| |
| |||||||
Log-Analyse und Auswertung: Proxy-Server ProblemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.04.2013, 09:33
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Proxy-Server Problem aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.04.2013, 11:39
| #17 |
 | Proxy-Server Problem aswMBR:
__________________Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-17 12:36:23
-----------------------------
12:36:23.330 OS Version: Windows 6.1.7600
12:36:23.330 Number of processors: 3 586 0x503
12:36:23.332 ComputerName: MEILO-PC UserName: Meilo
12:36:31.655 Initialize success
12:36:54.265 AVAST engine download error: 501
12:37:10.325 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
12:37:10.327 Disk 0 Vendor: Hitachi_ JC4O Size: 953869MB BusType: 11
12:37:10.634 Disk 0 MBR read successfully
12:37:10.636 Disk 0 MBR scan
12:37:10.638 Disk 0 unknown MBR code
12:37:10.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:37:10.804 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 922023 MB offset 206848
12:37:10.851 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 1888509952
12:37:10.930 Disk 0 Partition 4 00 12 Compaq diag NTFS 1024 MB offset 1951424512
12:37:10.991 Disk 0 scanning sectors +1953523120
12:37:11.299 Disk 0 scanning C:\Windows\system32\drivers
12:37:30.623 Service scanning
12:37:41.150 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
12:37:41.222 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
12:37:41.336 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
12:37:41.374 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
12:37:56.834 Modules scanning
12:38:35.788 Disk 0 trace - called modules:
12:38:35.809 ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys halmacpi.dll amd_sata.sys
12:38:35.814 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xb169a030]
12:38:35.819 3 CLASSPNP.SYS[b7f9a59e] -> nt!IofCallDriver -> [0xb164a020]
12:38:35.824 5 amd_xata.sys[b76016b3] -> nt!IofCallDriver -> \Device\0000005c[0xb1645030]
12:38:35.830 Scan finished successfully
12:38:46.694 Disk 0 MBR has been saved successfully to "C:\Users\Meilo\Desktop\MBR.dat"
12:38:46.700 The log file has been saved successfully to "C:\Users\Meilo\Desktop\aswMBR.txt"
Code:
ATTFilter 12:40:27.0334 5868 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:40:27.0488 5868 ============================================================
12:40:27.0488 5868 Current date / time: 2013/04/17 12:40:27.0488
12:40:27.0488 5868 SystemInfo:
12:40:27.0488 5868
12:40:27.0488 5868 OS Version: 6.1.7600 ServicePack: 0.0
12:40:27.0488 5868 Product type: Workstation
12:40:27.0489 5868 ComputerName: MEILO-PC
12:40:27.0489 5868 UserName: Meilo
12:40:27.0489 5868 Windows directory: C:\Windows
12:40:27.0489 5868 System windows directory: C:\Windows
12:40:27.0489 5868 Processor architecture: Intel x86
12:40:27.0489 5868 Number of processors: 3
12:40:27.0489 5868 Page size: 0x1000
12:40:27.0489 5868 Boot type: Normal boot
12:40:27.0489 5868 ============================================================
12:40:30.0152 5868 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:40:30.0162 5868 ============================================================
12:40:30.0162 5868 \Device\Harddisk0\DR0:
12:40:30.0162 5868 MBR partitions:
12:40:30.0162 5868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:40:30.0162 5868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x708D3800
12:40:30.0162 5868 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x70906000, BlocksNum 0x3C00000
12:40:30.0162 5868 ============================================================
12:40:30.0244 5868 C: <-> \Device\Harddisk0\DR0\Partition2
12:40:30.0353 5868 D: <-> \Device\Harddisk0\DR0\Partition3
12:40:30.0353 5868 ============================================================
12:40:30.0353 5868 Initialize success
12:40:30.0353 5868 ============================================================
12:40:56.0585 4852 ============================================================
12:40:56.0585 4852 Scan started
12:40:56.0792 4852 Mode: Manual; SigCheck; TDLFS;
12:40:56.0792 4852 ============================================================
12:40:57.0622 4852 ================ Scan system memory ========================
12:40:57.0622 4852 System memory - ok
12:40:57.0622 4852 ================ Scan services =============================
12:40:57.0764 4852 [ D01E0B1CEF9EE82100C2BB07294880EF ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
12:40:57.0852 4852 1394ohci - ok
12:40:57.0874 4852 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
12:40:57.0890 4852 ACPI - ok
12:40:57.0921 4852 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
12:40:57.0950 4852 AcpiPmi - ok
12:40:58.0003 4852 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:40:58.0016 4852 AdobeFlashPlayerUpdateSvc - ok
12:40:58.0053 4852 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:40:58.0069 4852 adp94xx - ok
12:40:58.0093 4852 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:40:58.0108 4852 adpahci - ok
12:40:58.0138 4852 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:40:58.0150 4852 adpu320 - ok
12:40:58.0173 4852 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:40:58.0211 4852 AeLookupSvc - ok
12:40:58.0248 4852 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
12:40:58.0278 4852 AFD - ok
12:40:58.0314 4852 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
12:40:58.0325 4852 agp440 - ok
12:40:58.0360 4852 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:40:58.0372 4852 aic78xx - ok
12:40:58.0520 4852 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files\common files\akamai/netsession_win_ca0e279.dll
12:40:58.0520 4852 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
12:40:58.0527 4852 Akamai ( HiddenFile.Multi.Generic ) - warning
12:40:58.0527 4852 Akamai - detected HiddenFile.Multi.Generic (1)
12:40:58.0552 4852 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:40:58.0606 4852 ALG - ok
12:40:58.0649 4852 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
12:40:58.0659 4852 aliide - ok
12:40:58.0702 4852 [ AA8C7A0A40D3B8992EA1845EF89FE2D4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:40:58.0725 4852 AMD External Events Utility - ok
12:40:58.0772 4852 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
12:40:58.0783 4852 amdagp - ok
12:40:58.0813 4852 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
12:40:58.0824 4852 amdide - ok
12:40:58.0852 4852 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:40:58.0877 4852 AmdK8 - ok
12:40:59.0002 4852 [ 5AB10C74C8EA15E98A6C771B7269615E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:40:59.0148 4852 amdkmdag - ok
12:40:59.0173 4852 [ E9890F7EC1AB4D09AFEB09DD76334622 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:40:59.0193 4852 amdkmdap - ok
12:40:59.0227 4852 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:40:59.0263 4852 AmdPPM - ok
12:40:59.0296 4852 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:40:59.0307 4852 amdsata - ok
12:40:59.0334 4852 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:40:59.0346 4852 amdsbs - ok
12:40:59.0368 4852 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:40:59.0379 4852 amdxata - ok
12:40:59.0393 4852 [ 437C824DEAC935DEA9E9C488675EFD09 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
12:40:59.0436 4852 amd_sata - ok
12:40:59.0457 4852 [ D919795612EABBA7D5F5222377BEBD7B ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
12:40:59.0467 4852 amd_xata - ok
12:40:59.0501 4852 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
12:40:59.0546 4852 AppID - ok
12:40:59.0573 4852 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:40:59.0650 4852 AppIDSvc - ok
12:40:59.0680 4852 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
12:40:59.0709 4852 Appinfo - ok
12:40:59.0728 4852 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:40:59.0739 4852 arc - ok
12:40:59.0771 4852 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:40:59.0782 4852 arcsas - ok
12:40:59.0857 4852 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:40:59.0868 4852 aspnet_state - ok
12:40:59.0895 4852 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:40:59.0917 4852 AsyncMac - ok
12:40:59.0957 4852 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
12:40:59.0967 4852 atapi - ok
12:41:00.0020 4852 [ C8B17AC82AD2EE9E0E58E3461008C5F7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
12:41:00.0032 4852 AtiHDAudioService - ok
12:41:00.0072 4852 [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
12:41:00.0084 4852 AtiHdmiService - ok
12:41:00.0127 4852 [ 4FFE74E33BD9170950116F0CA46EAC89 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
12:41:00.0138 4852 AtiPcie - ok
12:41:00.0174 4852 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:41:00.0216 4852 AudioEndpointBuilder - ok
12:41:00.0237 4852 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:41:00.0264 4852 Audiosrv - ok
12:41:00.0317 4852 [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
12:41:00.0332 4852 AVP - ok
12:41:00.0363 4852 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:41:00.0386 4852 AxInstSV - ok
12:41:00.0418 4852 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:41:00.0462 4852 b06bdrv - ok
12:41:00.0491 4852 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:41:00.0506 4852 b57nd60x - ok
12:41:00.0543 4852 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:41:00.0585 4852 BDESVC - ok
12:41:00.0617 4852 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:41:00.0646 4852 Beep - ok
12:41:00.0678 4852 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
12:41:00.0720 4852 BFE - ok
12:41:00.0743 4852 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
12:41:00.0795 4852 BITS - ok
12:41:00.0828 4852 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:41:00.0854 4852 blbdrive - ok
12:41:00.0887 4852 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:41:00.0905 4852 bowser - ok
12:41:00.0923 4852 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:41:00.0946 4852 BrFiltLo - ok
12:41:00.0965 4852 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:41:00.0994 4852 BrFiltUp - ok
12:41:01.0021 4852 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
12:41:01.0059 4852 Browser - ok
12:41:01.0088 4852 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:41:01.0130 4852 Brserid - ok
12:41:01.0152 4852 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:41:01.0182 4852 BrSerWdm - ok
12:41:01.0194 4852 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:41:01.0217 4852 BrUsbMdm - ok
12:41:01.0243 4852 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:41:01.0268 4852 BrUsbSer - ok
12:41:01.0295 4852 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:41:01.0318 4852 BTHMODEM - ok
12:41:01.0364 4852 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:41:01.0407 4852 bthserv - ok
12:41:01.0441 4852 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:41:01.0525 4852 cdfs - ok
12:41:01.0584 4852 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:41:01.0602 4852 cdrom - ok
12:41:01.0628 4852 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
12:41:01.0666 4852 CertPropSvc - ok
12:41:01.0674 4852 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:41:01.0695 4852 circlass - ok
12:41:01.0709 4852 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:41:01.0723 4852 CLFS - ok
12:41:01.0777 4852 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:41:01.0788 4852 clr_optimization_v2.0.50727_32 - ok
12:41:01.0833 4852 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:41:01.0844 4852 clr_optimization_v4.0.30319_32 - ok
