ok 12:44:40.0620 4068 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 12:44:40.0620 4068 rdbss - ok 12:44:40.0651 4068 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 12:44:40.0651 4068 RDPCDD - ok 12:44:40.0683 4068 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 12:44:40.0683 4068 rdpdr - ok 12:44:40.0683 4068 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 12:44:40.0683 4068 RDPENCDD - ok 12:44:40.0729 4068 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 12:44:40.0729 4068 RDPWD - ok 12:44:40.0792 4068 [ 24D3B49DAB660A8B8AFA40240E735E24 ] regi C:\Windows\system32\drivers\regi.sys 12:44:40.0792 4068 regi - ok 12:44:40.0870 4068 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 12:44:40.0870 4068 RemoteAccess - ok 12:44:40.0917 4068 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 12:44:40.0917 4068 RemoteRegistry - ok 12:44:40.0948 4068 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 12:44:40.0948 4068 RpcLocator - ok 12:44:41.0010 4068 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 12:44:41.0010 4068 RpcSs - ok 12:44:41.0041 4068 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 12:44:41.0041 4068 rspndr - ok 12:44:41.0119 4068 [ 73835C4F79ADC404EF39C8A9E2D4183B ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe 12:44:41.0119 4068 RS_Service - ok 12:44:41.0135 4068 [ 7A4F79DF3793160B280CDE152B61FE33 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS 12:44:41.0135 4068 RTSTOR - ok 12:44:41.0151 4068 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 12:44:41.0151 4068 SamSs - ok 12:44:41.0166 4068 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 12:44:41.0166 4068 sbp2port - ok 12:44:41.0197 4068 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 12:44:41.0213 4068 SCardSvr - ok 12:44:41.0260 4068 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 12:44:41.0275 4068 Schedule - ok 12:44:41.0307 4068 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 12:44:41.0307 4068 SCPolicySvc - ok 12:44:41.0353 4068 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 12:44:41.0369 4068 SDRSVC - ok 12:44:41.0385 4068 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 12:44:41.0385 4068 secdrv - ok 12:44:41.0400 4068 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 12:44:41.0400 4068 seclogon - ok 12:44:41.0400 4068 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll 12:44:41.0416 4068 SENS - ok 12:44:41.0447 4068 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 12:44:41.0447 4068 Serenum - ok 12:44:41.0463 4068 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 12:44:41.0463 4068 Serial - ok 12:44:41.0478 4068 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 12:44:41.0478 4068 sermouse - ok 12:44:41.0525 4068 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 12:44:41.0525 4068 SessionEnv - ok 12:44:41.0541 4068 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 12:44:41.0541 4068 sffdisk - ok 12:44:41.0572 4068 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 12:44:41.0587 4068 sffp_mmc - ok 12:44:41.0587 4068 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 12:44:41.0603 4068 sffp_sd - ok 12:44:41.0619 4068 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 12:44:41.0619 4068 sfloppy - ok 12:44:41.0650 4068 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 12:44:41.0665 4068 SharedAccess - ok 12:44:41.0697 4068 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 12:44:41.0712 4068 ShellHWDetection - ok 12:44:41.0728 4068 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 12:44:41.0728 4068 sisagp - ok 12:44:41.0743 4068 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 12:44:41.0743 4068 SiSRaid2 - ok 12:44:41.0775 4068 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 12:44:41.0775 4068 SiSRaid4 - ok 12:44:41.0884 4068 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 12:44:41.0962 4068 slsvc - ok 12:44:41.0993 4068 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 12:44:41.0993 4068 SLUINotify - ok 12:44:42.0040 4068 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 12:44:42.0040 4068 Smb - ok 12:44:42.0071 4068 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 12:44:42.0087 4068 SNMPTRAP - ok 12:44:42.0087 4068 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 12:44:42.0087 4068 spldr - ok 12:44:42.0118 4068 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 12:44:42.0118 4068 Spooler - ok 12:44:42.0165 4068 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 12:44:42.0165 4068 srv - ok 12:44:42.0211 4068 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 12:44:42.0211 4068 srv2 - ok 12:44:42.0243 4068 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 12:44:42.0243 4068 srvnet - ok 12:44:42.0289 4068 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 12:44:42.0289 4068 SSDPSRV - ok 12:44:42.0305 4068 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 12:44:42.0321 4068 SstpSvc - ok 12:44:42.0352 4068 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 12:44:42.0352 4068 StillCam - ok 12:44:42.0399 4068 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 12:44:42.0414 4068 stisvc - ok 12:44:42.0445 4068 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 12:44:42.0445 4068 swenum - ok 12:44:42.0492 4068 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 12:44:42.0492 4068 swprv - ok 12:44:42.0523 4068 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 12:44:42.0523 4068 Symc8xx - ok 12:44:42.0539 4068 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 12:44:42.0539 4068 Sym_hi - ok 12:44:42.0555 4068 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 12:44:42.0555 4068 Sym_u3 - ok 12:44:42.0617 4068 [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 12:44:42.0617 4068 SynTP - ok 12:44:42.0664 4068 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 12:44:42.0679 4068 SysMain - ok 12:44:42.0726 4068 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 12:44:42.0726 4068 TabletInputService - ok 12:44:42.0757 4068 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 12:44:42.0773 4068 TapiSrv - ok 12:44:42.0789 4068 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 12:44:42.0789 4068 TBS - ok 12:44:42.0835 4068 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 12:44:42.0851 4068 Tcpip - ok 12:44:42.0867 4068 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 12:44:42.0867 4068 Tcpip6 - ok 12:44:42.0898 4068 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 12:44:42.0898 4068 tcpipreg - ok 12:44:42.0929 4068 [ 72B9E77565DA5FA564581976E000D29B ] TcUsb C:\Windows\system32\Drivers\tcusb.sys 12:44:42.0945 4068 TcUsb - ok 12:44:42.0976 4068 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 12:44:42.0976 4068 TDPIPE - ok 12:44:43.0007 4068 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 12:44:43.0007 4068 TDTCP - ok 12:44:43.0038 4068 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 12:44:43.0038 4068 tdx - ok 12:44:43.0179 4068 [ 3E85BDD019E3DB66D9471DAD7FD6A887 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe 12:44:43.0257 4068 TeamViewer7 - ok 12:44:43.0288 4068 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 12:44:43.0288 4068 TermDD - ok 12:44:43.0319 4068 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 12:44:43.0335 4068 TermService - ok 12:44:43.0350 4068 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 12:44:43.0350 4068 Themes - ok 12:44:43.0366 4068 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 12:44:43.0366 4068 THREADORDER - ok 12:44:43.0397 4068 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 12:44:43.0413 4068 TrkWks - ok 12:44:43.0475 4068 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 12:44:43.0475 4068 TrustedInstaller - ok 12:44:43.0522 4068 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 12:44:43.0522 4068 tssecsrv - ok 12:44:43.0537 4068 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 12:44:43.0553 4068 tunmp - ok 12:44:43.0584 4068 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 12:44:43.0584 4068 tunnel - ok 12:44:43.0615 4068 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 12:44:43.0615 4068 uagp35 - ok 12:44:43.0631 4068 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 12:44:43.0631 4068 UBHelper - ok 12:44:43.0678 4068 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 12:44:43.0693 4068 udfs - ok 12:44:43.0709 4068 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 12:44:43.0709 4068 UI0Detect - ok 12:44:43.0725 4068 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 12:44:43.0725 4068 uliagpkx - ok 12:44:43.0771 4068 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 12:44:43.0771 4068 uliahci - ok 12:44:43.0787 4068 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 12:44:43.0787 4068 UlSata - ok 12:44:43.0818 4068 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 12:44:43.0818 4068 ulsata2 - ok 12:44:43.0834 4068 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 12:44:43.0834 4068 umbus - ok 12:44:43.0849 4068 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 12:44:43.0865 4068 upnphost - ok 12:44:43.0974 4068 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe 12:44:43.0974 4068 UPnPService - ok 12:44:44.0037 4068 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 12:44:44.0037 4068 usbaudio - ok 12:44:44.0068 4068 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 12:44:44.0068 4068 usbccgp - ok 12:44:44.0083 4068 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 12:44:44.0083 4068 usbcir - ok 12:44:44.0115 4068 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 12:44:44.0115 4068 usbehci - ok 12:44:44.0146 4068 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 12:44:44.0146 4068 usbhub - ok 12:44:44.0177 4068 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 12:44:44.0177 4068 usbohci - ok 12:44:44.0224 4068 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 12:44:44.0224 4068 usbprint - ok 12:44:44.0239 4068 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 12:44:44.0239 4068 usbscan - ok 12:44:44.0271 4068 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:44:44.0271 4068 USBSTOR - ok 12:44:44.0271 4068 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 12:44:44.0271 4068 usbuhci - ok 12:44:44.0317 4068 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 12:44:44.0317 4068 usbvideo - ok 12:44:44.0333 4068 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 12:44:44.0349 4068 UxSms - ok 12:44:44.0380 4068 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 12:44:44.0395 4068 vds - ok 12:44:44.0427 4068 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 12:44:44.0427 4068 vga - ok 12:44:44.0458 4068 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 12:44:44.0458 4068 VgaSave - ok 12:44:44.0489 4068 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 12:44:44.0489 4068 viaagp - ok 12:44:44.0520 4068 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 12:44:44.0520 4068 ViaC7 - ok 12:44:44.0536 4068 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 12:44:44.0536 4068 viaide - ok 12:44:44.0551 4068 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 12:44:44.0551 4068 volmgr - ok 12:44:44.0567 4068 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 12:44:44.0583 4068 volmgrx - ok 12:44:44.0614 4068 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 12:44:44.0614 4068 volsnap - ok 12:44:44.0645 4068 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 12:44:44.0645 4068 vsmraid - ok 12:44:44.0692 4068 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 12:44:44.0723 4068 VSS - ok 12:44:44.0723 4068 vToolbarUpdater14.0.1 - ok 12:44:44.0770 4068 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 12:44:44.0770 4068 W32Time - ok 12:44:44.0801 4068 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 12:44:44.0801 4068 WacomPen - ok 12:44:44.0817 4068 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 12:44:44.0817 4068 Wanarp - ok 12:44:44.0832 4068 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 12:44:44.0832 4068 Wanarpv6 - ok 12:44:44.0848 4068 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 12:44:44.0863 4068 wcncsvc - ok 12:44:44.0910 4068 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 12:44:44.0910 4068 WcsPlugInService - ok 12:44:44.0926 4068 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 12:44:44.0926 4068 Wd - ok 12:44:44.0973 4068 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 12:44:44.0988 4068 Wdf01000 - ok 12:44:45.0004 4068 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 12:44:45.0004 4068 WdiServiceHost - ok 12:44:45.0004 4068 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 12:44:45.0019 4068 WdiSystemHost - ok 12:44:45.0051 4068 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 12:44:45.0066 4068 WebClient - ok 12:44:45.0082 4068 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 12:44:45.0097 4068 Wecsvc - ok 12:44:45.0097 4068 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 12:44:45.0113 4068 wercplsupport - ok 12:44:45.0144 4068 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 12:44:45.0160 4068 WerSvc - ok 12:44:45.0191 4068 [ BB9CBAF6AC20452B245C324F1F50EE81 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 12:44:45.0207 4068 winachsf - ok 12:44:45.0238 4068 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys 12:44:45.0253 4068 winbondcir - ok 12:44:45.0300 4068 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 12:44:45.0300 4068 WinDefend - ok 12:44:45.0316 4068 WinHttpAutoProxySvc - ok 12:44:45.0363 4068 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 12:44:45.0394 4068 Winmgmt - ok 12:44:45.0441 4068 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 12:44:45.0472 4068 WinRM - ok 12:44:45.0519 4068 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 12:44:45.0550 4068 Wlansvc - ok 12:44:45.0565 4068 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 12:44:45.0565 4068 WmiAcpi - ok 12:44:45.0597 4068 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 12:44:45.0612 4068 wmiApSrv - ok 12:44:45.0675 4068 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 12:44:45.0690 4068 WMPNetworkSvc - ok 12:44:45.0737 4068 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 12:44:45.0737 4068 WPCSvc - ok 12:44:45.0768 4068 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 12:44:45.0768 4068 WPDBusEnum - ok 12:44:45.0877 4068 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 12:44:45.0893 4068 WPFFontCache_v0400 - ok 12:44:45.0924 4068 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 12:44:45.0924 4068 ws2ifsl - ok 12:44:45.0971 4068 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 12:44:45.0987 4068 wscsvc - ok 12:44:45.0987 4068 WSearch - ok 12:44:46.0065 4068 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 12:44:46.0111 4068 wuauserv - ok 12:44:46.0143 4068 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 