12:41:01.0860 4852 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:41:01.0878 4852 CmBatt - ok
12:41:01.0897 4852 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
12:41:01.0907 4852 cmdide - ok
12:41:01.0938 4852 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
12:41:01.0959 4852 CNG - ok
12:41:01.0982 4852 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:41:01.0992 4852 Compbatt - ok
12:41:02.0013 4852 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:41:02.0039 4852 CompositeBus - ok
12:41:02.0055 4852 COMSysApp - ok
12:41:02.0079 4852 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:41:02.0090 4852 crcdisk - ok
12:41:02.0127 4852 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:41:02.0150 4852 CryptSvc - ok
12:41:02.0187 4852 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
12:41:02.0224 4852 DcomLaunch - ok
12:41:02.0293 4852 [ 2D7C1661961CE19085B6A968B1B293D4 ] DefaultTabSearch C:\Program Files\DefaultTab\DefaultTabSearch.exe
12:41:02.0317 4852 DefaultTabSearch ( UnsignedFile.Multi.Generic ) - warning
12:41:02.0317 4852 DefaultTabSearch - detected UnsignedFile.Multi.Generic (1)
12:41:02.0461 4852 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
12:41:02.0566 4852 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - warning
12:41:02.0566 4852 DefaultTabUpdate - detected UnsignedFile.Multi.Generic (1)
12:41:02.0599 4852 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:41:02.0642 4852 defragsvc - ok
12:41:02.0691 4852 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:41:02.0716 4852 DfsC - ok
12:41:02.0742 4852 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:41:02.0776 4852 Dhcp - ok
12:41:02.0834 4852 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:41:02.0894 4852 discache - ok
12:41:02.0925 4852 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:41:02.0935 4852 Disk - ok
12:41:02.0959 4852 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:41:03.0002 4852 Dnscache - ok
12:41:03.0032 4852 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
12:41:03.0068 4852 dot3svc - ok
12:41:03.0079 4852 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
12:41:03.0116 4852 DPS - ok
12:41:03.0145 4852 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:41:03.0173 4852 drmkaud - ok
12:41:03.0201 4852 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:41:03.0221 4852 DXGKrnl - ok
12:41:03.0335 4852 EagleNT - ok
12:41:03.0386 4852 EagleXNt - ok
12:41:03.0415 4852 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:41:03.0446 4852 EapHost - ok
12:41:03.0513 4852 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:41:03.0601 4852 ebdrv - ok
12:41:03.0623 4852 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
12:41:03.0648 4852 EFS - ok
12:41:03.0694 4852 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:41:03.0735 4852 ehRecvr - ok
12:41:03.0753 4852 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:41:03.0783 4852 ehSched - ok
12:41:03.0819 4852 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:41:03.0840 4852 elxstor - ok
12:41:03.0860 4852 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
12:41:03.0882 4852 ErrDev - ok
12:41:03.0918 4852 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:41:03.0954 4852 EventSystem - ok
12:41:03.0994 4852 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:41:04.0023 4852 exfat - ok
12:41:04.0048 4852 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:41:04.0079 4852 fastfat - ok
12:41:04.0121 4852 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
12:41:04.0152 4852 Fax - ok
12:41:04.0176 4852 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:41:04.0200 4852 fdc - ok
12:41:04.0223 4852 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:41:04.0262 4852 fdPHost - ok
12:41:04.0283 4852 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:41:04.0323 4852 FDResPub - ok
12:41:04.0344 4852 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:41:04.0355 4852 FileInfo - ok
12:41:04.0367 4852 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:41:04.0409 4852 Filetrace - ok
12:41:04.0426 4852 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:41:04.0441 4852 flpydisk - ok
12:41:04.0467 4852 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:41:04.0480 4852 FltMgr - ok
12:41:04.0512 4852 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
12:41:04.0552 4852 FontCache - ok
12:41:04.0605 4852 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:41:04.0616 4852 FontCache3.0.0.0 - ok
12:41:04.0631 4852 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:41:04.0641 4852 FsDepends - ok
12:41:04.0670 4852 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:41:04.0680 4852 Fs_Rec - ok
12:41:04.0711 4852 [ 4732E596BB1C50D9F9188C5074EE7782 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:41:04.0727 4852 fvevol - ok
12:41:04.0754 4852 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:41:04.0765 4852 gagp30kx - ok
12:41:04.0788 4852 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
12:41:04.0819 4852 gpsvc - ok
12:41:04.0854 4852 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
12:41:04.0865 4852 hamachi - ok
12:41:04.0895 4852 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:41:04.0927 4852 hcw85cir - ok
12:41:04.0961 4852 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:41:04.0981 4852 HdAudAddService - ok
12:41:05.0012 4852 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:41:05.0040 4852 HDAudBus - ok
12:41:05.0056 4852 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:41:05.0080 4852 HidBatt - ok
12:41:05.0111 4852 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:41:05.0132 4852 HidBth - ok
12:41:05.0142 4852 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:41:05.0163 4852 HidIr - ok
12:41:05.0181 4852 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
12:41:05.0220 4852 hidserv - ok
12:41:05.0262 4852 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:41:05.0295 4852 HidUsb - ok
12:41:05.0322 4852 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:41:05.0356 4852 hkmsvc - ok
12:41:05.0367 4852 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:41:05.0406 4852 HomeGroupListener - ok
12:41:05.0420 4852 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:41:05.0436 4852 HomeGroupProvider - ok
12:41:05.0464 4852 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
12:41:05.0475 4852 HpSAMD - ok
12:41:05.0516 4852 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:41:05.0554 4852 HTTP - ok
12:41:05.0571 4852 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:41:05.0581 4852 hwpolicy - ok
12:41:05.0614 4852 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:41:05.0635 4852 i8042prt - ok
12:41:05.0662 4852 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:41:05.0677 4852 iaStorV - ok
12:41:05.0724 4852 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:41:05.0747 4852 idsvc - ok
12:41:05.0777 4852 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:41:05.0788 4852 iirsp - ok
12:41:05.0831 4852 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
12:41:05.0876 4852 IKEEXT - ok
12:41:05.0962 4852 [ 4BE85CF5831A41104C2DDED55FBC3565 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:41:06.0008 4852 IntcAzAudAddService - ok
12:41:06.0035 4852 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
12:41:06.0045 4852 intelide - ok
12:41:06.0072 4852 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:41:06.0098 4852 intelppm - ok
12:41:06.0118 4852 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:41:06.0153 4852 IPBusEnum - ok
12:41:06.0176 4852 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:41:06.0207 4852 IpFilterDriver - ok
12:41:06.0254 4852 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:41:06.0291 4852 iphlpsvc - ok
12:41:06.0304 4852 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:41:06.0330 4852 IPMIDRV - ok
12:41:06.0347 4852 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:41:06.0383 4852 IPNAT - ok
12:41:06.0400 4852 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:41:06.0435 4852 IRENUM - ok
12:41:06.0456 4852 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
12:41:06.0467 4852 isapnp - ok
12:41:06.0499 4852 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:41:06.0512 4852 iScsiPrt - ok
12:41:06.0546 4852 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:41:06.0557 4852 kbdclass - ok
12:41:06.0584 4852 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:41:06.0607 4852 kbdhid - ok
12:41:06.0654 4852 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
12:41:06.0667 4852 KeyIso - ok
12:41:06.0721 4852 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
12:41:06.0734 4852 KL1 - ok
12:41:06.0741 4852 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
12:41:06.0752 4852 kl2 - ok
12:41:06.0798 4852 [ D4C57824767D3ECBD89883A33F4FD87A ] KLIF C:\Windows\system32\DRIVERS\klif.sys
12:41:06.0817 4852 KLIF - ok
12:41:06.0845 4852 [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
12:41:06.0857 4852 KLIM6 - ok
12:41:06.0904 4852 [ 3DE1771C135328420315E21DDE229BBA ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
12:41:06.0915 4852 klmouflt - ok
12:41:06.0932 4852 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:41:06.0943 4852 KSecDD - ok
12:41:06.0970 4852 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:41:06.0982 4852 KSecPkg - ok
12:41:07.0011 4852 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:41:07.0057 4852 KtmRm - ok
12:41:07.0106 4852 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
12:41:07.0140 4852 LanmanServer - ok
12:41:07.0177 4852 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:41:07.0212 4852 LanmanWorkstation - ok
12:41:07.0257 4852 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:41:07.0291 4852 lltdio - ok
12:41:07.0320 4852 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:41:07.0358 4852 lltdsvc - ok
12:41:07.0373 4852 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:41:07.0413 4852 lmhosts - ok
12:41:07.0441 4852 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:41:07.0452 4852 LSI_FC - ok
12:41:07.0473 4852 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:41:07.0484 4852 LSI_SAS - ok
12:41:07.0497 4852 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:41:07.0508 4852 LSI_SAS2 - ok
12:41:07.0513 4852 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:41:07.0525 4852 LSI_SCSI - ok
12:41:07.0549 4852 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:41:07.0572 4852 luafv - ok
12:41:07.0629 4852 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:41:07.0640 4852 MBAMProtector - ok
12:41:07.0720 4852 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:41:07.0733 4852 MBAMScheduler - ok
12:41:07.0795 4852 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:41:07.0815 4852 MBAMService - ok
12:41:07.0843 4852 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:41:07.0871 4852 Mcx2Svc - ok
12:41:07.0901 4852 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:41:07.0912 4852 megasas - ok
12:41:07.0935 4852 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:41:07.0949 4852 MegaSR - ok
12:41:07.0974 4852 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:41:08.0009 4852 MMCSS - ok
12:41:08.0040 4852 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:41:08.0077 4852 Modem - ok
12:41:08.0105 4852 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:41:08.0132 4852 monitor - ok
12:41:08.0179 4852 [ A77205D70D14D153342D357DE5A4E770 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
12:41:08.0190 4852 MotioninJoyXFilter - ok
12:41:08.0229 4852 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:41:08.0240 4852 mouclass - ok
12:41:08.0279 4852 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:41:08.0306 4852 mouhid - ok
12:41:08.0329 4852 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:41:08.0340 4852 mountmgr - ok
12:41:08.0400 4852 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:41:08.0412 4852 MozillaMaintenance - ok
12:41:08.0426 4852 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
12:41:08.0440 4852 mpio - ok
12:41:08.0470 4852 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:41:08.0541 4852 mpsdrv - ok
12:41:08.0591 4852 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
12:41:08.0634 4852 MpsSvc - ok
12:41:08.0656 4852 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:41:08.0675 4852 MRxDAV - ok
12:41:08.0709 4852 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:41:08.0736 4852 mrxsmb - ok
12:41:08.0753 4852 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:41:08.0785 4852 mrxsmb10 - ok
12:41:08.0800 4852 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:41:08.0824 4852 mrxsmb20 - ok
12:41:08.0843 4852 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
12:41:08.0853 4852 msahci - ok
12:41:08.0877 4852 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
12:41:08.0888 4852 msdsm - ok
12:41:08.0920 4852 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:41:08.0942 4852 MSDTC - ok
12:41:08.0968 4852 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:41:09.0002 4852 Msfs - ok
12:41:09.0011 4852 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:41:09.0043 4852 mshidkmdf - ok
12:41:09.0088 4852 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
12:41:09.0099 4852 msisadrv - ok
12:41:09.0132 4852 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:41:09.0167 4852 MSiSCSI - ok
12:41:09.0171 4852 msiserver - ok
12:41:09.0191 4852 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:41:09.0217 4852 MSKSSRV - ok
12:41:09.0232 4852 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:41:09.0269 4852 MSPCLOCK - ok
12:41:09.0283 4852 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:41:09.0311 4852 MSPQM - ok
12:41:09.0341 4852 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:41:09.0354 4852 MsRPC - ok
12:41:09.0372 4852 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:41:09.0382 4852 mssmbios - ok
12:41:09.0402 4852 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:41:09.0433 4852 MSTEE - ok
12:41:09.0447 4852 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:41:09.0494 4852 MTConfig - ok
12:41:09.0504 4852 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:41:09.0515 4852 Mup - ok
12:41:09.0544 4852 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
12:41:09.0572 4852 napagent - ok
12:41:09.0610 4852 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:41:09.0633 4852 NativeWifiP - ok
12:41:09.0659 4852 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:41:09.0680 4852 NDIS - ok
12:41:09.0708 4852 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:41:09.0738 4852 NdisCap - ok
12:41:09.0768 4852 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:41:09.0804 4852 NdisTapi - ok
12:41:09.0820 4852 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:41:09.0850 4852 Ndisuio - ok
12:41:09.0866 4852 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:41:09.0895 4852 NdisWan - ok
12:41:09.0926 4852 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:41:09.0959 4852 NDProxy - ok
12:41:09.0987 4852 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:41:10.0026 4852 NetBIOS - ok
12:41:10.0037 4852 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:41:10.0078 4852 NetBT - ok
12:41:10.0086 4852 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
12:41:10.0098 4852 Netlogon - ok
12:41:10.0141 4852 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:41:10.0174 4852 Netman - ok
12:41:10.0208 4852 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:41:10.0219 4852 NetMsmqActivator - ok
12:41:10.0223 4852 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:41:10.0233 4852 NetPipeActivator - ok
12:41:10.0254 4852 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:41:10.0282 4852 netprofm - ok
12:41:10.0287 4852 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:41:10.0297 4852 NetTcpActivator - ok
12:41:10.0301 4852 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:41:10.0312 4852 NetTcpPortSharing - ok
12:41:10.0327 4852 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:41:10.0338 4852 nfrd960 - ok
12:41:10.0353 4852 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
12:41:10.0385 4852 NlaSvc - ok
12:41:10.0403 4852 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:41:10.0426 4852 Npfs - ok
12:41:10.0454 4852 npggsvc - ok
12:41:10.0505 4852 [ 9131FE60ADFAB595C8DA53AD6A06AA31 ] NPPTNT2 C:\Windows\system32\npptNT2.sys
12:41:10.0542 4852 NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning
12:41:10.0542 4852 NPPTNT2 - detected UnsignedFile.Multi.Generic (1)
12:41:10.0568 4852 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:41:10.0612 4852 nsi - ok
12:41:10.0658 4852 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:41:10.0693 4852 nsiproxy - ok
12:41:10.0769 4852 [ A458A5F7FD79C477D40ED42CF5A230CB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:41:10.0799 4852 Ntfs - ok
12:41:10.0826 4852 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:41:10.0854 4852 Null - ok
12:41:11.0024 4852 [ B0881DDA5A8160422561FFAB7F0008B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:41:11.0210 4852 nvlddmkm - ok
12:41:11.0239 4852 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:41:11.0251 4852 nvraid - ok
12:41:11.0267 4852 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:41:11.0279 4852 nvstor - ok
12:41:11.0313 4852 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
12:41:11.0325 4852 nv_agp - ok
12:41:11.0340 4852 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:41:11.0368 4852 ohci1394 - ok
12:41:11.0391 4852 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:41:11.0434 4852 p2pimsvc - ok
12:41:11.0474 4852 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:41:11.0503 4852 p2psvc - ok
12:41:11.0520 4852 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:41:11.0534 4852 Parport - ok
12:41:11.0553 4852 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:41:11.0564 4852 partmgr - ok
12:41:11.0609 4852 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:41:11.0648 4852 Parvdm - ok
12:41:11.0691 4852 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:41:11.0739 4852 PcaSvc - ok
12:41:11.0778 4852 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
12:41:11.0791 4852 pci - ok
12:41:11.0830 4852 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
12:41:11.0841 4852 pciide - ok
12:41:11.0863 4852 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:41:11.0876 4852 pcmcia - ok
12:41:11.0899 4852 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:41:11.0910 4852 pcw - ok
12:41:11.0931 4852 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:41:11.0975 4852 PEAUTH - ok
12:41:12.0033 4852 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
12:41:12.0085 4852 pla - ok
12:41:12.0130 4852 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:41:12.0160 4852 PlugPlay - ok
12:41:12.0210 4852 [ 831883B107684301F48ACE752C963984 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
12:41:12.0220 4852 PnkBstrA - ok
12:41:12.0238 4852 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:41:12.0275 4852 PNRPAutoReg - ok
12:41:12.0296 4852 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:41:12.0311 4852 PNRPsvc - ok
12:41:12.0331 4852 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:41:12.0366 4852 PolicyAgent - ok
12:41:12.0394 4852 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
12:41:12.0432 4852 Power - ok
12:41:12.0470 4852 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:41:12.0494 4852 PptpMiniport - ok
12:41:12.0539 4852 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:41:12.0575 4852 Processor - ok
12:41:12.0596 4852 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
12:41:12.0619 4852 ProfSvc - ok
12:41:12.0655 4852 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:41:12.0668 4852 ProtectedStorage - ok
12:41:12.0702 4852 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:41:12.0735 4852 Psched - ok
12:41:12.0778 4852 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:41:12.0789 4852 PSI_SVC_2 - ok
12:41:12.0838 4852 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
12:41:12.0849 4852 PxHelp20 - ok
12:41:12.0885 4852 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:41:12.0917 4852 ql2300 - ok
12:41:12.0944 4852 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:41:12.0955 4852 ql40xx - ok
12:41:12.0978 4852 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:41:13.0015 4852 QWAVE - ok
12:41:13.0032 4852 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:41:13.0054 4852 QWAVEdrv - ok
12:41:13.0072 4852 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:41:13.0105 4852 RasAcd - ok
12:41:13.0140 4852 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:41:13.0174 4852 RasAgileVpn - ok
12:41:13.0189 4852 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:41:13.0220 4852 RasAuto - ok
12:41:13.0257 4852 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:41:13.0292 4852 Rasl2tp - ok
12:41:13.0338 4852 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
12:41:13.0365 4852 RasMan - ok
12:41:13.0383 4852 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:41:13.0418 4852 RasPppoe - ok
12:41:13.0435 4852 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:41:13.0467 4852 RasSstp - ok
12:41:13.0480 4852 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:41:13.0519 4852 rdbss - ok
12:41:13.0550 4852 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:41:13.0579 4852 rdpbus - ok
12:41:13.0603 4852 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:41:13.0635 4852 RDPCDD - ok
12:41:13.0654 4852 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:41:13.0682 4852 RDPENCDD - ok
12:41:13.0708 4852 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:41:13.0745 4852 RDPREFMP - ok
12:41:13.0781 4852 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:41:13.0813 4852 RDPWD - ok
12:41:13.0844 4852 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:41:13.0857 4852 rdyboost - ok
12:41:13.0901 4852 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:41:14.0012 4852 RemoteAccess - ok
12:41:14.0032 4852 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:41:14.0065 4852 RemoteRegistry - ok
12:41:14.0075 4852 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:41:14.0112 4852 RpcEptMapper - ok
12:41:14.0135 4852 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:41:14.0161 4852 RpcLocator - ok
12:41:14.0176 4852 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
12:41:14.0203 4852 RpcSs - ok
12:41:14.0236 4852 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:41:14.0270 4852 rspndr - ok
12:41:14.0300 4852 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
12:41:14.0316 4852 RTL8167 - ok
12:41:14.0353 4852 [ 9CE8DEFFAFFCCBF473015D76AE8EE514 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
12:41:14.0370 4852 RTL8192su - ok
12:41:14.0381 4852 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
12:41:14.0394 4852 SamSs - ok
12:41:14.0414 4852 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
12:41:14.0425 4852 sbp2port - ok