12:44:46.0143 4068 WudfPf - ok 12:44:46.0189 4068 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 12:44:46.0189 4068 WUDFRd - ok 12:44:46.0221 4068 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 12:44:46.0236 4068 wudfsvc - ok 12:44:46.0283 4068 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 12:44:46.0283 4068 XAudio - ok 12:44:46.0299 4068 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 12:44:46.0314 4068 XAudioService - ok 12:44:46.0392 4068 [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl 12:44:46.0392 4068 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok 12:44:46.0392 4068 ================ Scan global =============================== 12:44:46.0423 4068 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 12:44:46.0455 4068 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 12:44:46.0486 4068 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 12:44:46.0533 4068 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 12:44:46.0533 4068 [Global] - ok 12:44:46.0533 4068 ================ Scan MBR ================================== 12:44:46.0548 4068 [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0 12:44:47.0359 4068 \Device\Harddisk0\DR0 - ok 12:44:47.0375 4068 [ E9BE5483500F315282A7234A18B73E9B ] \Device\Harddisk1\DR1 12:44:49.0653 4068 \Device\Harddisk1\DR1 - ok 12:44:50.0401 4068 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2 12:44:50.0433 4068 \Device\Harddisk2\DR2 - ok 12:44:50.0433 4068 ================ Scan VBR ================================== 12:44:50.0448 4068 [ BDD6862677E238E07E74858BBCA6E6A3 ] \Device\Harddisk0\DR0\Partition1 12:44:50.0448 4068 \Device\Harddisk0\DR0\Partition1 - ok 12:44:50.0495 4068 [ 6B1530724991C27B9AEF834D53379547 ] \Device\Harddisk0\DR0\Partition2 12:44:50.0495 4068 \Device\Harddisk0\DR0\Partition2 - ok 12:44:50.0495 4068 [ C9587E5D5A45E683EEE2323DA746BDF3 ] \Device\Harddisk1\DR1\Partition1 12:44:50.0495 4068 \Device\Harddisk1\DR1\Partition1 - ok 12:44:50.0854 4068 [ F0DC43D9C09752D49CF40F8E0ABA159B ] \Device\Harddisk1\DR1\Partition2 12:44:50.0854 4068 \Device\Harddisk1\DR1\Partition2 - ok 12:44:50.0869 4068 [ 19D104DE6AF6263314901D3275C82669 ] \Device\Harddisk1\DR1\Partition3 12:44:50.0869 4068 \Device\Harddisk1\DR1\Partition3 - ok 12:44:50.0885 4068 [ 3DD97BF38586746C0CD7FFB12981FA3A ] \Device\Harddisk2\DR2\Partition1 12:44:50.0885 4068 \Device\Harddisk2\DR2\Partition1 - ok 12:44:50.0885 4068 ============================================================ 12:44:50.0885 4068 Scan finished 12:44:50.0885 4068 ============================================================ 12:44:50.0885 2292 Detected object count: 0 12:44:50.0885 2292 Actual detected object count: 0 12:47:32.0579 2168 Deinitialize success Übrigens: bei TDSS Killer.exe scheint es eine neue Version zu geben - oder liegt es daran, dass nichts "Schlimmes" gefunden wurde? Jedenfalls habe ich die Buttons "Cure" und "Skip" nicht gesehen. Gruß Urflamingo |
09.02.2013, 15:19 | #8 |
/// TB-Ausbilder | Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Servus, ok, danke für die Rückmeldung. Wir machen zuerst einen kleinen Fix mit OTL und schauen anschließend mit FRST "von außen" auf dein System, evtl. seh ich so etwas. OTL im abgesicherten Modus ausführen. Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1) [2010.11.12 17:43:05 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\support@predictad.com O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. :commands [Emptytemp]
Schritt 2 Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
Bitte poste mit deiner nächsten Antwort
|
09.02.2013, 18:15 | #9 |
| Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Servus Matthias, diesmal ging leider gar nichts. Ich bin überhaupt nicht zurechtgekommen. Schritt 1: OTL Nach dem "Fix-Befehl" verschwand unmittelbar der gesamte Code bis auf die letzte Zeile mit empty temp. Und sofort hat sich der PC aufgehängt. Unter OTL\Moved Files\ gibt es einen Datum-Uhrzeit-Ordner und danach/dahinter noch etliche andere Ordner (urflamingo, AppData, Roaming etc) Eine .txt Datei habe ich jedoch nicht gefunden. Schritt 2: FRST Computer reparieren mit F8 hat funktioniert. Dann kam "Select a keyboard layout" (German eingestellt). Dann Login als urflamingo (Habe auch Admin-Rechte). Dann: Choose a recovery tool --- Startup Repair (automatically fix problems that are preventing Windows from Starting; das habe ich ausgeführt; Ergebnis: es gibt keine Probleme) --- System Restore (restore Windows to an earlier point of time) --- Windows Complete PC Restore (Restore your entire Computer from a Backup) --- Windows Memory Diagnostic Tool (Check your Computer for memory HW errors) --- Command Prompt (Open a command prompt window) Darunter gibt es 2 Buttons: Shut Down und Restart Die angesprochene "Eingabeaufforderung" oder eine andere entsprechende Fortsetzungs-Möglichkeit habe ich nicht gefunden. Hast Du eine Idee, wie wir weiterkommen können? Gruß urflamingo PS: Ist das "Command Prompt" evtl. das von Dir gemeinte Eingabe-Feld? |
09.02.2013, 19:42 | #10 |
/// TB-Ausbilder | Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Servus, wähle Command Prompt. Das entspricht der deutschen Eingabeaufforderung. |
09.02.2013, 20:41 | #11 |
| Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Hallo Matthias, hier der Inhalt der FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-02-2013 Ran by urflamingo at 09-02-2013 20:33:20 Running from F:\ Service Pack 2 (X86) OS Language: German Standard Attention: Could not load system hive. FEHLER: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY. ==================== One Month Created Files and Folders ======== 2013-02-09 18:57 - 2013-02-09 18:57 - 00042254 ____A C:\Users\urflamingo\Downloads\Aktivierungshinweise_Gold_Mitgliedschaft.zip 2013-02-09 16:43 - 2013-02-09 16:43 - 00000000 ___DC C:\_OTL 2013-02-09 12:32 - 2013-02-09 12:32 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller (1).exe 2013-02-09 12:31 - 2013-02-09 12:31 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller.exe 2013-02-09 12:26 - 2013-02-09 12:27 - 04732416 ____A (AVAST Software) C:\Users\urflamingo\Downloads\aswMBR.exe 2013-02-08 20:34 - 2013-02-08 20:34 - 00000000 ____D C:\Users\urflamingo\Downloads\covertplayer_pro 2013-02-08 14:40 - 2013-02-08 14:40 - 00026095 ___AC C:\ComboFix.txt 2013-02-08 13:54 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe 2013-02-08 13:54 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe 2013-02-08 13:54 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-02-08 13:54 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-02-08 13:54 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-02-08 13:54 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe 2013-02-08 13:54 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe 2013-02-08 13:54 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe 2013-02-08 13:43 - 2013-02-08 14:40 - 00000000 ___DC C:\Qoobox 2013-02-08 13:42 - 2013-02-08 14:38 - 00000000 ____D C:\Windows\erdnt 2013-02-08 13:41 - 2013-02-08 13:41 - 05030592 ___RA (Swearware) C:\Users\urflamingo\Downloads\ComboFix.exe 2013-02-08 00:02 - 2013-02-08 00:02 - 00001199 ___AC C:\AdwCleaner[R1].txt 2013-02-07 23:10 - 2013-02-07 23:10 - 00582209 ____A C:\Users\urflamingo\Downloads\adwcleaner.exe 2013-02-07 23:07 - 2013-02-07 23:07 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE(1).exe 2013-02-07 23:06 - 2013-02-07 23:06 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE.exe 2013-02-07 23:06 - 2013-02-07 23:06 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-02-07 22:54 - 2013-02-07 22:54 - 00060754 ____A C:\Users\urflamingo\Desktop\JRT.txt 2013-02-07 22:50 - 2013-02-07 22:50 - 00000000 ____D C:\Windows\ERUNT 2013-02-07 22:48 - 2013-02-07 22:48 - 00000000 ___DC C:\JRT 2013-02-07 22:47 - 2013-02-07 22:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\Nicht bestätigt 518278.crdownload 2013-02-07 22:46 - 2013-02-07 22:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\JRT.exe 2013-02-07 21:05 - 2013-02-07 21:05 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1 (1).txt 2013-02-07 21:04 - 2013-02-07 21:04 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1.txt 2013-02-07 14:57 - 2013-02-07 14:57 - 00097512 ____A C:\Users\urflamingo\Downloads\Extras.Txt 2013-02-07 14:56 - 2013-02-09 16:33 - 00157902 ____A C:\Users\urflamingo\Downloads\OTL.Txt 2013-02-07 14:40 - 2013-02-07 14:40 - 00365568 ____A C:\Users\urflamingo\Downloads\gmer_2.0.18454.exe 2013-02-07 14:19 - 2013-02-07 14:19 - 00602112 ____A (OldTimer Tools) C:\Users\urflamingo\Downloads\OTL.exe 2013-02-07 14:14 - 2013-02-07 14:15 - 00000482 ____A C:\Users\urflamingo\Downloads\defogger_disable.log 2013-02-07 14:14 - 2013-02-07 14:14 - 00000000 ____A C:\Users\urflamingo\defogger_reenable 2013-02-07 14:12 - 2013-02-07 14:13 - 00050477 ____A C:\Users\urflamingo\Downloads\Defogger.exe 2013-02-07 00:22 - 2013-02-07 00:22 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-02-07 00:21 - 2012-12-14 16:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-02-06 21:56 - 2013-02-07 00:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Malwarebytes 2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\All Users\Malwarebytes 2013-02-06 21:54 - 2013-02-06 21:54 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\urflamingo\Downloads\mbam-setup-1.70.0.1100.exe 2013-02-06 18:51 - 2013-02-06 18:54 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-02-05 18:31 - 2013-02-05 18:31 - 00351281 ____A C:\Users\urflamingo\Downloads\covertplayer_pro.zip 2013-02-05 18:10 - 2013-02-05 18:11 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\vlc 2013-02-05 18:09 - 2013-02-05 18:09 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-02-05 18:08 - 2013-02-05 18:08 - 00000000 ____D C:\Program Files\VideoLAN 2013-02-05 18:07 - 2013-02-05 18:07 - 22916830 ____A C:\Users\urflamingo\Downloads\vlc-2.0.5-win32.exe 2013-02-03 12:05 - 2013-02-03 12:04 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-02-03 12:05 - 2013-02-03 12:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-02-03 12:05 - 2013-02-03 12:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-02-03 12:05 - 2013-02-03 12:04 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-01-31 17:39 - 2013-01-31 17:39 - 00001875 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-01-30 23:42 - 2013-01-30 23:42 - 00000840 ____A C:\Users\urflamingo\Desktop\CdCoverCreator.lnk 2013-01-30 23:42 - 2013-01-30 23:42 - 00000000 ____D C:\Program Files\CdCoverCreator 2013-01-30 23:41 - 2013-01-30 23:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3 (1).exe 2013-01-30 23:40 - 2013-01-30 23:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3.exe 2013-01-30 23:39 - 2013-01-30 23:39 - 00970480 ____A C:\Users\urflamingo\Downloads\setup (3).exe 2013-01-30 23:23 - 2013-01-30 23:23 - 00581184 ____A (www.download-sponsor.de) C:\Users\urflamingo\Downloads\Nicht bestätigt 154015.crdownload 2013-01-30 23:18 - 2013-01-30 23:18 - 00000756 ____A C:\Users\urflamingo\Desktop\MiPony.lnk 2013-01-30 23:18 - 2013-01-30 23:18 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\DSite 2013-01-30 23:17 - 2013-01-30 23:17 - 00663824 ____A C:\Users\urflamingo\Downloads\DownloadAcceleratorSetup.exe 2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c.exe 2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c (1).exe 2013-01-30 16:25 - 2013-01-30 16:25 - 00000000 ____D C:\Users\urflamingo\Corel 2013-01-30 16:19 - 2013-01-30 16:19 - 00000040 ___AH C:\Windows\System32\ivireg.ivr 2013-01-30 16:18 - 2013-01-30 16:18 - 00001734 ____A C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk 2013-01-30 16:18 - 2010-11-16 16:24 - 00013880 ____A (InterVideo) C:\Windows\System32\Drivers\regi.sys 2013-01-30 16:04 - 2013-01-30 16:06 - 123908088 ____A (Acresso Software Inc.) C:\Users\urflamingo\Downloads\WinDVD11_Pro_TBYB.exe 2013-01-28 19:05 - 2013-01-28 19:05 - 00000000 ____D C:\Users\urflamingo\Documents\Nero 2013-01-28 19:04 - 2013-01-30 19:29 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2013-01-28 19:01 - 2013-01-28 19:01 - 00000000 ____D C:\Program Files\Common Files\Nero 2013-01-28 19:00 - 2013-01-28 19:03 - 00000000 ____D C:\Users\All Users\Nero 2013-01-28 18:57 - 2013-01-28 19:03 - 00000000 ____D C:\Program Files\Nero 2013-01-28 13:29 - 2013-01-28 13:29 - 00803471 ____A C:\Users\urflamingo\Downloads\label.psd 2013-01-25 19:30 - 2013-01-25 19:32 - 00000000 ____D C:\Users\urflamingo\Downloads\WP Plugins Chrisler Azon 2013-01-25 13:52 - 2013-01-25 13:52 - 08507373 ____A C:\Users\urflamingo\Downloads\pitch_me_your_idea_2003_2493.zip 2013-01-22 21:21 - 2013-01-22 21:21 - 00000000 ____D C:\Users\urflamingo\Documents\Recordpad 2013-01-19 19:19 - 2013-01-19 19:22 - 90257957 ____A C:\Users\urflamingo\Downloads\LeadGenTsunami.mp4 2013-01-19 17:41 - 2013-01-19 17:41 - 03041739 ____A C:\Users\urflamingo\Downloads\quiz2.zip 2013-01-19 17:40 - 2013-02-05 18:31 - 00000000 ____D C:\Users\urflamingo\Downloads\JVZoo 2013-01-19 01:30 - 2013-01-19 01:30 - 01864128 ____A ( ) C:\Users\urflamingo\Downloads\MiracleSqueezePageBuilder.exe 2013-01-19 01:30 - 2013-01-19 01:30 - 00001799 ____A C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk 2013-01-19 01:30 - 2013-01-19 01:30 - 00000000 ____D C:\Program Files\Miracle Squeeze Page Builder 2013-01-19 01:23 - 2013-01-19 01:23 - 00000841 ____A C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk 2013-01-19 01:23 - 2013-01-19 01:23 - 00000000 ____D C:\Program Files\PinDetective 2013-01-19 01:22 - 2013-01-19 01:22 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2(1).exe 2013-01-19 01:21 - 2013-01-19 01:21 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2.exe 2013-01-19 01:13 - 2013-01-19 01:13 - 00001069 ____A C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk 2013-01-19 01:13 - 2013-01-19 01:13 - 00000000 ____D C:\Program Files\PinAutomation - Affiliate Robot 2013-01-19 01:12 - 2013-01-19 01:12 - 00398725 ____A ( ) C:\Users\urflamingo\Downloads\AffiliateRobot-Setup.exe 2013-01-18 16:28 - 2013-01-18 16:28 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus 2013-01-18 14:56 - 2013-01-18 14:56 - 00000970 ____A C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk 2013-01-18 14:21 - 2013-01-18 14:22 - 00004555 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log 2013-01-18 01:40 - 2013-01-18 01:40 - 00000000 ____D C:\Program Files\Citrix 2013-01-17 18:36 - 2013-01-17 18:36 - 00029053 ____A C:\Users\urflamingo\Documents\Versuch1.ffd 2013-01-17 16:33 - 2013-01-17 16:34 - 00000046 ____A C:\Windows\Speed.INI 2013-01-17 16:33 - 2013-01-17 16:34 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX Speed 2013-01-17 15:50 - 2013-01-17 15:50 - 00000024 ____A C:\Windows\System32\DKRNL.JAX 2013-01-17 15:50 - 2013-01-17 15:50 - 00000000 ____D C:\Users\urflamingo\Documents\Corel MotionStudio 3D 2013-01-14 23:21 - 2013-01-14 23:37 - 00024576 ____A