12:41:14.0444 4852 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:41:14.0483 4852 SCardSvr - ok
12:41:14.0516 4852 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:41:14.0544 4852 scfilter - ok
12:41:14.0575 4852 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
12:41:14.0620 4852 Schedule - ok
12:41:14.0639 4852 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:41:14.0662 4852 SCPolicySvc - ok
12:41:14.0738 4852 [ A689D522EEDF89401E1DA2FE883AA7EC ] SCREAMINGBDRIVER C:\Windows\system32\drivers\ScreamingBAudio.sys
12:41:14.0778 4852 SCREAMINGBDRIVER - ok
12:41:14.0806 4852 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:41:14.0843 4852 SDRSVC - ok
12:41:14.0882 4852 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:41:14.0920 4852 secdrv - ok
12:41:14.0938 4852 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:41:14.0971 4852 seclogon - ok
12:41:14.0981 4852 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
12:41:15.0013 4852 SENS - ok
12:41:15.0017 4852 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:41:15.0054 4852 SensrSvc - ok
12:41:15.0079 4852 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:41:15.0098 4852 Serenum - ok
12:41:15.0112 4852 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:41:15.0131 4852 Serial - ok
12:41:15.0159 4852 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:41:15.0180 4852 sermouse - ok
12:41:15.0202 4852 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
12:41:15.0241 4852 SessionEnv - ok
12:41:15.0250 4852 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
12:41:15.0287 4852 sffdisk - ok
12:41:15.0311 4852 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:41:15.0329 4852 sffp_mmc - ok
12:41:15.0356 4852 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
12:41:15.0376 4852 sffp_sd - ok
12:41:15.0391 4852 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:41:15.0411 4852 sfloppy - ok
12:41:15.0437 4852 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:41:15.0474 4852 SharedAccess - ok
12:41:15.0502 4852 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:41:15.0536 4852 ShellHWDetection - ok
12:41:15.0558 4852 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
12:41:15.0569 4852 sisagp - ok
12:41:15.0591 4852 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:41:15.0601 4852 SiSRaid2 - ok
12:41:15.0634 4852 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:41:15.0645 4852 SiSRaid4 - ok
12:41:15.0706 4852 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:41:15.0717 4852 SkypeUpdate - ok
12:41:15.0773 4852 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:41:15.0810 4852 Smb - ok
12:41:15.0881 4852 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:41:15.0908 4852 SNMPTRAP - ok
12:41:15.0922 4852 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:41:15.0932 4852 spldr - ok
12:41:15.0976 4852 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
12:41:16.0013 4852 Spooler - ok
12:41:16.0077 4852 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
12:41:16.0156 4852 sppsvc - ok
12:41:16.0184 4852 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:41:16.0218 4852 sppuinotify - ok
12:41:16.0248 4852 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:41:16.0278 4852 srv - ok
12:41:16.0285 4852 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:41:16.0311 4852 srv2 - ok
12:41:16.0332 4852 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:41:16.0356 4852 srvnet - ok
12:41:16.0389 4852 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:41:16.0420 4852 SSDPSRV - ok
12:41:16.0433 4852 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:41:16.0463 4852 SstpSvc - ok
12:41:16.0520 4852 Steam Client Service - ok
12:41:16.0543 4852 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:41:16.0554 4852 stexstor - ok
12:41:16.0595 4852 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
12:41:16.0632 4852 StiSvc - ok
12:41:16.0662 4852 [ 833AC40F6E7BE17951D6D9A956829547 ] StMp3Rec C:\Windows\system32\Drivers\StMp3Rec.sys
12:41:16.0673 4852 StMp3Rec - ok
12:41:16.0714 4852 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:41:16.0724 4852 swenum - ok
12:41:16.0781 4852 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:41:16.0816 4852 swprv - ok
12:41:16.0878 4852 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
12:41:16.0918 4852 SysMain - ok
12:41:16.0943 4852 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:41:16.0969 4852 TabletInputService - ok
12:41:16.0986 4852 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
12:41:17.0020 4852 TapiSrv - ok
12:41:17.0040 4852 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:41:17.0080 4852 TBS - ok
12:41:17.0136 4852 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:41:17.0167 4852 Tcpip - ok
12:41:17.0183 4852 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:41:17.0208 4852 TCPIP6 - ok
12:41:17.0240 4852 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:41:17.0270 4852 tcpipreg - ok
12:41:17.0282 4852 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:41:17.0314 4852 TDPIPE - ok
12:41:17.0338 4852 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:41:17.0364 4852 TDTCP - ok
12:41:17.0381 4852 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:41:17.0404 4852 tdx - ok
12:41:17.0422 4852 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:41:17.0433 4852 TermDD - ok
12:41:17.0466 4852 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
12:41:17.0510 4852 TermService - ok
12:41:17.0530 4852 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:41:17.0556 4852 Themes - ok
12:41:17.0575 4852 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:41:17.0599 4852 THREADORDER - ok
12:41:17.0616 4852 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:41:17.0654 4852 TrkWks - ok
12:41:17.0699 4852 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:41:17.0736 4852 TrustedInstaller - ok
12:41:17.0758 4852 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:41:17.0781 4852 tssecsrv - ok
12:41:17.0811 4852 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:41:17.0845 4852 tunnel - ok
12:41:17.0859 4852 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:41:17.0870 4852 uagp35 - ok
12:41:17.0890 4852 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:41:17.0922 4852 udfs - ok
12:41:17.0939 4852 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:41:17.0962 4852 UI0Detect - ok
12:41:17.0990 4852 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
12:41:18.0000 4852 uliagpkx - ok
12:41:18.0027 4852 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:41:18.0049 4852 umbus - ok
12:41:18.0064 4852 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:41:18.0080 4852 UmPass - ok
12:41:18.0107 4852 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:41:18.0142 4852 upnphost - ok
12:41:18.0188 4852 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:41:18.0213 4852 usbaudio - ok
12:41:18.0242 4852 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:41:18.0281 4852 usbccgp - ok
12:41:18.0291 4852 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
12:41:18.0306 4852 usbcir - ok
12:41:18.0335 4852 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:41:18.0369 4852 usbehci - ok
12:41:18.0411 4852 [ FB0E8B624D1F7E214EDB3D6E56B4EC88 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
12:41:18.0422 4852 usbfilter - ok
12:41:18.0451 4852 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:41:18.0477 4852 usbhub - ok
12:41:18.0502 4852 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:41:18.0522 4852 usbohci - ok
12:41:18.0539 4852 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:41:18.0566 4852 usbprint - ok
12:41:18.0585 4852 [ 694C991CD0B8138888F086DA6009ADBC ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:41:18.0604 4852 USBSTOR - ok
12:41:18.0626 4852 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:41:18.0652 4852 usbuhci - ok
12:41:18.0683 4852 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:41:18.0750 4852 usbvideo - ok
12:41:18.0774 4852 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:41:18.0802 4852 UxSms - ok
12:41:18.0812 4852 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
12:41:18.0825 4852 VaultSvc - ok
12:41:18.0854 4852 [ BF69F5C6ECAF24CA5FF0D9394BAAD7B9 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
12:41:18.0867 4852 VBoxNetAdp - ok
12:41:18.0887 4852 VBoxNetFlt - ok
12:41:18.0922 4852 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
12:41:18.0932 4852 vdrvroot - ok
12:41:18.0956 4852 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
12:41:18.0981 4852 vds - ok
12:41:19.0015 4852 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:41:19.0040 4852 vga - ok
12:41:19.0051 4852 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:41:19.0079 4852 VgaSave - ok
12:41:19.0101 4852 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
12:41:19.0114 4852 vhdmp - ok
12:41:19.0145 4852 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
12:41:19.0156 4852 viaagp - ok
12:41:19.0169 4852 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:41:19.0190 4852 ViaC7 - ok
12:41:19.0218 4852 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
12:41:19.0228 4852 viaide - ok
12:41:19.0239 4852 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
12:41:19.0250 4852 volmgr - ok
12:41:19.0277 4852 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:41:19.0292 4852 volmgrx - ok
12:41:19.0316 4852 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:41:19.0330 4852 volsnap - ok
12:41:19.0358 4852 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:41:19.0371 4852 vsmraid - ok
12:41:19.0413 4852 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
12:41:19.0444 4852 VSS - ok
12:41:19.0473 4852 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:41:19.0500 4852 vwifibus - ok
12:41:19.0513 4852 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:41:19.0536 4852 vwififlt - ok
12:41:19.0573 4852 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:41:19.0614 4852 W32Time - ok
12:41:19.0632 4852 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:41:19.0645 4852 WacomPen - ok
12:41:19.0675 4852 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:41:19.0723 4852 WANARP - ok
12:41:19.0726 4852 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:41:19.0748 4852 Wanarpv6 - ok
12:41:19.0797 4852 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:41:19.0831 4852 WatAdminSvc - ok
12:41:19.0906 4852 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
12:41:19.0946 4852 wbengine - ok
12:41:19.0952 4852 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:41:19.0978 4852 WbioSrvc - ok
12:41:20.0001 4852 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:41:20.0033 4852 wcncsvc - ok
12:41:20.0061 4852 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:41:20.0093 4852 WcsPlugInService - ok
12:41:20.0102 4852 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:41:20.0113 4852 Wd - ok
12:41:20.0140 4852 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:41:20.0161 4852 Wdf01000 - ok
12:41:20.0183 4852 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:41:20.0210 4852 WdiServiceHost - ok
12:41:20.0213 4852 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:41:20.0229 4852 WdiSystemHost - ok
12:41:20.0256 4852 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
12:41:20.0290 4852 WebClient - ok
12:41:20.0315 4852 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:41:20.0342 4852 Wecsvc - ok
12:41:20.0351 4852 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:41:20.0388 4852 wercplsupport - ok