C:\Users\urflamingo\Documents\verguetungssysteme.dsam 2013-01-14 23:13 - 2013-01-14 23:13 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42 (1).air 2013-01-14 16:25 - 2013-01-14 18:24 - 00005132 ____A C:\Users\urflamingo\Downloads\sitescripts.php 2013-01-14 00:34 - 2013-01-14 00:34 - 00002269 ____R C:\Windows\E-MailVerifier_Uninstall.in 2013-01-14 00:34 - 2013-01-14 00:34 - 00000715 ____A C:\Users\urflamingo\Desktop\E-MailVerifier.lnk 2013-01-14 00:34 - 2013-01-14 00:34 - 00000000 ____D C:\Program Files\E-MailVerifier 2013-01-14 00:34 - 2010-02-02 12:30 - 00331136 ____A (Mirko Böer) C:\Windows\EMVUn.EXE 2013-01-14 00:33 - 2013-01-14 00:33 - 00003306 ____R C:\Windows\SuperMailer_Uninstall.in 2013-01-14 00:33 - 2013-01-14 00:33 - 00000695 ____A C:\Users\urflamingo\Desktop\SuperMailer.lnk 2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\SuperMailer 2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Program Files\SuperMailer 2013-01-14 00:33 - 2010-03-17 10:45 - 00331136 ____A (Mirko Böer) C:\Windows\SMUn.EXE 2013-01-13 18:05 - 2013-01-13 18:05 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 2013-01-13 18:04 - 2013-01-13 18:04 - 00000776 ____A C:\Users\Public\Desktop\Market Samurai.lnk 2013-01-13 18:03 - 2013-01-13 18:03 - 00000000 ____D C:\Program Files\Market Samurai 2013-01-13 17:59 - 2013-01-13 17:59 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42.air 2013-01-11 14:39 - 2013-01-11 14:40 - 01054871 ____A C:\Users\urflamingo\Downloads\MLMpro_D.zip 2013-01-10 14:54 - 2013-01-10 14:57 - 344471060 ____A C:\Users\urflamingo\Downloads\starter-mitglied-856024.zip 2013-01-10 14:14 - 2013-01-10 14:15 - 00276140 ____A C:\Windows\msxml4-KB2758694-enu.LOG ==================== One Month Modified Files and Folders ======== 2013-02-09 20:33 - 2013-02-09 20:33 - 00000000 ___DC C:\FRST 2013-02-09 20:30 - 2008-01-21 03:47 - 20969324 ____A C:\Windows\PFRO.log 2013-02-09 20:19 - 2009-11-15 21:28 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-02-09 20:17 - 2009-08-13 10:31 - 00143914 ____A C:\Users\All Users\nvModes.001 2013-02-09 20:17 - 2008-09-09 03:07 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml 2013-02-09 20:17 - 2008-07-30 03:13 - 00000147 ____A C:\Windows\System32\agent.log 2013-02-09 20:17 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-02-09 20:17 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-02-09 20:17 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-02-09 18:57 - 2013-02-09 18:57 - 00042254 ____A C:\Users\urflamingo\Downloads\Aktivierungshinweise_Gold_Mitgliedschaft.zip 2013-02-09 18:52 - 2012-01-19 17:46 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\PDF Software 2013-02-09 17:54 - 2012-05-29 16:33 - 00001699 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk 2013-02-09 16:43 - 2013-02-09 16:43 - 00000000 ___DC C:\_OTL 2013-02-09 16:33 - 2013-02-07 14:56 - 00157902 ____A C:\Users\urflamingo\Downloads\OTL.Txt 2013-02-09 13:17 - 2012-12-26 20:39 - 00000338 ____A C:\Windows\Tasks\DriverScanner.job 2013-02-09 13:17 - 2009-11-15 21:28 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-02-09 12:43 - 2008-10-04 22:22 - 00075264 ____A C:\Users\urflamingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-02-09 12:32 - 2013-02-09 12:32 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller (1).exe 2013-02-09 12:31 - 2013-02-09 12:31 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller.exe 2013-02-09 12:27 - 2013-02-09 12:26 - 04732416 ____A (AVAST Software) C:\Users\urflamingo\Downloads\aswMBR.exe 2013-02-08 21:14 - 2010-02-22 04:07 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\FileZilla 2013-02-08 20:34 - 2013-02-08 20:34 - 00000000 ____D C:\Users\urflamingo\Downloads\covertplayer_pro 2013-02-08 14:40 - 2013-02-08 14:40 - 00026095 ___AC C:\ComboFix.txt 2013-02-08 14:40 - 2013-02-08 13:43 - 00000000 ___DC C:\Qoobox 2013-02-08 14:40 - 2006-11-02 12:18 - 00000000 ___RD C:\users\Public 2013-02-08 14:38 - 2013-02-08 13:42 - 00000000 ____D C:\Windows\erdnt 2013-02-08 14:32 - 2006-11-02 11:23 - 00000215 ___AC C:\Windows\system.ini 2013-02-08 14:21 - 2008-10-04 15:09 - 00000000 ____D C:\users\urflamingo 2013-02-08 13:41 - 2013-02-08 13:41 - 05030592 ___RA (Swearware) C:\Users\urflamingo\Downloads\ComboFix.exe 2013-02-08 00:02 - 2013-02-08 00:02 - 00001199 ___AC C:\AdwCleaner[R1].txt 2013-02-07 23:43 - 2012-07-31 13:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-02-07 23:10 - 2013-02-07 23:10 - 00582209 ____A C:\Users\urflamingo\Downloads\adwcleaner.exe 2013-02-07 23:07 - 2013-02-07 23:07 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE(1).exe 2013-02-07 23:06 - 2013-02-07 23:06 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE.exe 2013-02-07 23:06 - 2013-02-07 23:06 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-02-07 22:54 - 2013-02-07 22:54 - 00060754 ____A C:\Users\urflamingo\Desktop\JRT.txt 2013-02-07 22:50 - 2013-02-07 22:50 - 00000000 ____D C:\Windows\ERUNT 2013-02-07 22:48 - 2013-02-07 22:48 - 00000000 ___DC C:\JRT 2013-02-07 22:47 - 2013-02-07 22:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\Nicht bestätigt 518278.crdownload 2013-02-07 22:47 - 2013-02-07 22:46 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\JRT.exe 2013-02-07 21:25 - 2006-11-02 13:47 - 00634760 ____A C:\Windows\System32\FNTCACHE.DAT 2013-02-07 21:05 - 2013-02-07 21:05 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1 (1).txt 2013-02-07 21:04 - 2013-02-07 21:04 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1.txt 2013-02-07 14:57 - 2013-02-07 14:57 - 00097512 ____A C:\Users\urflamingo\Downloads\Extras.Txt 2013-02-07 14:40 - 2013-02-07 14:40 - 00365568 ____A C:\Users\urflamingo\Downloads\gmer_2.0.18454.exe 2013-02-07 14:19 - 2013-02-07 14:19 - 00602112 ____A (OldTimer Tools) C:\Users\urflamingo\Downloads\OTL.exe 2013-02-07 14:15 - 2013-02-07 14:14 - 00000482 ____A C:\Users\urflamingo\Downloads\defogger_disable.log 2013-02-07 14:14 - 2013-02-07 14:14 - 00000000 ____A C:\Users\urflamingo\defogger_reenable 2013-02-07 14:13 - 2013-02-07 14:12 - 00050477 ____A C:\Users\urflamingo\Downloads\Defogger.exe 2013-02-07 01:17 - 2008-09-09 02:52 - 01770546 ____A C:\Windows\WindowsUpdate.log 2013-02-07 01:17 - 2006-11-02 14:01 - 00032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-02-07 00:22 - 2013-02-07 00:22 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-02-07 00:22 - 2013-02-06 21:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-02-07 00:11 - 2012-12-13 21:32 - 00262144 ____A C:\Windows\System32\config\ELAM 2013-02-07 00:08 - 2012-12-12 12:50 - 00000000 ___RD C:\Users\urflamingo\Dropbox 2013-02-07 00:08 - 2012-12-12 12:45 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Dropbox 2013-02-06 23:37 - 2008-01-21 08:16 - 01673560 ____A C:\Windows\System32\PerfStringBackup.INI 2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Malwarebytes 2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\All Users\Malwarebytes 2013-02-06 21:54 - 2013-02-06 21:54 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\urflamingo\Downloads\mbam-setup-1.70.0.1100.exe 2013-02-06 21:49 - 2012-05-02 16:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-02-06 19:19 - 2010-11-14 23:58 - 33997193 ____A C:\Users\urflamingo\Downloads\otopaket.zip 2013-02-06 18:54 - 2013-02-06 18:51 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-02-06 18:00 - 2010-10-23 14:56 - 00000304 ____A C:\Windows\Tasks\next.job 2013-02-06 18:00 - 2009-08-03 09:23 - 00000452 ____A C:\Windows\Tasks\ParetoLogic Registration.job 2013-02-05 20:06 - 2012-12-13 23:21 - 00000000 ____D C:\Users\urflamingo\AppData\Local\CrashDumps 2013-02-05 18:31 - 2013-02-05 18:31 - 00351281 ____A C:\Users\urflamingo\Downloads\covertplayer_pro.zip 2013-02-05 18:31 - 2013-01-19 17:40 - 00000000 ____D C:\Users\urflamingo\Downloads\JVZoo 2013-02-05 18:11 - 2013-02-05 18:10 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\vlc 2013-02-05 18:09 - 2013-02-05 18:09 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-02-05 18:08 - 2013-02-05 18:08 - 00000000 ____D C:\Program Files\VideoLAN 2013-02-05 18:07 - 2013-02-05 18:07 - 22916830 ____A C:\Users\urflamingo\Downloads\vlc-2.0.5-win32.exe 2013-02-04 23:03 - 2012-01-19 18:06 - 00000000 ____D C:\Users\urflamingo\Documents\PDF Suite 2012 Files 2013-02-04 21:14 - 2010-11-30 17:57 - 00000000 ____D C:\Program Files\Common Files\ArcSoft 2013-02-04 21:14 - 2008-07-30 02:22 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-02-03 12:04 - 2013-02-03 12:05 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-02-03 12:04 - 2013-02-03 12:05 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-02-03 12:04 - 2013-02-03 12:05 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-02-03 12:04 - 2013-02-03 12:05 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-02-03 12:04 - 2012-11-06 16:51 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-02-03 12:04 - 2011-07-11 11:52 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-02-03 11:56 - 2012-12-12 12:50 - 00000938 ____A C:\Users\urflamingo\Desktop\Dropbox.lnk 2013-02-03 11:55 - 2010-03-01 20:26 - 00047104 ____A C:\Users\urflamingo\AppData\Local\WebpageIcons.db 2013-01-31 17:39 - 2013-01-31 17:39 - 00001875 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-01-31 17:39 - 2012-11-09 16:18 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-01-31 00:37 - 2010-02-09 21:58 - 00004096 ____A C:\Users\Public\Documents\00000ED4.LCS 2013-01-30 23:42 - 2013-01-30 23:42 - 00000840 ____A C:\Users\urflamingo\Desktop\CdCoverCreator.lnk 2013-01-30 23:42 - 2013-01-30 23:42 - 00000000 ____D C:\Program Files\CdCoverCreator 2013-01-30 23:41 - 2013-01-30 23:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3 (1).exe 2013-01-30 23:41 - 2013-01-30 23:40 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3.exe 2013-01-30 23:39 - 2013-01-30 23:39 - 00970480 ____A C:\Users\urflamingo\Downloads\setup (3).exe 2013-01-30 23:23 - 2013-01-30 23:23 - 00581184 ____A (www.download-sponsor.de) C:\Users\urflamingo\Downloads\Nicht bestätigt 154015.crdownload 2013-01-30 23:18 - 2013-01-30 23:18 - 00000756 ____A C:\Users\urflamingo\Desktop\MiPony.lnk 2013-01-30 23:18 - 2013-01-30 23:18 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\DSite 2013-01-30 23:17 - 2013-01-30 23:17 - 00663824 ____A C:\Users\urflamingo\Downloads\DownloadAcceleratorSetup.exe 2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c.exe 2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c (1).exe 2013-01-30 19:29 - 2013-01-28 19:04 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2013-01-30 16:46 - 2012-01-02 23:38 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Corel 2013-01-30 16:25 - 2013-01-30 16:25 - 00000000 ____D C:\Users\urflamingo\Corel 2013-01-30 16:20 - 2012-12-12 21:09 - 00000000 ____D C:\Users\All Users\Corel 2013-01-30 16:19 - 2013-01-30 16:19 - 00000040 ___AH C:\Windows\System32\ivireg.ivr 2013-01-30 16:18 - 2013-01-30 16:18 - 00001734 ____A C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk 2013-01-30 16:17 - 2012-12-12 21:00 - 00000000 ____D C:\Program Files\Corel 2013-01-30 16:06 - 2013-01-30 16:04 - 123908088 ____A (Acresso Software Inc.) C:\Users\urflamingo\Downloads\WinDVD11_Pro_TBYB.exe 2013-01-30 12:38 - 2009-08-03 09:23 - 00000426 ____A C:\Windows\Tasks\ParetoLogic Update Version2.job 2013-01-28 19:05 - 2013-01-28 19:05 - 00000000 ____D C:\Users\urflamingo\Documents\Nero 2013-01-28 19:03 - 2013-01-28 19:00 - 00000000 ____D C:\Users\All Users\Nero 2013-01-28 19:03 - 2013-01-28 18:57 - 00000000 ____D C:\Program Files\Nero 2013-01-28 19:01 - 2013-01-28 19:01 - 00000000 ____D C:\Program Files\Common Files\Nero 2013-01-28 16:31 - 2012-02-16 17:39 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX 2013-01-28 13:29 - 2013-01-28 13:29 - 00803471 ____A C:\Users\urflamingo\Downloads\label.psd 2013-01-25 19:32 - 2013-01-25 19:30 - 00000000 ____D C:\Users\urflamingo\Downloads\WP Plugins Chrisler Azon 2013-01-25 13:52 - 2013-01-25 13:52 - 08507373 ____A C:\Users\urflamingo\Downloads\pitch_me_your_idea_2003_2493.zip 2013-01-22 23:10 - 2010-11-28 16:00 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Audacity 2013-01-22 21:21 - 2013-01-22 21:21 - 00000000 ____D C:\Users\urflamingo\Documents\Recordpad 2013-01-20 15:41 - 2012-12-12 21:22 - 00000000 ____D C:\Users\All Users\SmartSound Software Inc 2013-01-19 19:22 - 2013-01-19 19:19 - 90257957 ____A C:\Users\urflamingo\Downloads\LeadGenTsunami.mp4 2013-01-19 17:41 - 2013-01-19 17:41 - 03041739 ____A C:\Users\urflamingo\Downloads\quiz2.zip 2013-01-19 01:42 - 2010-05-31 17:08 - 00000206 ____A C:\Windows\EurekaLog.ini 2013-01-19 01:30 - 2013-01-19 01:30 - 01864128 ____A ( ) C:\Users\urflamingo\Downloads\MiracleSqueezePageBuilder.exe 2013-01-19 01:30 - 2013-01-19 01:30 - 00001799 ____A C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk 2013-01-19 01:30 - 2013-01-19 01:30 - 00000000 ____D C:\Program Files\Miracle Squeeze Page Builder 2013-01-19 01:23 - 2013-01-19 01:23 - 00000841 ____A C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk 2013-01-19 01:23 - 2013-01-19 01:23 - 00000000 ____D C:\Program Files\PinDetective 2013-01-19 01:22 - 2013-01-19 01:22 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2(1).exe 2013-01-19 01:21 - 2013-01-19 01:21 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2.exe 2013-01-19 01:13 - 2013-01-19 01:13 - 00001069 ____A C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk 2013-01-19 01:13 - 2013-01-19 01:13 - 00000000 ____D C:\Program Files\PinAutomation - Affiliate Robot 2013-01-19 01:12 - 2013-01-19 01:12 - 00398725 ____A ( ) C:\Users\urflamingo\Downloads\AffiliateRobot-Setup.exe 2013-01-18 22:51 - 2009-08-06 21:00 - 00000000 ____D C:\Users\urflamingo\Documents\Camtasia Studio 2013-01-18 16:28 - 2013-01-18 16:28 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus 2013-01-18 14:58 - 2008-10-19 20:55 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\AVS4YOU 2013-01-18 14:57 - 2008-10-19 20:51 - 00000000 ____D C:\Program Files\AVS4YOU 2013-01-18 14:56 - 2013-01-18 14:56 - 00000970 ____A C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk 2013-01-18 14:22 - 2013-01-18 14:21 - 00004555 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log 2013-01-18 14:22 - 2009-08-01 19:08 - 00000000 ____D C:\Program Files\Java 2013-01-18 01:40 - 2013-01-18 01:40 - 00000000 ____D C:\Program Files\Citrix 2013-01-17 18:36 - 2013-01-17 18:36 - 00029053 ____A C:\Users\urflamingo\Documents\Versuch1.ffd 2013-01-17 16:34 - 2013-01-17 16:33 - 00000046 ____A C:\Windows\Speed.INI 2013-01-17 16:34 - 2013-01-17 16:33 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX Speed 2013-01-17 15:50 - 2013-01-17 15:50 - 00000024 ____A C:\Windows\System32\DKRNL.JAX 2013-01-17 15:50 - 2013-01-17 15:50 - 00000000 ____D C:\Users\urflamingo\Documents\Corel MotionStudio 3D 2013-01-17 15:49 - 2012-12-12 23:03 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Ulead Systems 2013-01-16 16:18 - 2010-06-27 19:33 - 00007592 ____A C:\Users\urflamingo\AppData\Local\d3d9caps.dat 2013-01-15 19:54 - 2012-03-19 12:57 - 00000000 ____D C:\Program Files\McAfee 2013-01-14 23:37 - 2013-01-14 23:21 - 00024576 ____A C:\Users\urflamingo\Documents\verguetungssysteme.dsam 2013-01-14 23:23 - 2010-05-05 17:28 - 00322760 ___AH C:\Windows\System32\mlfcache.dat 2013-01-14 23:13 - 2013-01-14 23:13 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42 (1).air 2013-01-14 18:24 - 2013-01-14 16:25 - 00005132 ____A C:\Users\urflamingo\Downloads\sitescripts.php 2013-01-14 13:43 - 2009-08-13 08:14 - 00143914 ____A C:\Users\All Users\nvModes.dat 2013-01-14 00:34 - 2013-01-14 00:34 - 00002269 ____R C:\Windows\E-MailVerifier_Uninstall.in 2013-01-14 00:34 - 2013-01-14 00:34 - 00000715 ____A C:\Users\urflamingo\Desktop\E-MailVerifier.lnk 2013-01-14 00:34 - 2013-01-14 00:34 - 00000000 ____D C:\Program Files\E-MailVerifier 2013-01-14 00:33 - 2013-01-14 00:33 - 00003306 ____R C:\Windows\SuperMailer_Uninstall.in 2013-01-14 00:33 - 2013-01-14 00:33 - 00000695 ____A C:\Users\urflamingo\Desktop\SuperMailer.lnk 2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\SuperMailer 2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Program Files\SuperMailer 2013-01-13 18:05 - 2013-01-13 18:05 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 2013-01-13 18:04 - 2013-01-13 18:04 - 00000776 ____A C:\Users\Public\Desktop\Market Samurai.lnk 2013-01-13 18:03 - 2013-01-13 18:03 - 00000000 ____D C:\Program Files\Market Samurai 2013-01-13 17:59 - 2013-01-13 17:59 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42.air 2013-01-11 16:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-01-11 14:40 - 2013-01-11 14:39 - 01054871 ____A C:\Users\urflamingo\Downloads\MLMpro_D.zip 2013-01-10 14:57 - 2013-01-10 14:54 - 344471060 ____A C:\Users\urflamingo\Downloads\starter-mitglied-856024.zip 2013-01-10 14:33 - 2006-11-02 11:23 - 00000275 ____A C:\Windows\win.ini 2013-01-10 14:15 - 2013-01-10 14:14 - 00276140 ____A C:\Windows\msxml4-KB2758694-enu.LOG 2013-01-10 13:48 - 2006-11-02 11:24 - 65273848 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-12-12 12:25] - [2012-08-21 12:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 3065.94 MB Available physical RAM: 2485.23 MB Total Pagefile: 10929.88 MB Available Pagefile: 10573.44 MB Total Virtual: 2047.88 MB Available Virtual: 1954.89 MB ==================== Partitions ============================= 1 Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:35.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (DATA) (Fixed) (Total:178.85 GB) (Free:100.95 GB) NTFS 3 Drive e: (DATA) (Fixed) (Total:140.5 GB) (Free:86.21 GB) NTFS 4 Drive f: () (Removable) (Total:3.84 GB) (Free:1.67 GB) FAT32 6 Drive h: (DATA) (Fixed) (Total:59.65 GB) (Free:55.37 GB) NTFS 7 Drive i: () (Removable) (Total:3.69 GB) (Free:3.23 GB) FAT32 8 Drive j: (DATA) (Fixed) (Total:59.58 GB) (Free:59.49 GB) NTFS Datentr ### Status Gr”áe Frei Dyn GPT -------- ---------- ------- ------- --- --- 0 Online 298 GB 0 B 1 Online 298 GB 0 B 2 Online 3782 MB 0 B 3 Online 3935 MB 0 B Last Boot: 2013-02-09 18:05 ==================== End Of Log ============================ Soll ich hinsichtlich der OTL noch etwas machen? Gruß urflamingo |
09.02.2013, 20:50 | #12 |
/// TB-Ausbilder | Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Servus, du kannst immer noch nicht normal starten, oder? Irgendwie hat das mit FRST nicht so wirklich geklappt. Kannst du bitte nochmal in den Reparatur Optionen starten, nichts anderes tun und FRST wie in meiner Anleitung beschrieben nochmal ausführen? |
09.02.2013, 21:09 | #13 |
| Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Hallo Matthias, irgendwie ist meine Antwort von eben ja gar nicht im Thread. Für den Fall, dass Du sie nicht wirklich erhalten hast, hier noch einmal die FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-02-2013 Ran by urflamingo at 09-02-2013 20:33:20 Running from F:\ Service Pack 2 (X86) OS Language: German Standard Attention: Could not load system hive. FEHLER: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY. ==================== One Month Created Files and Folders ======== 2013-02-09 18:57 - 2013-02-09 18:57 - 00042254 ____A C:\Users\urflamingo\Downloads\Aktivierungshinweise_Gold_Mitgliedschaft.zip 2013-02-09 16:43 - 2013-02-09 16:43 - 00000000 ___DC C:\_OTL 2013-02-09 12:32 - 2013-02-09 12:32 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller (1).exe 2013-02-09 12:31 - 2013-02-09 12:31 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller.exe 2013-02-09 12:26 - 2013-02-09 12:27 - 04732416 ____A (AVAST Software) C:\Users\urflamingo\Downloads\aswMBR.exe 2013-02-08 20:34 - 2013-02-08 20:34 - 00000000 ____D C:\Users\urflamingo\Downloads\covertplayer_pro 2013-02-08 14:40 - 2013-02-08 14:40 - 00026095 ___AC C:\ComboFix.txt 2013-02-08 13:54 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe 2013-02-08 13:54 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe 2013-02-08 13:54 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-02-08 13:54 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-02-08 13:54 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-02-08 13:54 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe 2013-02-08 13:54 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe 2013-02-08 13:54 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe 2013-02-08 13:43 - 2013-02-08 14:40 - 00000000 ___DC C:\Qoobox 2013-02-08 13:42 - 2013-02-08 14:38 - 00000000 ____D C:\Windows\erdnt 2013-02-08 13:41 - 2013-02-08 13:41 - 05030592 ___RA (Swearware) C:\Users\urflamingo\Downloads\ComboFix.exe 2013-02-08 00:02 - 2013-02-08 00:02 - 00001199 ___AC C:\AdwCleaner[R1].txt 2013-02-07 23:10 - 2013-02-07 23:10 - 00582209 ____A C:\Users\urflamingo\Downloads\adwcleaner.exe 2013-02-07 23:07 - 2013-02-07 23:07 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE(1).exe 2013-02-07 23:06 - 2013-02-07 23:06 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE.exe 2013-02-07 23:06 - 2013-02-07 23:06 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-02-07 22:54 - 2013-02-07 22:54 - 00060754 ____A C:\Users\urflamingo\Desktop\JRT.txt 2013-02-07 22:50 - 2013-02-07 22:50 - 00000000 ____D C:\Windows\ERUNT 2013-02-07 22:48 - 2013-02-07 22:48 - 00000000 ___DC C:\JRT 2013-02-07 22:47 - 2013-02-07 22:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\Nicht bestätigt 518278.crdownload 2013-02-07 22:46 - 2013-02-07 22:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\JRT.exe 2013-02-07 21:05 - 2013-02-07 21:05 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1 (1).txt 2013-02-07 21:04 - 2013-02-07 21:04 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1.txt 2013-02-07 14:57 - 2013-02-07 14:57 - 00097512 ____A C:\Users\urflamingo\Downloads\Extras.Txt 2013-02-07 14:56 - 2013-02-09 16:33 - 00157902 ____A C:\Users\urflamingo\Downloads\OTL.Txt 2013-02-07 14:40 - 2013-02-07 14:40 - 00365568 ____A C:\Users\urflamingo\Downloads\gmer_2.0.18454.exe 2013-02-07 14:19 - 2013-02-07 14:19 - 00602112 ____A (OldTimer Tools) C:\Users\urflamingo\Downloads\OTL.exe 2013-02-07 14:14 - 2013-02-07 14:15 - 00000482 ____A C:\Users\urflamingo\Downloads\defogger_disable.log 2013-02-07 14:14 - 2013-02-07 14:14 - 00000000 ____A C:\Users\urflamingo\defogger_reenable 2013-02-07 14:12 - 2013-02-07 14:13 - 00050477 ____A C:\Users\urflamingo\Downloads\Defogger.exe 2013-02-07 00:22 - 2013-02-07 00:22 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-02-07 00:21 - 2012-12-14 16:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-02-06 21:56 - 2013-02-07 00:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Malwarebytes 2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\All Users\Malwarebytes 2013-02-06 21:54 - 2013-02-06 21:54 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\urflamingo\Downloads\mbam-setup-1.70.0.1100.exe 2013-02-06 18:51 - 2013-02-06 18:54 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-02-05 18:31 - 2013-02-05 18:31 - 00351281 ____A C:\Users\urflamingo\Downloads\covertplayer_pro.zip 2013-02-05 18:10 - 2013-02-05 18:11 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\vlc 2013-02-05 18:09 - 2013-02-05 18:09 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-02-05 18:08 - 2013-02-05 18:08 - 00000000 ____D C:\Program Files\VideoLAN 2013-02-05 18:07 - 2013-02-05 18:07 - 22916830 ____A C:\Users\urflamingo\Downloads\vlc-2.0.5-win32.exe 2013-02-03 12:05 - 2013-02-03 12:04 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-02-03 12:05 - 2013-02-03 12:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-02-03 12:05 - 2013-02-03 12:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-02-03 12:05 - 2013-02-03 12:04 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-01-31 17:39 - 2013-01-31 17:39 - 00001875 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-01-30 23:42 - 2013-01-30 23:42 - 00000840 ____A C:\Users\urflamingo\Desktop\CdCoverCreator.lnk 2013-01-30 23:42 - 2013-01-30 23:42 - 00000000 ____D C:\Program Files\CdCoverCreator 2013-01-30 23:41 - 2013-01-30 23:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3 (1).exe 2013-01-30 23:40 - 2013-01-30 23:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3.exe 2013-01-30 23:39 - 2013-01-30 23:39 - 00970480 ____A C:\Users\urflamingo\Downloads\setup (3).exe 2013-01-30 23:23 - 2013-01-30 23:23 - 00581184 ____A (www.download-sponsor.de) C:\Users\urflamingo\Downloads\Nicht bestätigt 154015.crdownload 2013-01-30 23:18 - 2013-01-30 23:18 - 00000756 ____A C:\Users\urflamingo\Desktop\MiPony.lnk 2013-01-30 23:18 - 2013-01-30 23:18 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\DSite 2013-01-30 23:17 - 2013-01-30 23:17 - 00663824 ____A C:\Users\urflamingo\Downloads\DownloadAcceleratorSetup.exe 2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c.exe 2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c (1).exe 2013-01-30 16:25 - 2013-01-30 16:25 - 00000000 ____D C:\Users\urflamingo\Corel 2013-01-30 16:19 - 2013-01-30 16:19 - 00000040 ___AH C:\Windows\System32\ivireg.ivr 2013-01-30 16:18 - 2013-01-30 16:18 - 00001734 ____A C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk 2013-01-30 16:18 - 2010-11-16 16:24 - 00013880 ____A (InterVideo) C:\Windows\System32\Drivers\regi.sys 2013-01-30 16:04 - 2013-01-30 16:06 - 123908088 ____A (Acresso Software Inc.) C:\Users\urflamingo\Downloads\WinDVD11_Pro_TBYB.exe 2013-01-28 19:05 - 2013-01-28 19:05 - 00000000 ____D C:\Users\urflamingo\Documents\Nero 2013-01-28 19:04 - 2013-01-30 19:29 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2013-01-28 19:01 - 2013-01-28 19:01 - 00000000 ____D C:\Program Files\Common Files\Nero 2013-01-28 19:00 - 2013-01-28 19:03 - 00000000 ____D C:\Users\All Users\Nero 2013-01-28 18:57 - 2013-01-28 19:03 - 00000000 ____D C:\Program Files\Nero 2013-01-28 13:29 - 2013-01-28 13:29 - 00803471 ____A C:\Users\urflamingo\Downloads\label.psd 2013-01-25 19:30 - 2013-01-25 19:32 - 00000000 ____D C:\Users\urflamingo\Downloads\WP Plugins Chrisler Azon 2013-01-25 13:52 - 2013-01-25 13:52 - 08507373 ____A C:\Users\urflamingo\Downloads\pitch_me_your_idea_2003_2493.zip 2013-01-22 21:21 - 2013-01-22 21:21 - 00000000 ____D C:\Users\urflamingo\Documents\Recordpad 2013-01-19 19:19 - 2013-01-19 19:22 - 90257957 ____A C:\Users\urflamingo\Downloads\LeadGenTsunami.mp4 2013-01-19 17:41 - 2013-01-19 17:41 - 03041739 ____A C:\Users\urflamingo\Downloads\quiz2.zip 2013-01-19 17:40 - 2013-02-05 18:31 - 00000000 ____D C:\Users\urflamingo\Downloads\JVZoo 2013-01-19 01:30 - 2013-01-19 01:30 - 01864128 ____A ( ) C:\Users\urflamingo\Downloads\MiracleSqueezePageBuilder.exe 2013-01-19 01:30 - 2013-01-19 01:30 - 00001799 ____A C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk 2013-01-19 01:30 - 2013-01-19 01:30 - 00000000 ____D C:\Program Files\Miracle Squeeze Page Builder 2013-01-19 01:23 - 2013-01-19 01:23 - 00000841 ____A C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk 2013-01-19 01:23 - 2013-01-19 01:23 - 00000000 ____D C:\Program Files\PinDetective 2013-01-19 01:22 - 2013-01-19 01:22 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2(1).exe 2013-01-19 01:21 - 2013-01-19 01:21 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2.exe 2013-01-19 01:13 - 2013-01-19 01:13 - 00001069 ____A C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk 2013-01-19 01:13 - 2013-01-19 01:13 - 00000000 ____D C:\Program Files\PinAutomation - Affiliate Robot 2013-01-19 01:12 - 2013-01-19 01:12 - 00398725 ____A ( ) C:\Users\urflamingo\Downloads\AffiliateRobot-Setup.exe 2013-01-18 16:28 - 2013-01-18 16:28 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus 2013-01-18 14:56 - 2013-01-18 14:56 - 00000970 ____A C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk 2013-01-18 14:21 - 2013-01-18 14:22 - 00004555 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log 2013-01-18 01:40 - 2013-01-18 01:40 - 00000000 ____D C:\Program Files\Citrix 2013-01-17 18:36 - 2013-01-17 18:36 - 00029053 ____A C:\Users\urflamingo\Documents\Versuch1.ffd 2013-01-17 16:33 - 2013-01-17 16:34 - 00000046 ____A C:\Windows\Speed.INI 2013-01-17 16:33 - 2013-01-17 16:34 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX Speed 2013-01-17 15:50 - 2013-01-17 15:50 - 00000024 ____A C:\Windows\System32\DKRNL.JAX 2013-01-17 15:50 - 2013-01-17 15:50 - 00000000 ____D C:\Users\urflamingo\Documents\Corel MotionStudio 3D 2013-01-14 23:21 - 2013-01-14 23:37 - 00024576 ____A C:\Users\urflamingo\Documents\verguetungssysteme.dsam 2013-01-14 23:13 - 2013-01-14 23:13 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42 (1).air 2013-01-14 16:25 - 2013-01-14 18:24 - 00005132 ____A C:\Users\urflamingo\Downloads\sitescripts.php 2013-01-14 00:34 - 2013-01-14 00:34 - 00002269 ____R C:\Windows\E-MailVerifier_Uninstall.in 2013-01-14 00:34 - 2013-01-14 00:34 - 00000715 ____A C:\Users\urflamingo\Desktop\E-MailVerifier.lnk 2013-01-14 00:34 - 2013-01-14 00:34 - 00000000 ____D C:\Program Files\E-MailVerifier 2013-01-14 00:34 - 2010-02-02 12:30 - 00331136 ____A (Mirko Böer) C:\Windows\EMVUn.EXE 2013-01-14 00:33 - 2013-01-14 00:33 - 00003306 ____R C:\Windows\SuperMailer_Uninstall.in 2013-01-14 00:33 - 2013-01-14 00:33 - 00000695 ____A C:\Users\urflamingo\Desktop\SuperMailer.lnk 2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\SuperMailer 2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Program Files\SuperMailer 2013-01-14 00:33 - 2010-03-17 10:45 - 00331136 ____A (Mirko Böer) C:\Windows\SMUn.EXE 2013-01-13 18:05 - 2013-01-13 18:05 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 2013-01-13 18:04 - 2013-01-13 18:04 - 00000776 ____A C:\Users\Public\Desktop\Market Samurai.lnk 2013-01-13 18:03 - 2013-01-13 18:03 - 00000000 ____D C:\Program Files\Market Samurai 2013-01-13 17:59 - 2013-01-13 17:59 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42.air 2013-01-11 14:39 - 2013-01-11 14:40 - 01054871 ____A