12:41:20.0421 4852 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:41:20.0446 4852 WerSvc - ok
12:41:20.0480 4852 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:41:20.0517 4852 WfpLwf - ok
12:41:20.0536 4852 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:41:20.0546 4852 WIMMount - ok
12:41:20.0593 4852 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:41:20.0627 4852 WinDefend - ok
12:41:20.0634 4852 WinHttpAutoProxySvc - ok
12:41:20.0679 4852 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:41:20.0723 4852 Winmgmt - ok
12:41:20.0754 4852 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
12:41:20.0806 4852 WinRM - ok
12:41:20.0852 4852 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:41:20.0887 4852 Wlansvc - ok
12:41:20.0951 4852 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:41:20.0979 4852 wlidsvc - ok
12:41:20.0998 4852 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:41:21.0014 4852 WmiAcpi - ok
12:41:21.0038 4852 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:41:21.0064 4852 wmiApSrv - ok
12:41:21.0133 4852 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:41:21.0167 4852 WMPNetworkSvc - ok
12:41:21.0185 4852 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:41:21.0227 4852 WPCSvc - ok
12:41:21.0243 4852 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:41:21.0271 4852 WPDBusEnum - ok
12:41:21.0296 4852 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:41:21.0332 4852 ws2ifsl - ok
12:41:21.0363 4852 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll
12:41:21.0384 4852 wscsvc - ok
12:41:21.0388 4852 WSearch - ok
12:41:21.0440 4852 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:41:21.0482 4852 wuauserv - ok
12:41:21.0504 4852 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:41:21.0525 4852 WudfPf - ok
12:41:21.0555 4852 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:41:21.0584 4852 WUDFRd - ok
12:41:21.0597 4852 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:41:21.0627 4852 wudfsvc - ok
12:41:21.0648 4852 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:41:21.0676 4852 WwanSvc - ok
12:41:21.0754 4852 XDva385 - ok
12:41:21.0763 4852 XDva389 - ok
12:41:21.0788 4852 [ EE9144207EE0211EB5656BA6808AC4A0 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
12:41:21.0799 4852 xusb21 - ok
12:41:21.0818 4852 ================ Scan global ===============================
12:41:21.0841 4852 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
12:41:21.0862 4852 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
12:41:21.0870 4852 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
12:41:21.0894 4852 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:41:21.0905 4852 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:41:21.0909 4852 [Global] - ok
12:41:21.0909 4852 ================ Scan MBR ==================================
12:41:21.0919 4852 [ 8BCB23B30DB1819E7D8DDAE01AEBB583 ] \Device\Harddisk0\DR0
12:41:24.0195 4852 \Device\Harddisk0\DR0 - ok
12:41:24.0196 4852 ================ Scan VBR ==================================
12:41:24.0232 4852 [ E5E09F3A3F57DF6DDB8DF9574030AA67 ] \Device\Harddisk0\DR0\Partition1
12:41:24.0233 4852 \Device\Harddisk0\DR0\Partition1 - ok
12:41:24.0248 4852 [ 92B8F436008084AFF0267B51ED6184A5 ] \Device\Harddisk0\DR0\Partition2
12:41:24.0250 4852 \Device\Harddisk0\DR0\Partition2 - ok
12:41:24.0285 4852 [ A549E879ECBF85AA75F70ED669E492C8 ] \Device\Harddisk0\DR0\Partition3
12:41:24.0286 4852 \Device\Harddisk0\DR0\Partition3 - ok
12:41:24.0286 4852 ============================================================
12:41:24.0287 4852 Scan finished
12:41:24.0287 4852 ============================================================
12:41:24.0297 5884 Detected object count: 4
12:41:24.0298 5884 Actual detected object count: 4
12:41:45.0586 5884 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
12:41:45.0586 5884 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
12:41:45.0587 5884 DefaultTabSearch ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:45.0587 5884 DefaultTabSearch ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:41:45.0588 5884 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:45.0588 5884 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:41:45.0590 5884 NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:45.0590 5884 NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.04.2013, 12:37
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Proxy-Server Problem Dann bitte jetzt Combofix ausführen:
__________________Scan mit Combofix
__________________ |
|
17.04.2013, 20:36
| #19 |
| | Proxy-Server ProblemCode:
ATTFilter ComboFix 13-04-17.01 - Meilo 17.04.2013 20:33:01.1.3 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3327.2234 [GMT 2:00]
ausgeführt von:: c:\users\Meilo\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Uninstall.exe
c:\program files\Web Assistant\ExTEnsion32.dll
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\Meilo\AppData\Roaming\install_flashplayer.exe
c:\users\Meilo\AppData\Roaming\load_winupd.exe
c:\users\Meilo\AppData\Roaming\start_winupd.exe
c:\users\Meilo\AppData\Roaming\started.dat
c:\users\Meilo\mcpatcher-2.4.2_02.exe
c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabSearch
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-17 bis 2013-04-17 ))))))))))))))))))))))))))))))
.
.
2013-04-17 18:40 . 2013-04-17 18:46 -------- d-----w- c:\users\Meilo\AppData\Local\temp
2013-04-13 17:05 . 2013-04-13 17:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-13 17:05 . 2013-04-13 17:05 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-13 13:43 . 2013-04-13 13:43 -------- d-----w- c:\users\Meilo\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-04-10 10:43 . 2013-01-24 04:51 195816 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 10:43 . 2013-03-19 04:54 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 10:43 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 10:43 . 2013-02-12 15:07 131072 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 10:42 . 2013-03-02 05:09 1210712 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-09 13:00 . 2013-04-09 13:00 -------- d-----w- c:\program files\Common Files\Skype
2013-03-26 01:05 . 2013-02-12 13:51 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-25 21:23 . 2013-03-25 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-25 21:23 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-25 21:22 . 2013-03-25 21:22 -------- d-----w- c:\users\Meilo\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 05:06 . 2013-04-10 10:43 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:06 . 2013-04-10 10:43 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 02:50 . 2013-04-10 10:43 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-11 23:10 . 2010-07-06 21:02 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-09 15:17 . 2012-12-22 01:01 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-03-09 15:17 . 2012-12-22 01:01 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-03-09 15:03 . 2012-12-22 01:01 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-03-09 15:01 . 2012-12-22 01:01 22328 ----a-w- c:\users\Meilo\AppData\Roaming\PnkBstrK.sys
2013-03-01 03:11 . 2013-04-10 10:43 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 09:55 . 2013-02-27 09:55 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-27 09:55 . 2012-06-25 13:58 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-27 09:55 . 2010-07-06 21:32 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-22 03:38 . 2013-04-10 12:53 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:34 . 2013-04-10 12:53 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-12 13:59 . 2013-04-10 10:43 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-03 17:58 . 2013-01-22 14:15 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-01-30 01:41 . 2012-12-22 01:01 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-31 21:50 . 2011-03-31 21:50 79024 ----a-w- c:\program files\fraps64.dat
2011-03-31 21:50 . 2011-03-31 21:50 2550960 ----a-w- c:\program files\fraps.exe
2011-03-31 21:47 . 2011-03-31 21:47 163840 ----a-w- c:\program files\frapslcd.dll
2011-03-29 07:03 . 2011-03-29 07:03 253104 ----a-w- c:\program files\fraps32.dll
2011-03-29 07:03 . 2011-03-29 07:03 201904 ----a-w- c:\program files\fraps64.dll
2013-04-12 12:11 . 2013-04-12 12:11 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVD0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2012-11-06 13:01 183112 ----a-w- c:\program files\DVDVideoSoftTB_DE\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVD0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVD0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-31 39408]
"Akamai NetSession Interface"="c:\users\Meilo\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Facebook Update"="c:\users\Meilo\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-14 9288296]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-10-13 111928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
.
c:\users\Meilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Meilo\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-13 17:05]
.
2013-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-375966446-2734493509-1640836784-1000Core.job
- c:\users\Meilo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-13 10:47]
.
2013-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-375966446-2734493509-1640836784-1000UA.job
- c:\users\Meilo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-13 10:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uInternet Settings,ProxyServer = 127.0.0.1:80
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1e00b901-9abc-4e0d-a3bd-a4e9a29304f2&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: Free YouTube to MP3 Converter - c:\users\Meilo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.youtube.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN64348853325216635&UM=&q=
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: 2013-02-20 13:53; addon@defaulttab.com; c:\users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-04-13 19:43; info@maltegoetz.de; c:\users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\extensions\info@maltegoetz.de.xpi
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyHNSNn7w&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 1e6b7ca5000000000000485d604e926b
FF - user.js: extensions.incredibar_i.instlDay - 15534
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:56
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyHNSNn7w
FF - user.js: extensions.incredibar_i.upn2n - 92261747563765158
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
SafeBoot-BsScanner
AddRemove-DefaultTab - c:\users\Meilo\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-Fraps - c:\program files\uninstall.exe
AddRemove-{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
AddRemove-{AB770FDE-8087-4C98-9A85-BD64262C104C} - c:\program files\InstallShield Installation Information\{AB770FDE-8087-4C98-9A85-BD64262C104C}\Setup.exe
AddRemove-{C59C179C-668D-49A9-B6EA-0121CCFC1243} - c:\program files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe
AddRemove-{E3D04529-6EDB-11D8-A372-0050BAE317E1} - c:\program files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\windows defender\MpCmdRun.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-17 21:27:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-17 19:27
.
Vor Suchlauf: 7 Verzeichnis(se), 853.353.897.984 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 853.596.229.632 Bytes frei
.