C:\Users\urflamingo\Downloads\MLMpro_D.zip 2013-01-10 14:54 - 2013-01-10 14:57 - 344471060 ____A C:\Users\urflamingo\Downloads\starter-mitglied-856024.zip 2013-01-10 14:14 - 2013-01-10 14:15 - 00276140 ____A C:\Windows\msxml4-KB2758694-enu.LOG ==================== One Month Modified Files and Folders ======== 2013-02-09 20:33 - 2013-02-09 20:33 - 00000000 ___DC C:\FRST 2013-02-09 20:30 - 2008-01-21 03:47 - 20969324 ____A C:\Windows\PFRO.log 2013-02-09 20:19 - 2009-11-15 21:28 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-02-09 20:17 - 2009-08-13 10:31 - 00143914 ____A C:\Users\All Users\nvModes.001 2013-02-09 20:17 - 2008-09-09 03:07 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml 2013-02-09 20:17 - 2008-07-30 03:13 - 00000147 ____A C:\Windows\System32\agent.log 2013-02-09 20:17 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-02-09 20:17 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-02-09 20:17 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-02-09 18:57 - 2013-02-09 18:57 - 00042254 ____A C:\Users\urflamingo\Downloads\Aktivierungshinweise_Gold_Mitgliedschaft.zip 2013-02-09 18:52 - 2012-01-19 17:46 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\PDF Software 2013-02-09 17:54 - 2012-05-29 16:33 - 00001699 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk 2013-02-09 16:43 - 2013-02-09 16:43 - 00000000 ___DC C:\_OTL 2013-02-09 16:33 - 2013-02-07 14:56 - 00157902 ____A C:\Users\urflamingo\Downloads\OTL.Txt 2013-02-09 13:17 - 2012-12-26 20:39 - 00000338 ____A C:\Windows\Tasks\DriverScanner.job 2013-02-09 13:17 - 2009-11-15 21:28 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-02-09 12:43 - 2008-10-04 22:22 - 00075264 ____A C:\Users\urflamingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-02-09 12:32 - 2013-02-09 12:32 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller (1).exe 2013-02-09 12:31 - 2013-02-09 12:31 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller.exe 2013-02-09 12:27 - 2013-02-09 12:26 - 04732416 ____A (AVAST Software) C:\Users\urflamingo\Downloads\aswMBR.exe 2013-02-08 21:14 - 2010-02-22 04:07 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\FileZilla 2013-02-08 20:34 - 2013-02-08 20:34 - 00000000 ____D C:\Users\urflamingo\Downloads\covertplayer_pro 2013-02-08 14:40 - 2013-02-08 14:40 - 00026095 ___AC C:\ComboFix.txt 2013-02-08 14:40 - 2013-02-08 13:43 - 00000000 ___DC C:\Qoobox 2013-02-08 14:40 - 2006-11-02 12:18 - 00000000 ___RD C:\users\Public 2013-02-08 14:38 - 2013-02-08 13:42 - 00000000 ____D C:\Windows\erdnt 2013-02-08 14:32 - 2006-11-02 11:23 - 00000215 ___AC C:\Windows\system.ini 2013-02-08 14:21 - 2008-10-04 15:09 - 00000000 ____D C:\users\urflamingo 2013-02-08 13:41 - 2013-02-08 13:41 - 05030592 ___RA (Swearware) C:\Users\urflamingo\Downloads\ComboFix.exe 2013-02-08 00:02 - 2013-02-08 00:02 - 00001199 ___AC C:\AdwCleaner[R1].txt 2013-02-07 23:43 - 2012-07-31 13:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-02-07 23:10 - 2013-02-07 23:10 - 00582209 ____A C:\Users\urflamingo\Downloads\adwcleaner.exe 2013-02-07 23:07 - 2013-02-07 23:07 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE(1).exe 2013-02-07 23:06 - 2013-02-07 23:06 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE.exe 2013-02-07 23:06 - 2013-02-07 23:06 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-02-07 22:54 - 2013-02-07 22:54 - 00060754 ____A C:\Users\urflamingo\Desktop\JRT.txt 2013-02-07 22:50 - 2013-02-07 22:50 - 00000000 ____D C:\Windows\ERUNT 2013-02-07 22:48 - 2013-02-07 22:48 - 00000000 ___DC C:\JRT 2013-02-07 22:47 - 2013-02-07 22:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\Nicht bestätigt 518278.crdownload 2013-02-07 22:47 - 2013-02-07 22:46 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\JRT.exe 2013-02-07 21:25 - 2006-11-02 13:47 - 00634760 ____A C:\Windows\System32\FNTCACHE.DAT 2013-02-07 21:05 - 2013-02-07 21:05 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1 (1).txt 2013-02-07 21:04 - 2013-02-07 21:04 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1.txt 2013-02-07 14:57 - 2013-02-07 14:57 - 00097512 ____A C:\Users\urflamingo\Downloads\Extras.Txt 2013-02-07 14:40 - 2013-02-07 14:40 - 00365568 ____A C:\Users\urflamingo\Downloads\gmer_2.0.18454.exe 2013-02-07 14:19 - 2013-02-07 14:19 - 00602112 ____A (OldTimer Tools) C:\Users\urflamingo\Downloads\OTL.exe 2013-02-07 14:15 - 2013-02-07 14:14 - 00000482 ____A C:\Users\urflamingo\Downloads\defogger_disable.log 2013-02-07 14:14 - 2013-02-07 14:14 - 00000000 ____A C:\Users\urflamingo\defogger_reenable 2013-02-07 14:13 - 2013-02-07 14:12 - 00050477 ____A C:\Users\urflamingo\Downloads\Defogger.exe 2013-02-07 01:17 - 2008-09-09 02:52 - 01770546 ____A C:\Windows\WindowsUpdate.log 2013-02-07 01:17 - 2006-11-02 14:01 - 00032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-02-07 00:22 - 2013-02-07 00:22 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-02-07 00:22 - 2013-02-06 21:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-02-07 00:11 - 2012-12-13 21:32 - 00262144 ____A C:\Windows\System32\config\ELAM 2013-02-07 00:08 - 2012-12-12 12:50 - 00000000 ___RD C:\Users\urflamingo\Dropbox 2013-02-07 00:08 - 2012-12-12 12:45 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Dropbox 2013-02-06 23:37 - 2008-01-21 08:16 - 01673560 ____A C:\Windows\System32\PerfStringBackup.INI 2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Malwarebytes 2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\All Users\Malwarebytes 2013-02-06 21:54 - 2013-02-06 21:54 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\urflamingo\Downloads\mbam-setup-1.70.0.1100.exe 2013-02-06 21:49 - 2012-05-02 16:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-02-06 19:19 - 2010-11-14 23:58 - 33997193 ____A C:\Users\urflamingo\Downloads\otopaket.zip 2013-02-06 18:54 - 2013-02-06 18:51 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-02-06 18:00 - 2010-10-23 14:56 - 00000304 ____A C:\Windows\Tasks\next.job 2013-02-06 18:00 - 2009-08-03 09:23 - 00000452 ____A C:\Windows\Tasks\ParetoLogic Registration.job 2013-02-05 20:06 - 2012-12-13 23:21 - 00000000 ____D C:\Users\urflamingo\AppData\Local\CrashDumps 2013-02-05 18:31 - 2013-02-05 18:31 - 00351281 ____A C:\Users\urflamingo\Downloads\covertplayer_pro.zip 2013-02-05 18:31 - 2013-01-19 17:40 - 00000000 ____D C:\Users\urflamingo\Downloads\JVZoo 2013-02-05 18:11 - 2013-02-05 18:10 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\vlc 2013-02-05 18:09 - 2013-02-05 18:09 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-02-05 18:08 - 2013-02-05 18:08 - 00000000 ____D C:\Program Files\VideoLAN 2013-02-05 18:07 - 2013-02-05 18:07 - 22916830 ____A C:\Users\urflamingo\Downloads\vlc-2.0.5-win32.exe 2013-02-04 23:03 - 2012-01-19 18:06 - 00000000 ____D C:\Users\urflamingo\Documents\PDF Suite 2012 Files 2013-02-04 21:14 - 2010-11-30 17:57 - 00000000 ____D C:\Program Files\Common Files\ArcSoft 2013-02-04 21:14 - 2008-07-30 02:22 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-02-03 12:04 - 2013-02-03 12:05 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-02-03 12:04 - 2013-02-03 12:05 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-02-03 12:04 - 2013-02-03 12:05 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-02-03 12:04 - 2013-02-03 12:05 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-02-03 12:04 - 2012-11-06 16:51 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-02-03 12:04 - 2011-07-11 11:52 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-02-03 11:56 - 2012-12-12 12:50 - 00000938 ____A C:\Users\urflamingo\Desktop\Dropbox.lnk 2013-02-03 11:55 - 2010-03-01 20:26 - 00047104 ____A C:\Users\urflamingo\AppData\Local\WebpageIcons.db 2013-01-31 17:39 - 2013-01-31 17:39 - 00001875 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-01-31 17:39 - 2012-11-09 16:18 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-01-31 00:37 - 2010-02-09 21:58 - 00004096 ____A C:\Users\Public\Documents\00000ED4.LCS 2013-01-30 23:42 - 2013-01-30 23:42 - 00000840 ____A C:\Users\urflamingo\Desktop\CdCoverCreator.lnk 2013-01-30 23:42 - 2013-01-30 23:42 - 00000000 ____D C:\Program Files\CdCoverCreator 2013-01-30 23:41 - 2013-01-30 23:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3 (1).exe 2013-01-30 23:41 - 2013-01-30 23:40 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3.exe 2013-01-30 23:39 - 2013-01-30 23:39 - 00970480 ____A C:\Users\urflamingo\Downloads\setup (3).exe 2013-01-30 23:23 - 2013-01-30 23:23 - 00581184 ____A (www.download-sponsor.de) C:\Users\urflamingo\Downloads\Nicht bestätigt 154015.crdownload 2013-01-30 23:18 - 2013-01-30 23:18 - 00000756 ____A C:\Users\urflamingo\Desktop\MiPony.lnk 2013-01-30 23:18 - 2013-01-30 23:18 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\DSite 2013-01-30 23:17 - 2013-01-30 23:17 - 00663824 ____A C:\Users\urflamingo\Downloads\DownloadAcceleratorSetup.exe 2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c.exe 2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c (1).exe 2013-01-30 19:29 - 2013-01-28 19:04 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2013-01-30 16:46 - 2012-01-02 23:38 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Corel 2013-01-30 16:25 - 2013-01-30 16:25 - 00000000 ____D C:\Users\urflamingo\Corel 2013-01-30 16:20 - 2012-12-12 21:09 - 00000000 ____D C:\Users\All Users\Corel 2013-01-30 16:19 - 2013-01-30 16:19 - 00000040 ___AH C:\Windows\System32\ivireg.ivr 2013-01-30 16:18 - 2013-01-30 16:18 - 00001734 ____A C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk 2013-01-30 16:17 - 2012-12-12 21:00 - 00000000 ____D C:\Program Files\Corel 2013-01-30 16:06 - 2013-01-30 16:04 - 123908088 ____A (Acresso Software Inc.) C:\Users\urflamingo\Downloads\WinDVD11_Pro_TBYB.exe 2013-01-30 12:38 - 2009-08-03 09:23 - 00000426 ____A C:\Windows\Tasks\ParetoLogic Update Version2.job 2013-01-28 19:05 - 2013-01-28 19:05 - 00000000 ____D C:\Users\urflamingo\Documents\Nero 2013-01-28 19:03 - 2013-01-28 19:00 - 00000000 ____D C:\Users\All Users\Nero 2013-01-28 19:03 - 2013-01-28 18:57 - 00000000 ____D C:\Program Files\Nero 2013-01-28 19:01 - 2013-01-28 19:01 - 00000000 ____D C:\Program Files\Common Files\Nero 2013-01-28 16:31 - 2012-02-16 17:39 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX 2013-01-28 13:29 - 2013-01-28 13:29 - 00803471 ____A C:\Users\urflamingo\Downloads\label.psd 2013-01-25 19:32 - 2013-01-25 19:30 - 00000000 ____D C:\Users\urflamingo\Downloads\WP Plugins Chrisler Azon 2013-01-25 13:52 - 2013-01-25 13:52 - 08507373 ____A C:\Users\urflamingo\Downloads\pitch_me_your_idea_2003_2493.zip 2013-01-22 23:10 - 2010-11-28 16:00 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Audacity 2013-01-22 21:21 - 2013-01-22 21:21 - 00000000 ____D C:\Users\urflamingo\Documents\Recordpad 2013-01-20 15:41 - 2012-12-12 21:22 - 00000000 ____D C:\Users\All Users\SmartSound Software Inc 2013-01-19 19:22 - 2013-01-19 19:19 - 90257957 ____A C:\Users\urflamingo\Downloads\LeadGenTsunami.mp4 2013-01-19 17:41 - 2013-01-19 17:41 - 03041739 ____A C:\Users\urflamingo\Downloads\quiz2.zip 2013-01-19 01:42 - 2010-05-31 17:08 - 00000206 ____A C:\Windows\EurekaLog.ini 2013-01-19 01:30 - 2013-01-19 01:30 - 01864128 ____A ( ) C:\Users\urflamingo\Downloads\MiracleSqueezePageBuilder.exe 2013-01-19 01:30 - 2013-01-19 01:30 - 00001799 ____A C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk 2013-01-19 01:30 - 2013-01-19 01:30 - 00000000 ____D C:\Program Files\Miracle Squeeze Page Builder 2013-01-19 01:23 - 2013-01-19 01:23 - 00000841 ____A C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk 2013-01-19 01:23 - 2013-01-19 01:23 - 00000000 ____D C:\Program Files\PinDetective 2013-01-19 01:22 - 2013-01-19 01:22 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2(1).exe 2013-01-19 01:21 - 2013-01-19 01:21 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2.exe 2013-01-19 01:13 - 2013-01-19 01:13 - 00001069 ____A C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk 2013-01-19 01:13 - 2013-01-19 01:13 - 00000000 ____D C:\Program Files\PinAutomation - Affiliate Robot 2013-01-19 01:12 - 2013-01-19 01:12 - 00398725 ____A ( ) C:\Users\urflamingo\Downloads\AffiliateRobot-Setup.exe 2013-01-18 22:51 - 2009-08-06 21:00 - 00000000 ____D C:\Users\urflamingo\Documents\Camtasia Studio 2013-01-18 16:28 - 2013-01-18 16:28 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus 2013-01-18 14:58 - 2008-10-19 20:55 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\AVS4YOU 2013-01-18 14:57 - 2008-10-19 20:51 - 00000000 ____D C:\Program Files\AVS4YOU 2013-01-18 14:56 - 2013-01-18 14:56 - 00000970 ____A C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk 2013-01-18 14:22 - 2013-01-18 14:21 - 00004555 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log 2013-01-18 14:22 - 2009-08-01 19:08 - 00000000 ____D C:\Program Files\Java 2013-01-18 01:40 - 2013-01-18 01:40 - 00000000 ____D C:\Program Files\Citrix 2013-01-17 18:36 - 2013-01-17 18:36 - 00029053 ____A C:\Users\urflamingo\Documents\Versuch1.ffd 2013-01-17 16:34 - 2013-01-17 16:33 - 00000046 ____A C:\Windows\Speed.INI 2013-01-17 16:34 - 2013-01-17 16:33 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX Speed 2013-01-17 15:50 - 2013-01-17 15:50 - 00000024 ____A C:\Windows\System32\DKRNL.JAX 2013-01-17 15:50 - 2013-01-17 15:50 - 00000000 ____D C:\Users\urflamingo\Documents\Corel MotionStudio 3D 2013-01-17 15:49 - 2012-12-12 23:03 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Ulead Systems 2013-01-16 16:18 - 2010-06-27 19:33 - 00007592 ____A C:\Users\urflamingo\AppData\Local\d3d9caps.dat 2013-01-15 19:54 - 2012-03-19 12:57 - 00000000 ____D C:\Program Files\McAfee 2013-01-14 23:37 - 2013-01-14 23:21 - 00024576 ____A C:\Users\urflamingo\Documents\verguetungssysteme.dsam 2013-01-14 23:23 - 2010-05-05 17:28 - 00322760 ___AH C:\Windows\System32\mlfcache.dat 2013-01-14 23:13 - 2013-01-14 23:13 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42 (1).air 2013-01-14 18:24 - 2013-01-14 16:25 - 00005132 ____A C:\Users\urflamingo\Downloads\sitescripts.php 2013-01-14 13:43 - 2009-08-13 08:14 - 00143914 ____A C:\Users\All Users\nvModes.dat 2013-01-14 00:34 - 2013-01-14 00:34 - 00002269 ____R C:\Windows\E-MailVerifier_Uninstall.in 2013-01-14 00:34 - 2013-01-14 00:34 - 00000715 ____A C:\Users\urflamingo\Desktop\E-MailVerifier.lnk 2013-01-14 00:34 - 2013-01-14 00:34 - 00000000 ____D C:\Program Files\E-MailVerifier 2013-01-14 00:33 - 2013-01-14 00:33 - 00003306 ____R C:\Windows\SuperMailer_Uninstall.in 2013-01-14 00:33 - 2013-01-14 00:33 - 00000695 ____A C:\Users\urflamingo\Desktop\SuperMailer.lnk 2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\SuperMailer 2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Program Files\SuperMailer 2013-01-13 18:05 - 2013-01-13 18:05 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 2013-01-13 18:04 - 2013-01-13 18:04 - 00000776 ____A C:\Users\Public\Desktop\Market Samurai.lnk 2013-01-13 18:03 - 2013-01-13 18:03 - 00000000 ____D C:\Program Files\Market Samurai 2013-01-13 17:59 - 2013-01-13 17:59 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42.air 2013-01-11 16:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-01-11 14:40 - 2013-01-11 14:39 - 01054871 ____A C:\Users\urflamingo\Downloads\MLMpro_D.zip 2013-01-10 14:57 - 2013-01-10 14:54 - 344471060 ____A C:\Users\urflamingo\Downloads\starter-mitglied-856024.zip 2013-01-10 14:33 - 2006-11-02 11:23 - 00000275 ____A C:\Windows\win.ini 2013-01-10 14:15 - 2013-01-10 14:14 - 00276140 ____A C:\Windows\msxml4-KB2758694-enu.LOG 2013-01-10 13:48 - 2006-11-02 11:24 - 65273848 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-12-12 12:25] - [2012-08-21 12:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 3065.94 MB Available physical RAM: 2485.23 MB Total Pagefile: 10929.88 MB Available Pagefile: 10573.44 MB Total Virtual: 2047.88 MB Available Virtual: 1954.89 MB ==================== Partitions ============================= 1 Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:35.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (DATA) (Fixed) (Total:178.85 GB) (Free:100.95 GB) NTFS 3 Drive e: (DATA) (Fixed) (Total:140.5 GB) (Free:86.21 GB) NTFS 4 Drive f: () (Removable) (Total:3.84 GB) (Free:1.67 GB) FAT32 6 Drive h: (DATA) (Fixed) (Total:59.65 GB) (Free:55.37 GB) NTFS 7 Drive i: () (Removable) (Total:3.69 GB) (Free:3.23 GB) FAT32 8 Drive j: (DATA) (Fixed) (Total:59.58 GB) (Free:59.49 GB) NTFS Datentr ### Status Gr”áe Frei Dyn GPT -------- ---------- ------- ------- --- --- 0 Online 298 GB 0 B 1 Online 298 GB 0 B 2 Online 3782 MB 0 B 3 Online 3935 MB 0 B Last Boot: 2013-02-09 18:05 ==================== End Of Log ============================ Hast Du die schon gehabt? Ich hatte die Datei vom Desktop aus unter .... Ausführen gestartet. Zunächst hatte ich den Befehl in dem Reparatur-Tableau eingegeben. Aber da erhielt ich die Fehlermeldung: ... is not required as an internal or external command Was kann ich falsch gemacht haben? Normalstart geht leider noch immer nicht. Ich hatte eben noch nicht gecheckt, dass ein Umbruch auf Seite 2 stattgefunden hatte. Deshalb das wiederholte Posting. Bitte schau Dir doch noch einmal die Vorgehensbeschreibung zu FRST an. Da kriege ich irgendwie keinen Sinn rein. Nach "Command Prompt" öffnet sich ein System-Bildschirm. Da gebe ich "notepad" ein und es öffnet sich eine neue Datei in Notepad. Und was passiert jetzt? Muss ich da jetzt etwas eingeben? Oder hat das Ganze mit "speichern unter" nur den Zweck, den Laufwerks-Buchstaben herauszukriegen? Soll ich hier eine Leere Datei speichern? Wenn ja, unter welchem Namen? Wenn alles nur wegen des LW-Buchstabens war: Wie geht es denn jetzt nach "Notepad schließen" weiter? Wo soll ich F:\FRST.exe eingeben? Die Systemantwort in Command Prompt lautete übrigens komplett: ".. is not recognized as an internal or external command, operable program or batch" Hast Du noch eine Idee? Gruß urflamingo |
10.02.2013, 12:35 | #14 |
/// TB-Ausbilder | Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Servus, die Eingabe von notepad in die Eingabeaufforderung dient nur zur Ermittlung des Laufwerkbuchstabens, der zum USB-Stick gehört. Laut dem geposteten Logfile ist dein USB-Stick Laufwerk F: ! Ich versuche nun die Anleitung nochmal etwas zu verdeutlichen, da ich denke, dass du FRST nicht richtig ausgeführt hast. Bitte genau lesen:
|
10.02.2013, 13:35 | #15 |
| Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension Hallo Matthias, danke, danke, dass Du auch noch am Wochenende dran bleibst! Die Reaktionen von Computern sind manchmal unergründlich. Ich hatte auch vorher alles genau so gemacht wie beschrieben. Also kam auch wieder die vorher schon genannte Fehlermeldung "... is not recognized as .....command, operable program or batch" Dann kam mir ein Gedanke. Ich habe den Stick an meinen anderen USB-Anschluss gesteckt, an dem vorher der Drucker war. Nun erschien "G" als Laufwerk. Und plötzlich ging es! Hier der Inhalt der FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-02-2013 Ran by SYSTEM at 10-02-2013 13:08:21 Running from G:\ Windows Vista (TM) Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [167936 2008-07-18] (Acer Corp.) HKLM\...\Run: [TrayServer] C:\PROGRA~1\MAGIX\VIDEO_~2\TrayServer.exe [90112 2008-08-07] (MAGIX AG) HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2008-03-25] (Hewlett-Packard) HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-12] (Hewlett-Packard) HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [Skytel] Skytel.exe [x] HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278648 2012-09-12] (McAfee, Inc.) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.) HKLM\...\Run: [CorelCreatorClient] C:\Program Files\Corel\Corel PDF Fusion\CorelCreatorClient.exe [667648 2012-04-25] (Global Graphics Software Ltd.) HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] () HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] () HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\Default\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [24576 2007-08-21] () HKU\Default User\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [24576 2007-08-21] () HKU\urflamingo\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-10-04] (Google Inc.) HKU\urflamingo\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\urflamingo\...\Run: [SMASH] "C:\Program Files\SoftMaker Office Professional 2012 (Trial)\smash.exe" [233507 2012-05-07] (SoftMaker Software GmbH) HKU\urflamingo\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKU\urflamingo\...\Run: [DriverScanner] "C:\PROGRA~1\Uniblue\DRIVER~1\launcher.exe" delay 20000 [338296 2011-10-20] (Uniblue Systems Limited) HKLM\...\RunOnce: [OTL] "C:\Users\urflamingo\Downloads\OTL.exe" [602112 2013-02-07] (OldTimer Tools) Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [X] Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X] Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.) ==================== Services (Whitelisted) =================== 2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) 2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [356352 2006-12-27] (AVM Berlin) 2 BUNAgentSvc; "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [16384 2008-03-03] (NewTech Infosystems, Inc.) 2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () 2 CloudBerry Backup Service; "C:\Program Files\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe" [32256 2012-03-02] (CloudBerry Lab Inc.) 3 CorelCreatorMessages; "C:\Windows\system32\CorelCreatorMessages.exe" [73728 2012-04-25] (Global Graphics Software Ltd) 2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-01] () 2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [1840128 2011-05-24] (MAGIX AG) 3 FirebirdServerMAGIXInstance; "C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe" [2702848 2011-04-26] (MAGIX®) 2 gupdate1ca6630c49e7455; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-15] (Google Inc.) 2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3602432 2008-09-08] () 2 LanmanWorkstation; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-20] (Microsoft Corporation) 2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation) 2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.) 3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe" [234776 2012-10-26] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.) 3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [279048 2012-11-16] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [203400 2012-11-08] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [168880 2012-11-08] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [167344 2012-11-08] (McAfee, Inc.) 2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [110592 2007-12-06] () 2 MOBKbackup; "C:\Program Files\McAfee Online Backup\MOBKbackup.exe" [229688 2010-04-13] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.) 2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [769432 2012-07-13] (Nero AG) 2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () 3 PDF Suite 2012 Helper Service; "C:\Program Files\PDF Suite 2012\HelperService.exe" [813960 2011-12-07] (Interactive Brands Inc.) 2 PDF Suite 2012 Service; "C:\Program Files\PDF Suite 2012\ConversionService.exe" [886664 2011-12-07] (Interactive Brands Inc.) 2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated) 3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) 2 PSI_SVC_2; "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [x] ==================== Drivers (Whitelisted) ==================== 2 acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH) 3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) 0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-09-08] (Alfa Corporation) 1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [31576 2013-01-30] (AVG Technologies) 3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2006-12-27] (AVM Berlin) 3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-11-08] (McAfee, Inc.) 3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2009-03-28] (DemoForge, LLC) 3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2006-12-27] (AVM GmbH) 3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.) 3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [100736 2009-06-22] (Huawei Technologies Co., Ltd.) 2 int15; \??\C:\Windows\system32\drivers\int15.sys [69632 2007-01-25] () 3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47104 2008-05-19] (Atheros Communications, Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation) 0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [64832 2012-09-14] (McAfee, Inc.) 3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [132912 2012-11-08] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [234824 2012-11-08] (McAfee, Inc.) 3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65488 2012-11-08] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [362640 2012-11-08] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565352 2012-11-08] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-11-08] (McAfee, Inc.) 1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210136 2012-11-08] (McAfee, Inc.) 1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.) 2 regi; \??\C:\Windows\system32\drivers\regi.sys [13880 2010-11-16] (InterVideo) 3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-27] (Winbond Electronics Corporation) 2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 cpuz132; \??\C:\Users\URFLAM~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-02-09 09:57 - 2013-02-09 09:57 - 00042254 ____A C:\Users\urflamingo\Downloads\Aktivierungshinweise_Gold_Mitgliedschaft.zip 2013-02-09 07:43 - 2013-02-09 07:43 - 00000000 ___DC C:\_OTL 2013-02-09 03:32 - 2013-02-09 03:32 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller (1).exe 2013-02-09 03:31 - 2013-02-09 03:31 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller.exe 2013-02-09 03:26 - 2013-02-09 03:27 - 04732416 ____A (AVAST Software) C:\Users\urflamingo\Downloads\aswMBR.exe 2013-02-08 11:34 - 2013-02-08 11:34 - 00000000 ____D C:\Users\urflamingo\Downloads\covertplayer_pro 2013-02-08 05:40 - 2013-02-08 05:40 - 00026095 ___AC C:\ComboFix.txt 2013-02-08 04:54 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2013-02-08 04:54 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2013-02-08 04:54 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-02-08 04:54 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-02-08 04:54 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-02-08 04:54 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2013-02-08 04:54 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2013-02-08 04:54 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2013-02-08 04:43 - 2013-02-08 05:40 - 00000000 ___DC C:\Qoobox 2013-02-08 04:42 - 2013-02-08 05:38 - 00000000 ____D C:\Windows\erdnt 2013-02-08 04:41 - 2013-02-08 04:41 - 05030592 ___RA (Swearware) C:\Users\urflamingo\Downloads\ComboFix.exe 2013-02-07 15:02 - 2013-02-07 15:02 - 00001199 ___AC C:\AdwCleaner[R1].txt 2013-02-07 14:10 - 2013-02-07 14:10 - 00582209 ____A C:\Users\urflamingo\Downloads\adwcleaner.exe 2013-02-07 14:07 - 2013-02-07 14:07 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE(1).exe 2013-02-07 14:06 - 2013-02-07 14:06 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE.exe 2013-02-07 14:06 - 2013-02-07 14:06 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-02-07 13:54 - 2013-02-07 13:54 - 00060754 ____A C:\Users\urflamingo\Desktop\JRT.txt 2013-02-07 13:50 - 2013-02-07 13:50 - 00000000 ____D C:\Windows\ERUNT 2013-02-07 13:48 - 2013-02-07 13:48 - 00000000 ___DC C:\JRT 2013-02-07 13:47 - 2013-02-07 13:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\Nicht bestätigt 518278.crdownload 2013-02-07 13:46 - 2013-02-07 13:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\JRT.exe 2013-02-07 12:05 - 2013-02-07 12:05 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1 (1).txt 2013-02-07 12:04 - 2013-02-07 12:04 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1.txt 2013-02-07 05:57 - 2013-02-07 05:57 - 00097512 ____A C:\Users\urflamingo\Downloads\Extras.Txt 2013-02-07 05:56 - 2013-02-09 07:33 - 00157902 ____A C:\Users\urflamingo\Downloads\OTL.Txt 2013-02-07 05:40 - 2013-02-07 05:40 - 00365568 ____A C:\Users\urflamingo\Downloads\gmer_2.0.18454.exe 2013-02-07 05:19 - 2013-02-07 05:19 - 00602112 ____A (OldTimer Tools) C:\Users\urflamingo\Downloads\OTL.exe 2013-02-07 05:14 - 2013-02-07 05:15 - 00000482 ____A C:\Users\urflamingo\Downloads\defogger_disable.log 2013-02-07 05:14 - 2013-02-07 05:14 - 00000000 ____A C:\Users\urflamingo\defogger_reenable 2013-02-07 05:12 - 2013-02-07 05:13 - 00050477 ____A C:\Users\urflamingo\Downloads\Defogger.exe 2013-02-06 15:22 - 2013-02-06 15:22 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-02-06 15:21 - 2012-12-14 07:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-02-06 12:56 - 2013-02-06 15:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-02-06 12:56 - 2013-02-06 12:56 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Malwarebytes 2013-02-06 12:56 - 2013-02-06 12:56 - 00000000 ____D C:\Users\All Users\Malwarebytes 2013-02-06 12:54 - 2013-02-06 12:54 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\urflamingo\Downloads\mbam-setup-1.70.0.1100.exe 2013-02-06 09:51 - 2013-02-06 09:54 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-02-05 09:31 - 2013-02-05 09:31 - 00351281 ____A C:\Users\urflamingo\Downloads\covertplayer_pro.zip 2013-02-05 09:10 - 2013-02-05 09:11 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\vlc 2013-02-05 09:09 - 2013-02-05 09:09 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-02-05 09:08 - 2013-02-05 09:08 - 00000000 ____D C:\Program Files\VideoLAN 2013-02-05 09:07 - 2013-02-05 09:07 - 22916830 ____A