- - End Of File - - 06347A7FA459E7BF433411D1C54DC1DE
)) |
|
18.04.2013, 13:06
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Proxy-Server Problem JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2013, 14:00
| #21 |
| | Proxy-Server Problem Ich brauche das nicht mehr machen es ist schon alles wieder normal |
|
18.04.2013, 14:28
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Proxy-Server Problem Nein eben nicht! Du hast noch diversen Werbemüll dadrin!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2013, 16:39
| #23 |
| | Proxy-Server Problem JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.5 (04.17.2013:1)
OS: Windows 7 Home Premium x86
Ran by Meilo on 18.04.2013 at 17:27:16,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetim
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-375966446-2734493509-1640836784-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-375966446-2734493509-1640836784-1000\software\web assistant"
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduitengine
Successfully deleted: [Registry Key] hkey_current_user\software\dealply
Successfully deleted: [Registry Key] hkey_local_machine\software\dealply
Successfully deleted: [Registry Key] hkey_current_user\software\default tab
Successfully deleted: [Registry Key] hkey_local_machine\software\default tab
Successfully deleted: [Registry Key] hkey_local_machine\software\defaulttab
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_current_user\software\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\startsearch
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\web assistant
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitengine
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\defaulttab
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylontc_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylontc_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylontoolbarsrv_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylontoolbarsrv_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\facemoodssrv_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\facemoodssrv_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\softonicdownloader_fuer_winrar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\softonicdownloader_fuer_winrar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\utorrentbar_deautoupdatehelper_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\utorrentbar_deautoupdatehelper_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\utorrentbar_detoolbarhelper_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\utorrentbar_detoolbarhelper_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\vid-saver_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\vid-saver_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\app paths\sweetim.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2431245
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2625848
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2851647
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0d7562ae-8ef6-416d-a838-ab665251703a}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Successfully deleted: [Folder] "C:\Users\Meilo\AppData\Roaming\b1toolbar"
Successfully deleted: [Folder] "C:\Users\Meilo\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Meilo\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\Meilo\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Meilo\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Meilo\appdata\local\b1e"
Successfully deleted: [Folder] "C:\Users\Meilo\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Meilo\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Meilo\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Meilo\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Meilo\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Meilo\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\Meilo\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Meilo\appdata\locallow\sweetim"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\defaulttab"
Failed to delete: [Folder] "C:\Program Files\sweetim"
Successfully deleted: [Folder] "C:\Program Files\web assistant"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dealply"
Successfully deleted: [Folder] "C:\ProgramData\ask"
~~~ FireFox
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\fcmdsrch.xml"
Successfully deleted: [File] C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\user.js
Successfully deleted: [File] C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\extensions\addon@defaulttab.com.xpi
Successfully deleted: [File] C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\searchplugins\search-here.xml
Successfully deleted: [File] C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\searchplugins\sweetim.xml
Successfully deleted: [File] C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\searchplugins\web search.xml
Successfully deleted: [Folder] C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\smartbar
Successfully deleted: [Folder] C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\extensions\ffxtlbr@babylon.com
Successfully deleted: [Folder] C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\extensions\ffxtlbr@Facemoods.com
Successfully deleted: [Folder] C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\extensions\ffxtlbr@incredibar.com
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\webbooster@iminent.com
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted the following from C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\prefs.js
user_pref("CT2431245..clientLogIsEnabled", false);
user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2431245.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2431245.AppTrackingLastCheckTime", "Wed Jul 11 2012 11:11:04 GMT+0200");
user_pref("CT2431245.BrowserCompStateIsOpen_129453393920757186", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129453393921850940", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129453394044193841", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129659302539581540", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129682601309982614", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129780209672379590", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129790544018252482", true);
user_pref("CT2431245.CT2431245", "CT2431245");
user_pref("CT2431245.CurrentServerDate", "14-7-2012");
user_pref("CT2431245.DialogsAlignMode", "LTR");
user_pref("CT2431245.DialogsGetterLastCheckTime", "Sat Jul 14 2012 14:16:35 GMT+0200");
user_pref("CT2431245.DownloadReferralCookieData", "");
user_pref("CT2431245.EMailNotifierPollDate", "Sat Jul 14 2012 14:16:31 GMT+0200");
user_pref("CT2431245.EnableClickToSearchBox", false);
user_pref("CT2431245.EnableSearchHistory", false);
user_pref("CT2431245.EnableSearchSuggest", false);
user_pref("CT2431245.FeedLastCount129009402595187825", 300);
user_pref("CT2431245.FeedPollDate7470634014180506963", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634014269327586", "Sun May 06 2012 21:05:08 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634014329599698", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634014537505092", "Sun May 06 2012 21:05:08 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634014970726540", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634015410831318", "Sun May 06 2012 21:05:10 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634015483395460", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634015636754705", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634015768347545", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634015855543602", "Sun May 06 2012 21:05:08 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634016030710453", "Sun May 06 2012 21:05:08 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634016114705611", "Sun May 06 2012 21:05:10 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634016129205152", "Sun May 06 2012 21:05:10 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634016143724791", "Sun May 06 2012 21:05:10 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634016271239162", "Sun May 06 2012 21:05:10 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634016568520719", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634016726993788", "Sun May 06 2012 21:05:08 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634017109031809", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634017132743740", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634017299547668", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634017302327846", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634017344111490", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634017478360748", "Sun May 06 2012 21:05:10 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634017732797593", "Sun May 06 2012 21:05:08 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634017821686064", "Sun May 06 2012 21:05:10 GMT+0200");
user_pref("CT2431245.FeedPollDate7470634018090228721", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.FeedTTL7470634014269327586", 5);
user_pref("CT2431245.FeedTTL7470634014537505092", 5);
user_pref("CT2431245.FeedTTL7470634014970726540", 2);
user_pref("CT2431245.FeedTTL7470634015636754705", 5);
user_pref("CT2431245.FeedTTL7470634015855543602", 30);
user_pref("CT2431245.FeedTTL7470634016568520719", 30);
user_pref("CT2431245.FeedTTL7470634017109031809", 2);
user_pref("CT2431245.FeedTTL7470634017299547668", 2);
user_pref("CT2431245.FirstServerDate", "2-4-2011");
user_pref("CT2431245.FirstTime", true);
user_pref("CT2431245.FirstTimeFF3", true);
user_pref("CT2431245.FixPageNotFoundErrors", false);
user_pref("CT2431245.GroupingServerCheckInterval", 1440);
user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2431245.HasUserGlobalKeys", true);
user_pref("CT2431245.HomePageProtectorEnabled", false);
user_pref("CT2431245.HomepageBeforeUnload", "hxxp://www.youtube.com/");
user_pref("CT2431245.Initialize", true);
user_pref("CT2431245.InitializeCommonPrefs", true);
user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
user_pref("CT2431245.InstalledDate", "Sat Apr 02 2011 09:59:37 GMT+0200");
user_pref("CT2431245.InvalidateCache", false);
user_pref("CT2431245.IsAlertDBUpdated", true);
user_pref("CT2431245.IsGrouping", false);
user_pref("CT2431245.IsMulticommunity", false);
user_pref("CT2431245.IsOpenThankYouPage", true);
user_pref("CT2431245.IsOpenUninstallPage", true);
user_pref("CT2431245.LanguagePackLastCheckTime", "Sat Jul 14 2012 14:16:35 GMT+0200");
user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2431245.LastLogin_3.11.0.3", "Tue May 08 2012 20:20:14 GMT+0200");
user_pref("CT2431245.LastLogin_3.12.2.3", "Fri May 25 2012 21:50:32 GMT+0200");
user_pref("CT2431245.LastLogin_3.13.0.6", "Sat Jul 14 2012 14:16:32 GMT+0200");
user_pref("CT2431245.LastLogin_3.3.3.2", "Mon Apr 11 2011 13:46:35 GMT+0200");
user_pref("CT2431245.LatestVersion", "3.13.0.6");
user_pref("CT2431245.Locale", "de-de");
user_pref("CT2431245.MCDetectTooltipHeight", "83");
user_pref("CT2431245.MCDetectTooltipShow", false);
user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2431245.MCDetectTooltipWidth", "295");
user_pref("CT2431245.MyStuffEnabledAtInstallation", true);
user_pref("CT2431245.RadioIsPodcast", false);
user_pref("CT2431245.RadioLastCheckTime", "Sat Jul 14 2012 14:16:39 GMT+0200");
user_pref("CT2431245.RadioLastUpdateIPServer", "3");
user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
user_pref("CT2431245.RadioMediaID", "20503672");
user_pref("CT2431245.RadioMediaType", "Media Player");
user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
user_pref("CT2431245.RadioShrinkedFromSetup", false);
user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
user_pref("CT2431245.SHRINK_TOOLBAR", 1);
user_pref("CT2431245.SavedHomepage", "hxxp://www.youtube.com/");
user_pref("CT2431245.SearchBackToDefaultEngine", false);
user_pref("CT2431245.SearchEngineBeforeUnload", "Google");
user_pref("CT2431245.SearchFromAddressBarIsInit", true);
user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=");
user_pref("CT2431245.SearchInNewTabEnabled", true);
user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
user_pref("CT2431245.SearchInNewTabLastCheckTime", "Sat Jul 14 2012 14:16:31 GMT+0200");
user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2431245.SearchInNewTabUserEnabled", false);
user_pref("CT2431245.SearchProtectorEnabled", false);
user_pref("CT2431245.SearchProtectorToolbarDisabled", false);
user_pref("CT2431245.ServiceMapLastCheckTime", "Sat Jul 14 2012 14:16:32 GMT+0200");
user_pref("CT2431245.SettingsLastCheckTime", "Sat Jul 14 2012 14:16:31 GMT+0200");
user_pref("CT2431245.SettingsLastUpdate", "1339926569");
user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Sun Jun 24 2012 16:21:26 GMT+0200");
user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1331806000");
user_pref("CT2431245.ToolbarShrinkedFromSetup", false);