C:\Users\urflamingo\Downloads\vlc-2.0.5-win32.exe 2013-02-03 03:05 - 2013-02-03 03:04 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-02-03 03:05 - 2013-02-03 03:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-02-03 03:05 - 2013-02-03 03:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-02-03 03:05 - 2013-02-03 03:04 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-01-31 08:39 - 2013-01-31 08:39 - 00001875 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-01-30 14:42 - 2013-01-30 14:42 - 00000840 ____A C:\Users\urflamingo\Desktop\CdCoverCreator.lnk 2013-01-30 14:42 - 2013-01-30 14:42 - 00000000 ____D C:\Program Files\CdCoverCreator 2013-01-30 14:41 - 2013-01-30 14:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3 (1).exe 2013-01-30 14:40 - 2013-01-30 14:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3.exe 2013-01-30 14:39 - 2013-01-30 14:39 - 00970480 ____A C:\Users\urflamingo\Downloads\setup (3).exe 2013-01-30 14:23 - 2013-01-30 14:23 - 00581184 ____A (www.download-sponsor.de) C:\Users\urflamingo\Downloads\Nicht bestätigt 154015.crdownload 2013-01-30 14:18 - 2013-01-30 14:18 - 00000756 ____A C:\Users\urflamingo\Desktop\MiPony.lnk 2013-01-30 14:18 - 2013-01-30 14:18 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\DSite 2013-01-30 14:17 - 2013-01-30 14:17 - 00663824 ____A C:\Users\urflamingo\Downloads\DownloadAcceleratorSetup.exe 2013-01-30 14:14 - 2013-01-30 14:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c.exe 2013-01-30 14:14 - 2013-01-30 14:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c (1).exe 2013-01-30 07:25 - 2013-01-30 07:25 - 00000000 ____D C:\Users\urflamingo\Corel 2013-01-30 07:19 - 2013-01-30 07:19 - 00000040 ___AH C:\Windows\System32\ivireg.ivr 2013-01-30 07:18 - 2013-01-30 07:18 - 00001734 ____A C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk 2013-01-30 07:18 - 2010-11-16 07:24 - 00013880 ____A (InterVideo) C:\Windows\System32\Drivers\regi.sys 2013-01-30 07:04 - 2013-01-30 07:06 - 123908088 ____A (Acresso Software Inc.) C:\Users\urflamingo\Downloads\WinDVD11_Pro_TBYB.exe 2013-01-28 10:05 - 2013-01-28 10:05 - 00000000 ____D C:\Users\urflamingo\Documents\Nero 2013-01-28 10:04 - 2013-01-30 10:29 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2013-01-28 10:01 - 2013-01-28 10:01 - 00000000 ____D C:\Program Files\Common Files\Nero 2013-01-28 10:00 - 2013-01-28 10:03 - 00000000 ____D C:\Users\All Users\Nero 2013-01-28 09:57 - 2013-01-28 10:03 - 00000000 ____D C:\Program Files\Nero 2013-01-28 04:29 - 2013-01-28 04:29 - 00803471 ____A C:\Users\urflamingo\Downloads\label.psd 2013-01-25 10:30 - 2013-01-25 10:32 - 00000000 ____D C:\Users\urflamingo\Downloads\WP Plugins Chrisler Azon 2013-01-25 04:52 - 2013-01-25 04:52 - 08507373 ____A C:\Users\urflamingo\Downloads\pitch_me_your_idea_2003_2493.zip 2013-01-22 12:21 - 2013-01-22 12:21 - 00000000 ____D C:\Users\urflamingo\Documents\Recordpad 2013-01-19 10:19 - 2013-01-19 10:22 - 90257957 ____A C:\Users\urflamingo\Downloads\LeadGenTsunami.mp4 2013-01-19 08:41 - 2013-01-19 08:41 - 03041739 ____A C:\Users\urflamingo\Downloads\quiz2.zip 2013-01-19 08:40 - 2013-02-05 09:31 - 00000000 ____D C:\Users\urflamingo\Downloads\JVZoo 2013-01-18 16:30 - 2013-01-18 16:30 - 01864128 ____A ( ) C:\Users\urflamingo\Downloads\MiracleSqueezePageBuilder.exe 2013-01-18 16:30 - 2013-01-18 16:30 - 00001799 ____A C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk 2013-01-18 16:30 - 2013-01-18 16:30 - 00000000 ____D C:\Program Files\Miracle Squeeze Page Builder 2013-01-18 16:23 - 2013-01-18 16:23 - 00000841 ____A C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk 2013-01-18 16:23 - 2013-01-18 16:23 - 00000000 ____D C:\Program Files\PinDetective 2013-01-18 16:22 - 2013-01-18 16:22 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2(1).exe 2013-01-18 16:21 - 2013-01-18 16:21 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2.exe 2013-01-18 16:13 - 2013-01-18 16:13 - 00001069 ____A C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk 2013-01-18 16:13 - 2013-01-18 16:13 - 00000000 ____D C:\Program Files\PinAutomation - Affiliate Robot 2013-01-18 16:12 - 2013-01-18 16:12 - 00398725 ____A ( ) C:\Users\urflamingo\Downloads\AffiliateRobot-Setup.exe 2013-01-18 07:28 - 2013-01-18 07:28 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus 2013-01-18 05:56 - 2013-01-18 05:56 - 00000970 ____A C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk 2013-01-18 05:21 - 2013-01-18 05:22 - 00004555 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log 2013-01-17 16:40 - 2013-01-17 16:40 - 00000000 ____D C:\Program Files\Citrix 2013-01-17 09:36 - 2013-01-17 09:36 - 00029053 ____A C:\Users\urflamingo\Documents\Versuch1.ffd 2013-01-17 07:33 - 2013-01-17 07:34 - 00000046 ____A C:\Windows\Speed.INI 2013-01-17 07:33 - 2013-01-17 07:34 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX Speed 2013-01-17 06:50 - 2013-01-17 06:50 - 00000024 ____A C:\Windows\System32\DKRNL.JAX 2013-01-17 06:50 - 2013-01-17 06:50 - 00000000 ____D C:\Users\urflamingo\Documents\Corel MotionStudio 3D 2013-01-14 14:21 - 2013-01-14 14:37 - 00024576 ____A C:\Users\urflamingo\Documents\verguetungssysteme.dsam 2013-01-14 14:13 - 2013-01-14 14:13 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42 (1).air 2013-01-14 07:25 - 2013-01-14 09:24 - 00005132 ____A C:\Users\urflamingo\Downloads\sitescripts.php 2013-01-13 15:34 - 2013-01-13 15:34 - 00002269 ____R C:\Windows\E-MailVerifier_Uninstall.in 2013-01-13 15:34 - 2013-01-13 15:34 - 00000715 ____A C:\Users\urflamingo\Desktop\E-MailVerifier.lnk 2013-01-13 15:34 - 2013-01-13 15:34 - 00000000 ____D C:\Program Files\E-MailVerifier 2013-01-13 15:34 - 2010-02-02 03:30 - 00331136 ____A (Mirko Böer) C:\Windows\EMVUn.EXE 2013-01-13 15:33 - 2013-01-13 15:33 - 00003306 ____R C:\Windows\SuperMailer_Uninstall.in 2013-01-13 15:33 - 2013-01-13 15:33 - 00000695 ____A C:\Users\urflamingo\Desktop\SuperMailer.lnk 2013-01-13 15:33 - 2013-01-13 15:33 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\SuperMailer 2013-01-13 15:33 - 2013-01-13 15:33 - 00000000 ____D C:\Program Files\SuperMailer 2013-01-13 15:33 - 2010-03-17 01:45 - 00331136 ____A (Mirko Böer) C:\Windows\SMUn.EXE 2013-01-13 09:05 - 2013-01-13 09:05 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 2013-01-13 09:04 - 2013-01-13 09:04 - 00000776 ____A C:\Users\Public\Desktop\Market Samurai.lnk 2013-01-13 09:03 - 2013-01-13 09:03 - 00000000 ____D C:\Program Files\Market Samurai 2013-01-13 08:59 - 2013-01-13 08:59 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42.air 2013-01-11 05:39 - 2013-01-11 05:40 - 01054871 ____A C:\Users\urflamingo\Downloads\MLMpro_D.zip ==================== One Month Modified Files and Folders ======== 2013-02-10 03:24 - 2012-05-29 07:33 - 00001699 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk 2013-02-10 03:18 - 2008-01-20 18:47 - 20971084 ____A C:\Windows\PFRO.log 2013-02-10 03:08 - 2009-08-13 01:31 - 00143914 ____A C:\Users\All Users\nvModes.001 2013-02-10 03:08 - 2008-09-08 18:07 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml 2013-02-10 03:08 - 2008-07-29 18:13 - 00000147 ____A C:\Windows\System32\agent.log 2013-02-10 03:08 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-02-10 03:08 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-02-10 03:08 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-02-09 13:18 - 2010-06-27 10:33 - 00008268 ____A C:\Users\urflamingo\AppData\Local\d3d9caps.dat 2013-02-09 12:49 - 2012-01-19 08:46 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\PDF Software 2013-02-09 11:33 - 2013-02-09 11:33 - 00000000 ___DC C:\FRST 2013-02-09 11:19 - 2009-11-15 12:28 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-02-09 09:57 - 2013-02-09 09:57 - 00042254 ____A C:\Users\urflamingo\Downloads\Aktivierungshinweise_Gold_Mitgliedschaft.zip 2013-02-09 07:43 - 2013-02-09 07:43 - 00000000 ___DC C:\_OTL 2013-02-09 07:33 - 2013-02-07 05:56 - 00157902 ____A C:\Users\urflamingo\Downloads\OTL.Txt 2013-02-09 04:17 - 2012-12-26 11:39 - 00000338 ____A C:\Windows\Tasks\DriverScanner.job 2013-02-09 04:17 - 2009-11-15 12:28 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-02-09 03:43 - 2008-10-04 13:22 - 00075264 ____A C:\Users\urflamingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-02-09 03:32 - 2013-02-09 03:32 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller (1).exe 2013-02-09 03:31 - 2013-02-09 03:31 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller.exe 2013-02-09 03:27 - 2013-02-09 03:26 - 04732416 ____A (AVAST Software) C:\Users\urflamingo\Downloads\aswMBR.exe 2013-02-08 12:14 - 2010-02-21 19:07 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\FileZilla 2013-02-08 11:34 - 2013-02-08 11:34 - 00000000 ____D C:\Users\urflamingo\Downloads\covertplayer_pro 2013-02-08 05:40 - 2013-02-08 05:40 - 00026095 ___AC C:\ComboFix.txt 2013-02-08 05:40 - 2013-02-08 04:43 - 00000000 ___DC C:\Qoobox 2013-02-08 05:40 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public 2013-02-08 05:38 - 2013-02-08 04:42 - 00000000 ____D C:\Windows\erdnt 2013-02-08 05:32 - 2006-11-02 02:23 - 00000215 ___AC C:\Windows\system.ini 2013-02-08 05:21 - 2008-10-04 06:09 - 00000000 ____D C:\users\urflamingo 2013-02-08 04:41 - 2013-02-08 04:41 - 05030592 ___RA (Swearware) C:\Users\urflamingo\Downloads\ComboFix.exe 2013-02-07 15:02 - 2013-02-07 15:02 - 00001199 ___AC C:\AdwCleaner[R1].txt 2013-02-07 14:43 - 2012-07-31 04:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-02-07 14:10 - 2013-02-07 14:10 - 00582209 ____A C:\Users\urflamingo\Downloads\adwcleaner.exe 2013-02-07 14:07 - 2013-02-07 14:07 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE(1).exe 2013-02-07 14:06 - 2013-02-07 14:06 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE.exe 2013-02-07 14:06 - 2013-02-07 14:06 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-02-07 13:54 - 2013-02-07 13:54 - 00060754 ____A C:\Users\urflamingo\Desktop\JRT.txt 2013-02-07 13:50 - 2013-02-07 13:50 - 00000000 ____D C:\Windows\ERUNT 2013-02-07 13:48 - 2013-02-07 13:48 - 00000000 ___DC C:\JRT 2013-02-07 13:47 - 2013-02-07 13:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\Nicht bestätigt 518278.crdownload 2013-02-07 13:47 - 2013-02-07 13:46 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\JRT.exe 2013-02-07 12:25 - 2006-11-02 04:47 - 00634760 ____A C:\Windows\System32\FNTCACHE.DAT 2013-02-07 12:05 - 2013-02-07 12:05 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1 (1).txt 2013-02-07 12:04 - 2013-02-07 12:04 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1.txt 2013-02-07 05:57 - 2013-02-07 05:57 - 00097512 ____A C:\Users\urflamingo\Downloads\Extras.Txt 2013-02-07 05:40 - 2013-02-07 05:40 - 00365568 ____A C:\Users\urflamingo\Downloads\gmer_2.0.18454.exe 2013-02-07 05:19 - 2013-02-07 05:19 - 00602112 ____A (OldTimer Tools) C:\Users\urflamingo\Downloads\OTL.exe 2013-02-07 05:15 - 2013-02-07 05:14 - 00000482 ____A C:\Users\urflamingo\Downloads\defogger_disable.log 2013-02-07 05:14 - 2013-02-07 05:14 - 00000000 ____A C:\Users\urflamingo\defogger_reenable 2013-02-07 05:13 - 2013-02-07 05:12 - 00050477 ____A C:\Users\urflamingo\Downloads\Defogger.exe 2013-02-06 16:17 - 2008-09-08 17:52 - 01770546 ____A C:\Windows\WindowsUpdate.log 2013-02-06 16:17 - 2006-11-02 05:01 - 00032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-02-06 15:22 - 2013-02-06 15:22 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-02-06 15:22 - 2013-02-06 12:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-02-06 15:11 - 2012-12-13 12:32 - 00262144 ____A C:\Windows\System32\config\ELAM 2013-02-06 15:08 - 2012-12-12 03:50 - 00000000 ___RD C:\Users\urflamingo\Dropbox 2013-02-06 15:08 - 2012-12-12 03:45 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Dropbox 2013-02-06 14:37 - 2008-01-20 23:16 - 01673560 ____A C:\Windows\System32\PerfStringBackup.INI 2013-02-06 12:56 - 2013-02-06 12:56 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Malwarebytes 2013-02-06 12:56 - 2013-02-06 12:56 - 00000000 ____D C:\Users\All Users\Malwarebytes 2013-02-06 12:54 - 2013-02-06 12:54 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\urflamingo\Downloads\mbam-setup-1.70.0.1100.exe 2013-02-06 12:49 - 2012-05-02 07:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-02-06 10:19 - 2010-11-14 14:58 - 33997193 ____A C:\Users\urflamingo\Downloads\otopaket.zip 2013-02-06 09:54 - 2013-02-06 09:51 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-02-06 09:00 - 2010-10-23 05:56 - 00000304 ____A C:\Windows\Tasks\next.job 2013-02-06 09:00 - 2009-08-03 00:23 - 00000452 ____A C:\Windows\Tasks\ParetoLogic Registration.job 2013-02-05 11:06 - 2012-12-13 14:21 - 00000000 ____D C:\Users\urflamingo\AppData\Local\CrashDumps 2013-02-05 09:31 - 2013-02-05 09:31 - 00351281 ____A C:\Users\urflamingo\Downloads\covertplayer_pro.zip 2013-02-05 09:31 - 2013-01-19 08:40 - 00000000 ____D C:\Users\urflamingo\Downloads\JVZoo 2013-02-05 09:11 - 2013-02-05 09:10 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\vlc 2013-02-05 09:09 - 2013-02-05 09:09 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-02-05 09:08 - 2013-02-05 09:08 - 00000000 ____D C:\Program Files\VideoLAN 2013-02-05 09:07 - 2013-02-05 09:07 - 22916830 ____A C:\Users\urflamingo\Downloads\vlc-2.0.5-win32.exe 2013-02-04 14:03 - 2012-01-19 09:06 - 00000000 ____D C:\Users\urflamingo\Documents\PDF Suite 2012 Files 2013-02-04 12:14 - 2010-11-30 08:57 - 00000000 ____D C:\Program Files\Common Files\ArcSoft 2013-02-04 12:14 - 2008-07-29 17:22 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-02-03 03:04 - 2013-02-03 03:05 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-02-03 03:04 - 2013-02-03 03:05 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-02-03 03:04 - 2013-02-03 03:05 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-02-03 03:04 - 2013-02-03 03:05 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-02-03 03:04 - 2012-11-06 07:51 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-02-03 03:04 - 2011-07-11 02:52 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-02-03 02:56 - 2012-12-12 03:50 - 00000938 ____A C:\Users\urflamingo\Desktop\Dropbox.lnk 2013-02-03 02:55 - 2010-03-01 11:26 - 00047104 ____A C:\Users\urflamingo\AppData\Local\WebpageIcons.db 2013-01-31 08:39 - 2013-01-31 08:39 - 00001875 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-01-31 08:39 - 2012-11-09 07:18 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-01-30 15:37 - 2010-02-09 12:58 - 00004096 ____A C:\Users\Public\Documents\00000ED4.LCS 2013-01-30 14:42 - 2013-01-30 14:42 - 00000840 ____A C:\Users\urflamingo\Desktop\CdCoverCreator.lnk 2013-01-30 14:42 - 2013-01-30 14:42 - 00000000 ____D C:\Program Files\CdCoverCreator 2013-01-30 14:41 - 2013-01-30 14:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3 (1).exe 2013-01-30 14:41 - 2013-01-30 14:40 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3.exe 2013-01-30 14:39 - 2013-01-30 14:39 - 00970480 ____A C:\Users\urflamingo\Downloads\setup (3).exe 2013-01-30 14:23 - 2013-01-30 14:23 - 00581184 ____A (www.download-sponsor.de) C:\Users\urflamingo\Downloads\Nicht bestätigt 154015.crdownload 2013-01-30 14:18 - 2013-01-30 14:18 - 00000756 ____A C:\Users\urflamingo\Desktop\MiPony.lnk 2013-01-30 14:18 - 2013-01-30 14:18 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\DSite 2013-01-30 14:17 - 2013-01-30 14:17 - 00663824 ____A C:\Users\urflamingo\Downloads\DownloadAcceleratorSetup.exe 2013-01-30 14:14 - 2013-01-30 14:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c.exe 2013-01-30 14:14 - 2013-01-30 14:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c (1).exe 2013-01-30 10:29 - 2013-01-28 10:04 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2013-01-30 07:46 - 2012-01-02 14:38 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Corel 2013-01-30 07:25 - 2013-01-30 07:25 - 00000000 ____D C:\Users\urflamingo\Corel 2013-01-30 07:20 - 2012-12-12 12:09 - 00000000 ____D C:\Users\All Users\Corel 2013-01-30 07:19 - 2013-01-30 07:19 - 00000040 ___AH C:\Windows\System32\ivireg.ivr 2013-01-30 07:18 - 2013-01-30 07:18 - 00001734 ____A C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk 2013-01-30 07:17 - 2012-12-12 12:00 - 00000000 ____D C:\Program Files\Corel 2013-01-30 07:06 - 2013-01-30 07:04 - 123908088 ____A (Acresso Software Inc.) C:\Users\urflamingo\Downloads\WinDVD11_Pro_TBYB.exe 2013-01-30 03:38 - 2009-08-03 00:23 - 00000426 ____A C:\Windows\Tasks\ParetoLogic Update Version2.job 2013-01-28 10:05 - 2013-01-28 10:05 - 00000000 ____D C:\Users\urflamingo\Documents\Nero 2013-01-28 10:03 - 2013-01-28 10:00 - 00000000 ____D C:\Users\All Users\Nero 2013-01-28 10:03 - 2013-01-28 09:57 - 00000000 ____D C:\Program Files\Nero 2013-01-28 10:01 - 2013-01-28 10:01 - 00000000 ____D C:\Program Files\Common Files\Nero 2013-01-28 07:31 - 2012-02-16 08:39 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX 2013-01-28 04:29 - 2013-01-28 04:29 - 00803471 ____A C:\Users\urflamingo\Downloads\label.psd 2013-01-25 10:32 - 2013-01-25 10:30 - 00000000 ____D C:\Users\urflamingo\Downloads\WP Plugins Chrisler Azon 2013-01-25 04:52 - 2013-01-25 04:52 - 08507373 ____A C:\Users\urflamingo\Downloads\pitch_me_your_idea_2003_2493.zip 2013-01-22 14:10 - 2010-11-28 07:00 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Audacity 2013-01-22 12:21 - 2013-01-22 12:21 - 00000000 ____D C:\Users\urflamingo\Documents\Recordpad 2013-01-20 06:41 - 2012-12-12 12:22 - 00000000 ____D C:\Users\All Users\SmartSound Software Inc 2013-01-19 10:22 - 2013-01-19 10:19 - 90257957 ____A C:\Users\urflamingo\Downloads\LeadGenTsunami.mp4 2013-01-19 08:41 - 2013-01-19 08:41 - 03041739 ____A C:\Users\urflamingo\Downloads\quiz2.zip 2013-01-18 16:42 - 2010-05-31 08:08 - 00000206 ____A C:\Windows\EurekaLog.ini 2013-01-18 16:30 - 2013-01-18 16:30 - 01864128 ____A ( ) C:\Users\urflamingo\Downloads\MiracleSqueezePageBuilder.exe 2013-01-18 16:30 - 2013-01-18 16:30 - 00001799 ____A C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk 2013-01-18 16:30 - 2013-01-18 16:30 - 00000000 ____D C:\Program Files\Miracle Squeeze Page Builder 2013-01-18 16:23 - 2013-01-18 16:23 - 00000841 ____A C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk 2013-01-18 16:23 - 2013-01-18 16:23 - 00000000 ____D C:\Program Files\PinDetective 2013-01-18 16:22 - 2013-01-18 16:22 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2(1).exe 2013-01-18 16:21 - 2013-01-18 16:21 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2.exe 2013-01-18 16:13 - 2013-01-18 16:13 - 00001069 ____A C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk 2013-01-18 16:13 - 2013-01-18 16:13 - 00000000 ____D C:\Program Files\PinAutomation - Affiliate Robot 2013-01-18 16:12 - 2013-01-18 16:12 - 00398725 ____A ( ) C:\Users\urflamingo\Downloads\AffiliateRobot-Setup.exe 2013-01-18 13:51 - 2009-08-06 12:00 - 00000000 ____D C:\Users\urflamingo\Documents\Camtasia Studio 2013-01-18 07:28 - 2013-01-18 07:28 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus 2013-01-18 05:58 - 2008-10-19 11:55 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\AVS4YOU 2013-01-18 05:57 - 2008-10-19 11:51 - 00000000 ____D C:\Program Files\AVS4YOU 2013-01-18 05:56 - 2013-01-18 05:56 - 00000970 ____A C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk 2013-01-18 05:22 - 2013-01-18 05:21 - 00004555 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log 2013-01-18 05:22 - 2009-08-01 10:08 - 00000000 ____D C:\Program Files\Java 2013-01-17 16:40 - 2013-01-17 16:40 - 00000000 ____D C:\Program Files\Citrix 2013-01-17 09:36 - 2013-01-17 09:36 - 00029053 ____A C:\Users\urflamingo\Documents\Versuch1.ffd 2013-01-17 07:34 - 2013-01-17 07:33 - 00000046 ____A C:\Windows\Speed.INI 2013-01-17 07:34 - 2013-01-17 07:33 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX Speed 2013-01-17 06:50 - 2013-01-17 06:50 - 00000024 ____A C:\Windows\System32\DKRNL.JAX 2013-01-17 06:50 - 2013-01-17 06:50 - 00000000 ____D C:\Users\urflamingo\Documents\Corel MotionStudio 3D 2013-01-17 06:49 - 2012-12-12 14:03 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Ulead Systems 2013-01-15 10:54 - 2012-03-19 03:57 - 00000000 ____D C:\Program Files\McAfee 2013-01-14 14:37 - 2013-01-14 14:21 - 00024576 ____A C:\Users\urflamingo\Documents\verguetungssysteme.dsam 2013-01-14 14:23 - 2010-05-05 08:28 - 00322760 ___AH C:\Windows\System32\mlfcache.dat 2013-01-14 14:13 - 2013-01-14 14:13 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42 (1).air 2013-01-14 09:24 - 2013-01-14 07:25 - 00005132 ____A C:\Users\urflamingo\Downloads\sitescripts.php 2013-01-14 04:43 - 2009-08-12 23:14 - 00143914 ____A C:\Users\All Users\nvModes.dat 2013-01-13 15:34 - 2013-01-13 15:34 - 00002269 ____R C:\Windows\E-MailVerifier_Uninstall.in 2013-01-13 15:34 - 2013-01-13 15:34 - 00000715 ____A C:\Users\urflamingo\Desktop\E-MailVerifier.lnk 2013-01-13 15:34 - 2013-01-13 15:34 - 00000000 ____D C:\Program Files\E-MailVerifier 2013-01-13 15:33 - 2013-01-13 15:33 - 00003306 ____R C:\Windows\SuperMailer_Uninstall.in 2013-01-13 15:33 - 2013-01-13 15:33 - 00000695 ____A C:\Users\urflamingo\Desktop\SuperMailer.lnk 2013-01-13 15:33 - 2013-01-13 15:33 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\SuperMailer 2013-01-13 15:33 - 2013-01-13 15:33 - 00000000 ____D C:\Program Files\SuperMailer 2013-01-13 09:05 - 2013-01-13 09:05 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 2013-01-13 09:04 - 2013-01-13 09:04 - 00000776 ____A C:\Users\Public\Desktop\Market Samurai.lnk 2013-01-13 09:03 - 2013-01-13 09:03 - 00000000 ____D C:\Program Files\Market Samurai 2013-01-13 08:59 - 2013-01-13 08:59 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42.air 2013-01-11 07:37 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-01-11 05:40 - 2013-01-11 05:39 - 01054871 ____A C:\Users\urflamingo\Downloads\MLMpro_D.zip ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-12-12 03:25] - [2012-08-21 03:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-02-03 03:02:33 Restore point made on: 2013-02-04 12:14:10 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 4090.07 MB Available physical RAM: 3718.34 MB Total Pagefile: 3955.55 MB Available Pagefile: 3805.2 MB Total Virtual: 2047.88 MB Available Virtual: 1982.35 MB ==================== Partitions ============================= 1 Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:35.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (DATA) (Fixed) (Total:178.85 GB) (Free:105.44 GB) NTFS 3 Drive e: (DATA) (Fixed) (Total:59.58 GB) (Free:59.49 GB) NTFS 4 Drive f: () (Removable) (Total:3.69 GB) (Free:3.23 GB) FAT32 5 Drive g: () (Removable) (Total:3.84 GB) (Free:1.67 GB) FAT32 6 Drive h: (DATA) (Fixed) (Total:140.5 GB) (Free:86.21 GB) NTFS 7 Drive i: (DATA) (Fixed) (Total:59.65 GB) (Free:55.37 GB) NTFS 9 Drive x: (PQSERVICE) (Fixed) (Total:10 GB) (Free:0.7 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 298 GB 1563 KB Disk 2 Online 3782 MB 0 B Disk 3 Online 3935 MB 0 B Partitions of Disk 0: =============== ACTIVE - Mark the selected basic partition as active. ADD - Add a mirror to a simple volume. ASSIGN - Assign a drive letter or mount point to the selected volume. ATTRIBUTES - Manipulate volume attributes. AUTOMOUNT - Enable and disable automatic mounting of basic volumes. BREAK - Break a mirror set. CLEAN - Clear the configuration information, or all information, off the disk. CONVERT - Convert between different disk formats. CREATE - Create a volume or partition. DELETE - Delete an object. DETAIL - Provide details about an object. EXIT - Exit DiskPart. EXTEND - Extend a volume. FILESYSTEMS - Display current and supported file systems on the volume. FORMAT - Format the volume or partition. GPT - Assign attributes to the selected GPT partition. HELP - Display a list of commands. IMPORT - Import a disk group. INACTIVE - Mark the selected basic partition as inactive. LIST - Display a list of objects. ONLINE - Online a disk that is currently marked as offline. REM - Does nothing. This is used to comment scripts. REMOVE - Remove a drive letter or mount point assignment. REPAIR - Repair a RAID-5 volume with a failed member. RESCAN - Rescan the computer looking for disks and volumes. RETAIN - Place a retained partition under a simple volume. SELECT - Shift the focus to an object. SETID - Change the partition type. SHRINK - Reduce the size of the selected volume. ========================================================= Partitions of Disk 1: =============== ACTIVE - Mark the selected basic partition as active. ADD - Add a mirror to a simple volume. ASSIGN - Assign a drive letter or mount point to the selected volume. ATTRIBUTES - Manipulate volume attributes. AUTOMOUNT - Enable and disable automatic mounting of basic volumes. BREAK - Break a mirror set. CLEAN - Clear the configuration information, or all information, off the disk. CONVERT - Convert between different disk formats. CREATE - Create a volume or partition. DELETE - Delete an object. DETAIL - Provide details about an object. EXIT - Exit DiskPart. EXTEND - Extend a volume. FILESYSTEMS - Display current and supported file systems on the volume. FORMAT - Format the volume or partition. GPT - Assign attributes to the selected GPT partition. HELP - Display a list of commands. IMPORT - Import a disk group. INACTIVE - Mark the selected basic partition as inactive. LIST - Display a list of objects. ONLINE - Online a disk that is currently marked as offline. REM - Does nothing. This is used to comment scripts. REMOVE - Remove a drive letter or mount point assignment. REPAIR - Repair a RAID-5 volume with a failed member. RESCAN - Rescan the computer looking for disks and volumes. RETAIN - Place a retained partition under a simple volume. SELECT - Shift the focus to an object. SETID - Change the partition type. SHRINK - Reduce the size of the selected volume. ========================================================= Partitions of Disk 2: =============== ACTIVE - Mark the selected basic partition as active. ADD - Add a mirror to a simple volume. ASSIGN - Assign a drive letter or mount point to the selected volume. ATTRIBUTES - Manipulate volume attributes. AUTOMOUNT - Enable and disable automatic mounting of basic volumes. BREAK - Break a mirror set. CLEAN - Clear the configuration information, or all information, off the disk. CONVERT - Convert between different disk formats. CREATE - Create a volume or partition. DELETE - Delete an object. DETAIL - Provide details about an object. EXIT - Exit DiskPart. EXTEND - Extend a volume. FILESYSTEMS - Display current and supported file systems on the volume. FORMAT - Format the volume or partition. GPT - Assign attributes to the selected GPT partition. HELP - Display a list of commands. IMPORT - Import a disk group. INACTIVE - Mark the selected basic partition as inactive. LIST - Display a list of objects. ONLINE - Online a disk that is currently marked as offline. REM - Does nothing. This is used to comment scripts. REMOVE - Remove a drive letter or mount point assignment. REPAIR - Repair a RAID-5 volume with a failed member. RESCAN - Rescan the computer looking for disks and volumes. RETAIN - Place a retained partition under a simple volume. SELECT - Shift the focus to an object. SETID - Change the partition type. SHRINK - Reduce the size of the selected volume. ========================================================= Partitions of Disk 3: =============== ACTIVE - Mark the selected basic partition as active. ADD - Add a mirror to a simple volume. ASSIGN - Assign a drive letter or mount point to the selected volume. ATTRIBUTES - Manipulate volume attributes. AUTOMOUNT - Enable and disable automatic mounting of basic volumes. BREAK - Break a mirror set. CLEAN - Clear the configuration information, or all information, off the disk. CONVERT - Convert between different disk formats. CREATE - Create a volume or partition. DELETE - Delete an object. DETAIL - Provide details about an object. EXIT - Exit DiskPart. EXTEND - Extend a volume. FILESYSTEMS - Display current and supported file systems on the volume. FORMAT - Format the volume or partition. GPT - Assign attributes to the selected GPT partition. HELP - Display a list of commands. IMPORT - Import a disk group. INACTIVE - Mark the selected basic partition as inactive. LIST - Display a list of objects. ONLINE - Online a disk that is currently marked as offline. REM - Does nothing. This is used to comment scripts. REMOVE - Remove a drive letter or mount point assignment. REPAIR - Repair a RAID-5 volume with a failed member. RESCAN - Rescan the computer looking for disks and volumes. RETAIN - Place a retained partition under a simple volume. SELECT - Shift the focus to an object. SETID - Change the partition type. SHRINK - Reduce the size of the selected volume. ========================================================= Last Boot: 2013-02-10 03:36 ==================== End Of Log ============================ So, dann lass uns auf neue Erkenntnisse hoffen. Übrigens habe ich mich beim Durchsehen einer der bisherigen Listen daran erinnert, dass ich ungefähr zum Monatswechsel (30. oder 31.1.) die neueste Java-Version geloaded habe (7.13). Habe aber wohl die Vorgänger-Version (6. und irgendwas) nicht entfernt. Kann aus dieser Ecke etwas resultieren? Gruß urflamingo |
Themen zu Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension |
32 bit, 7-zip, adware.funmoods, anti-malware, anwendungen, appdata, audacity, avg secure search, becker, bildschirm, bla, booten, computer, dateien, einloggen, entfernen, ergebnis, folge, gmer, google, infiziert, infiziert., install.exe, kunde, launch, log-datei, malwarebytes, maus, microsoft office 2003, mipony, nicht mehr, ordner, policyagent, problem, programm, recycle.bin, robot, scan, secure search, startbildschirm, trojaner-board, vista, visual studio, windows, windows vista, winload toolbar |