user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2431245");
user_pref("CT2431245.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2431245.UserID", "UN61997065540069444");
user_pref("CT2431245.ValidationData_Search", 2);
user_pref("CT2431245.ValidationData_Toolbar", 2);
user_pref("CT2431245.WeatherNetwork", "");
user_pref("CT2431245.WeatherPollDate", "Sun May 06 2012 21:05:09 GMT+0200");
user_pref("CT2431245.WeatherUnit", "C");
user_pref("CT2431245.alertChannelId", "825452");
user_pref("CT2431245.approveUntrustedApps", true);
user_pref("CT2431245.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B
user_pref("CT2431245.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B
user_pref("CT2431245.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D
user_pref("CT2431245.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262A442B564B4E3B243D2F2D2F2F33433A45373838615D61406A644F38514341424545574E594B
user_pref("CT2431245.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D6850
user_pref("CT2431245.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A66
user_pref("CT2431245.backendstorage./9b+7e06cg5el8:", "6E6D6D70716E6D747678");
user_pref("CT2431245.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747373767774737A7C7E242F4B49474F42357D5D5C3D");
user_pref("CT2431245.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D
user_pref("CT2431245.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A49
user_pref("CT2431245.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D
user_pref("CT2431245.backendstorage./9b+7e31;cj7@3=i\"mbe", "247E61393F236B25707876792A212C6E414F444D327A34434C3F49552E594E513E3540236055505853565049324B787B4E455033707361553E
user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D327A344F4849524E562F59593E3540236055505853565049324B2A2A4E4550335F5B6571563
user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444D327A344F4849524E562F5A4F523F364124504C56624730493B4B424D305C5D66523B544356
user_pref("CT2431245.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A
user_pref("CT2431245.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B
user_pref("CT2431245.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B
user_pref("CT2431245.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D
user_pref("CT2431245.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A395148536775636367757567
user_pref("CT2431245.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B
user_pref("CT2431245.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A43
user_pref("CT2431245.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68
user_pref("CT2431245.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A72
user_pref("CT2431245.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A47
user_pref("CT2431245.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D
user_pref("CT2431245.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A51
user_pref("CT2431245.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F67757868
user_pref("CT2431245.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C44
user_pref("CT2431245.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C78
user_pref("CT2431245.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("CT2431245.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D73
user_pref("CT2431245.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B48
user_pref("CT2431245.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D
user_pref("CT2431245.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F
user_pref("CT2431245.backendstorage./9b-0?3g>d", "6A6D3F3E6E4374427A70754649204A484A7A25224E7E502A54532923585B285A2A2C5F5D");
user_pref("CT2431245.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT2431245.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
user_pref("CT2431245.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
user_pref("CT2431245.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484778213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
user_pref("CT2431245.backendstorage./9b5ba==9cjag", "6C3E6C413F3F41727A6F74454A747C4C797B7E5050");
user_pref("CT2431245.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D70716E6D747773797173");
user_pref("CT2431245.backendstorage./9b9643g3/9e", "6A");
user_pref("CT2431245.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT2431245.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT2431245.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT2431245.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("CT2431245.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
user_pref("CT2431245.backendstorage._fb_dailyactivity", "31333032343533303934383231");
user_pref("CT2431245.backendstorage._fb_lifetimesent", "54525545");
user_pref("CT2431245.backendstorage.autocompletepro_enable", "31");
user_pref("CT2431245.backendstorage.autocompletepro_enable_auto", "31");
user_pref("CT2431245.backendstorage.ct2431245ads1", "253742253232616473253232253341253542253742253232616964253232253341253232333639312532322532432532327469746C6525323225334125
user_pref("CT2431245.backendstorage.ct2431245current_term", "6D696E6563726166742B73696E676C65706C617965722B6368656174656E");
user_pref("CT2431245.backendstorage.ct2431245isadsdisabled", "66616C7365");
user_pref("CT2431245.backendstorage.ct2431245sdate", "3130");
user_pref("CT2431245.backendstorage.facebook_ctid_connect_send", "73656E646564");
user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
user_pref("CT2431245.backendstorage.printitgreenstatus", "74727565");
user_pref("CT2431245.backendstorage.shoppingapp.gk.exipres", "4D6F6E204A756C20313620323031322031313A31313A303620474D542B30323030");
user_pref("CT2431245.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
user_pref("CT2431245.componentAlertEnabled", false);
user_pref("CT2431245.components.129009402593156547", false);
user_pref("CT2431245.components.129009402595656583", false);
user_pref("CT2431245.components.129453393919975934", false);
user_pref("CT2431245.components.129453393922944692", false);
user_pref("CT2431245.components.129453393923725944", false);
user_pref("CT2431245.components.129453394044193841", false);
user_pref("CT2431245.components.129530497903908208", false);
user_pref("CT2431245.components.129682601309982614", false);
user_pref("CT2431245.components.129687697467407697", false);
user_pref("CT2431245.components.129780209672379590", false);
user_pref("CT2431245.components.129790544018252482", false);
user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2431245.globalFirstTimeInfoLastCheckTime", "Sat Jul 07 2012 23:05:33 GMT+0200");
user_pref("CT2431245.homepageProtectorEnableByLogin", true);
user_pref("CT2431245.initDone", true);
user_pref("CT2431245.isAppTrackingManagerOn", true);
user_pref("CT2431245.isFirstRadioInstallation", false);
user_pref("CT2431245.isSearchProtectorNotifyChanges", false);
user_pref("CT2431245.myStuffEnabled", true);
user_pref("CT2431245.myStuffPublihserMinWidth", 400);
user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2431245.oldAppsList", "129009402577063104,129009402577844366,111,129790544018252482,129453393923725944,129453393922944692,129530497903908208,1000082,1290094025931
user_pref("CT2431245.revertSettingsEnabled", true);
user_pref("CT2431245.searchProtectorDialogDelayInSec", 10);
user_pref("CT2431245.searchProtectorEnableByLogin", true);
user_pref("CT2431245.testingCtid", "");
user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Sat Jul 14 2012 14:16:35 GMT+0200");
user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Wed Jul 11 2012 11:11:02 GMT+0200");
user_pref("CT2431245.usageEnabled", false);
user_pref("CT2431245.usagesFlag", 2);
user_pref("CT2625848.1000082.isDisplayHidden", "true");
user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
user_pref("CT2625848.2625848a129894023611240511000000paramsGK1.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzUzNjE3ODM0OTQ3LCJ1cGRhdGVSZXNwVGltZSI6MTM1MzYxNzgzNTcyMSwiZGF0YSI6eyJzZXR0aW5nc
user_pref("CT2625848.CBOpenMAMSettings.enc", "MA==");
user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2625848.FirstTime", "true");
user_pref("CT2625848.FirstTimeFF3", "true");
user_pref("CT2625848.LoginRevertSettingsEnabled", true);
user_pref("CT2625848.RevertSettingsEnabled", true);
user_pref("CT2625848.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=");
user_pref("CT2625848.UserID", "UN64348853325216635");
user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2625848.autoDisableScopes", 0);
user_pref("CT2625848.browser.search.defaultthis.engineName", true);
user_pref("CT2625848.cbcountry_001.enc", "REU=");
user_pref("CT2625848.cbfirsttime.enc", "VGh1IE5vdiAyMiAyMDEyIDIxOjU3OjE5IEdNVCswMTAw");
user_pref("CT2625848.defaultSearch", "true");
user_pref("CT2625848.enableAlerts", "false");
user_pref("CT2625848.enableFix404ByUser", "TRUE");
user_pref("CT2625848.enableSearchFromAddressBar", "true");
user_pref("CT2625848.firstTimeDialogOpened", "true");
user_pref("CT2625848.fixPageNotFoundError", "true");
user_pref("CT2625848.fixPageNotFoundErrorByUser", "true");
user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2625848.fixUrls", true);
user_pref("CT2625848.homepageuserchanged", true);
user_pref("CT2625848.installId", "conduitnsisintegration");
user_pref("CT2625848.installType", "conduitnsisintegration");
user_pref("CT2625848.isCheckedStartAsHidden", true);
user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2625848.isFirstTimeToolbarLoading", "false");
user_pref("CT2625848.isNewTabEnabled", true);
user_pref("CT2625848.isPerformedSmartBarTransition", "true");
user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2625848.keyword", true);
user_pref("CT2625848.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2625848&octid=CT2625848&SearchSource=15&CUI=UN6434885332521663
user_pref("CT2625848.lastVersion", "10.15.2.523");
user_pref("CT2625848.migrateAppsAndComponents", true);
user_pref("CT2625848.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://DVDVideoSoftT
user_pref("CT2625848.openThankYouPage", "false");
user_pref("CT2625848.openUninstallPage", "true");
user_pref("CT2625848.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"11\\\\/22\\\\/2012 23\\\"}\"}");
user_pref("CT2625848.revertSettingsEnabled", "false");
user_pref("CT2625848.search.searchAppId", "129181467799155027");
user_pref("CT2625848.search.searchCount", "0");
user_pref("CT2625848.searchInNewTabEnabledByUser", "true");
user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2625848\"}");
user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTBDE.OurToolbar.com//xpi\"}");
user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB DE\"}");
user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353617831374");
user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1353617830465");
user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353617833753");
user_pref("CT2625848.serviceLayer_services_location_lastUpdate", "1366227426335");
user_pref("CT2625848.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359337172205");
user_pref("CT2625848.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361129590231");
user_pref("CT2625848.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364237259101");
user_pref("CT2625848.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365971456271");
user_pref("CT2625848.serviceLayer_services_login_10.15.2.523_lastUpdate", "1366283869450");
user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353617833705");
user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1353617828629");
user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1366227426254");
user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353617832276");
user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1366283868952");
user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1366227426138");
user_pref("CT2625848.serviceLayer_services_userApps_lastUpdate", "1353617835671");
user_pref("CT2625848.settingsINI", true);
user_pref("CT2625848.shouldFirstTimeDialog", "false");
user_pref("CT2625848.showToolbarPermission", "false");
user_pref("CT2625848.smartbar.CTID", "CT2625848");
user_pref("CT2625848.smartbar.Uninstall", "0");
user_pref("CT2625848.smartbar.homepage", true);
user_pref("CT2625848.smartbar.isHidden", true);
user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
user_pref("CT2625848.startPage", "userChanged");
user_pref("CT2625848.toolbarBornServerTime", "22-11-2012");
user_pref("CT2625848.toolbarCurrentServerTime", "18-4-2013");
user_pref("CT2625848.toolbarLoginClientTime", "Mon Mar 25 2013 23:16:56 GMT+0100");
user_pref("CT2625848.url_history0001.enc", "aHR0cDovL3d3dy55b3V0dWJlLmNvbS93YXRjaD92PThSTzQ3SFoxNG5jIzo6OmNsaWNraGFuZGxlcjo6OjEzNTM2MTgxMTAxNDcsLCxodHRwOi8vd3d3LnlvdXR1YmUuY29
user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1366298530393,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("CT2851647..clientLogIsEnabled", false);
user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2851647.CTID", "CT2851647");
user_pref("CT2851647.CurrentServerDate", "14-7-2012");
user_pref("CT2851647.DSInstall", true);
user_pref("CT2851647.DialogsAlignMode", "LTR");
user_pref("CT2851647.DialogsGetterLastCheckTime", "Sat Jul 14 2012 14:16:38 GMT+0200");
user_pref("CT2851647.DownloadReferralCookieData", "");
user_pref("CT2851647.EMailNotifierPollDate", "Tue Oct 18 2011 12:27:51 GMT+0200");
user_pref("CT2851647.FeedLastCount2532783744689806690", 138);
user_pref("CT2851647.FeedPollDate2429156812186649977", "Tue Oct 18 2011 12:22:49 GMT+0200");
user_pref("CT2851647.FeedPollDate2429156813040823546", "Tue Oct 18 2011 15:22:54 GMT+0200");
user_pref("CT2851647.FeedPollDate2429156813130095866", "Tue Oct 18 2011 15:22:52 GMT+0200");
user_pref("CT2851647.FeedPollDate2429156813224203613", "Tue Oct 18 2011 12:22:48 GMT+0200");
user_pref("CT2851647.FeedPollDate2429156813230837251", "Tue Oct 18 2011 12:22:48 GMT+0200");
user_pref("CT2851647.FeedPollDate2429156813454291735", "Tue Oct 18 2011 15:22:53 GMT+0200");
user_pref("CT2851647.FeedPollDate2429156813729834876", "Tue Oct 18 2011 12:22:48 GMT+0200");
user_pref("CT2851647.FeedPollDate2429156813860870021", "Tue Oct 18 2011 12:22:49 GMT+0200");
user_pref("CT2851647.FeedPollDate2429156814264681793", "Tue Oct 18 2011 15:22:52 GMT+0200");
user_pref("CT2851647.FeedPollDate2429156814863075366", "Tue Oct 18 2011 12:22:48 GMT+0200");
user_pref("CT2851647.FeedPollDate2429156815257761081", "Tue Oct 18 2011 12:22:48 GMT+0200");
user_pref("CT2851647.FeedTTL2429156813040823546", 15);
user_pref("CT2851647.FeedTTL2429156813130095866", 10);
user_pref("CT2851647.FeedTTL2429156813454291735", 5);
user_pref("CT2851647.FeedTTL2429156814264681793", 5);
user_pref("CT2851647.FirstServerDate", "18-10-2011");
user_pref("CT2851647.FirstTime", true);
user_pref("CT2851647.FirstTimeFF3", true);
user_pref("CT2851647.FixPageNotFoundErrors", false);
user_pref("CT2851647.GroupingServerCheckInterval", 1440);
user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2851647.HPInstall", false);
user_pref("CT2851647.HasUserGlobalKeys", true);
user_pref("CT2851647.HomePageProtectorEnabled", true);
user_pref("CT2851647.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
user_pref("CT2851647.Initialize", true);
user_pref("CT2851647.InitializeCommonPrefs", true);
user_pref("CT2851647.InstallationAndCookieDataSentCount", 3);
user_pref("CT2851647.InstallationType", "UnknownIntegration");
user_pref("CT2851647.InstalledDate", "Tue Oct 18 2011 12:22:48 GMT+0200");
user_pref("CT2851647.IsGrouping", false);
user_pref("CT2851647.IsInitSetupIni", true);
user_pref("CT2851647.IsMulticommunity", false);
user_pref("CT2851647.IsOpenThankYouPage", true);
user_pref("CT2851647.IsOpenUninstallPage", false);
user_pref("CT2851647.IsProtectorsInit", true);
user_pref("CT2851647.LanguagePackLastCheckTime", "Sat Jul 14 2012 14:16:38 GMT+0200");
user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2851647.LastLogin_3.12.0.7", "Fri Apr 27 2012 21:12:35 GMT+0200");
user_pref("CT2851647.LastLogin_3.12.2.3", "Thu May 31 2012 20:58:18 GMT+0200");
user_pref("CT2851647.LastLogin_3.13.0.6", "Sat Jul 14 2012 14:16:39 GMT+0200");
user_pref("CT2851647.LastLogin_3.7.0.6", "Tue Oct 18 2011 12:22:51 GMT+0200");
user_pref("CT2851647.LatestVersion", "3.13.0.6");
user_pref("CT2851647.Locale", "de");
user_pref("CT2851647.MCDetectTooltipHeight", "83");
user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2851647.MCDetectTooltipWidth", "295");
user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
user_pref("CT2851647.OriginalFirstVersion", "3.7.0.6");
user_pref("CT2851647.SavedHomepage", "youtube.com");
user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
user_pref("CT2851647.SearchEngineBeforeUnload", "uTorrentBar_DE Customized Web Search");
user_pref("CT2851647.SearchFromAddressBarIsInit", true);
user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&q=");
user_pref("CT2851647.SearchInNewTabEnabled", true);
user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
user_pref("CT2851647.SearchInNewTabLastCheckTime", "Sat Jul 14 2012 14:16:37 GMT+0200");
user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2851647.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2851647.SearchProtectorEnabled", true);
user_pref("CT2851647.SearchProtectorToolbarDisabled", false);
user_pref("CT2851647.SendProtectorDataViaLogin", true);
user_pref("CT2851647.ServiceMapLastCheckTime", "Sat Jul 14 2012 14:16:38 GMT+0200");
user_pref("CT2851647.SettingsLastCheckTime", "Sat Jul 14 2012 14:16:36 GMT+0200");
user_pref("CT2851647.SettingsLastUpdate", "1337169810");
user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Tue Oct 18 2011 12:22:40 GMT+0200");
user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1255344657");
user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2851647.UserID", "UN94199233086609151");
user_pref("CT2851647.ValidationData_Toolbar", 1);
user_pref("CT2851647.WeatherNetwork", "");
user_pref("CT2851647.WeatherPollDate", "Tue Oct 18 2011 12:22:49 GMT+0200");
user_pref("CT2851647.WeatherUnit", "C");
user_pref("CT2851647.alertChannelId", "1243681");
user_pref("CT2851647.backendstorage.cbfirsttime", "547565204F637420313820323031312031323A32323A353420474D542B30323030");
user_pref("CT2851647.backendstorage.pairingkey", "41363732314235313235434435463242333338423034314543453146413038313846353239363841");
user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
user_pref("CT2851647.backendstorage.uttorrents", "7B226275696C64223A32353735362C226C6162656C223A5B5D2C22746F7272656E7473223A5B5B22463730463435373539453646393037344630433639393
user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Tue Oct 18 2011 12:22:48 GMT+0200");
user_pref("CT2851647.homepageProtectorEnableByLogin", true);
user_pref("CT2851647.initDone", true);
user_pref("CT2851647.isAppTrackingManagerOn", true);
user_pref("CT2851647.myStuffEnabled", true);
user_pref("CT2851647.myStuffPublihserMinWidth", 400);
user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2851647.revertSettingsEnabled", true);
user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
user_pref("CT2851647.searchProtectorEnableByLogin", true);
user_pref("CT2851647.testingCtid", "");
user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Sat Jul 14 2012 14:16:38 GMT+0200");
user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Tue Oct 18 2011 12:22:52 GMT+0200");
user_pref("CT2851647.usagesFlag", 2);
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar_DE Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245", "\"3523108e335fea0644468b3dbf456f562\"");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647", "\"ecf34dbe1d11ac3c287683de17e3d0c02\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243681/1239354/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", "\"1334580802\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", "\"1334672089\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "oIwsta2spzadhjRgiY1Nhw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de-de", "oIwsta2spzadhjRgiY1Nhw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "WiZSpHJzJ/uTUKvfHHyj/w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de-de", "pMJrsOAIrcWADPEnEML9WA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "9H/gICSaMqbmx+Gd+8W4Sg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de-de", "U5mhHQKIYvMC666+kpF/Lw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "eJfMrdrGnhGHiiPiYjgAww==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de-de", "eJfMrdrGnhGHiiPiYjgAww==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0c2e55e22f5cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11.0.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"0ee90707f77cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245", "\"5a3bfb736bf65ca0cca630a3f0917948\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647", "\"5a3bfb736bf65ca0cca630a3f0917948\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2851647&octid=CT2851647", "\"1313478221\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245", "\"1301558302\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"90a6f50158fc69d971d4e5b58046cce2\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b5761f23e164ca5aa8a71b6bddf4f276\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"5efe83b96acb0439b16a83e166b1f7ff\"");
user_pref("CommunityToolbar.EngineHiddenByUser", false);
user_pref("CommunityToolbar.EngineOwner", "");
user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3");
user_pref("CommunityToolbar.IsEngineShown", false);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Meilo\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\uvwa85x5.default\\conduitCommon\\modules\\3.13.0.6");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/arcade.htm?ctId=CT2851647", "744x662");
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_1ca2f5f3", "356x332");
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_963cf710", "356x332");
user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/index.htm?SearchMashine=true&q=");
user_pref("CommunityToolbar.ToolbarsList", "CT2431245,CT2851647");
user_pref("CommunityToolbar.ToolbarsList2", "CT2431245,CT2851647");
user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 02 2011 09:59:35 GMT+0200");
user_pref("CommunityToolbar.alert.alertEnabled", true);
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 17 2011 16:05:11 GMT+0200");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 22 2011 21:15:57 GMT+0200");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "51583a5a-2992-4670-aa60-bd6ad3a594a6");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Oct 18 2011 12:22:52 GMT+0200");
user_pref("CommunityToolbar.globalUserId", "4c6a17d3-08a7-4ee5-a06b-bca9120b6484");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851647");
user_pref("CommunityToolbar.killedEngine", true);
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Jul 07 2012 23:05:37 GMT+0200");
user_pref("CommunityToolbar.notifications.alertEnabled", true);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Jul 14 2012 14:16:46 GMT+0200");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Jul 14 2012 14:16:37 GMT+0200");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "319b0e02-5c67-43cc-b179-8ccc67b3daa4");
user_pref("CommunityToolbar.originalHomepage", "youtube.com");
user_pref("CommunityToolbar.originalSearchEngine", "Google");
user_pref("CommunityToolbar.undefined", "");
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1e00b901-9abc-4e0d-a3bd-a4e9a29304f2&affid=
user_pref("Smartbar.keywordURLSelectedCTID", "CT2625848");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.defaultthis.engineName", "uTorrentBar_DE Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "orgnl");
user_pref("extensions.BabylonToolbar.bbDpng", 11);
user_pref("extensions.BabylonToolbar.cntry", "DE");
user_pref("extensions.BabylonToolbar.dfltSrch", false);
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.firstRun", false);
user_pref("extensions.BabylonToolbar.hdrMd5", "D06E5D1A97BB5A3E54017976EDB888D4");
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.id", "3323cf4484874d32b111323e1da15427");
user_pref("extensions.BabylonToolbar.instlDay", "15118");
user_pref("extensions.BabylonToolbar.lastActv", "11");
user_pref("extensions.BabylonToolbar.lastDP", 11);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
user_pref("extensions.BabylonToolbar.newTab", false);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.propectorlck", 80562264);
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.sid", "3323cf4484874d32b111323e1da15427");
user_pref("extensions.BabylonToolbar.smplGrp", "free");
user_pref("extensions.crossrider.bic", "138590aad5e3717fb7b9201d00ecd5a3");
user_pref("extensions.defaulttab.active.affiliate", 4003);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.browserID", "09C93942163A88F81B28A6E599B4592C");
user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search He
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "1.4.4");
user_pref("extensions.engine@conduit.com.install-event-fired", true);
user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=5");
user_pref("extensions.facemoods.admin", false);
user_pref("extensions.facemoods.aflt", "orgnl");
user_pref("extensions.facemoods.dfltSrch", false);
user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");
user_pref("extensions.facemoods.dnsErr", true);
user_pref("extensions.facemoods.excTlbr", false);
user_pref("extensions.facemoods.firstRun", true);
user_pref("extensions.facemoods.hmpg", false);
user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
user_pref("extensions.facemoods.id", "1e6b7ca5000000000000485d604e926b");
user_pref("extensions.facemoods.instlDay", "15279");
user_pref("extensions.facemoods.lastVrsnTs", "");
user_pref("extensions.facemoods.mntz", "");
user_pref("extensions.facemoods.newTab", false);
user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=2");
user_pref("extensions.facemoods.noFFXTlbr", false);
user_pref("extensions.facemoods.prtnrId", "facemoods.com");
user_pref("extensions.facemoods.searchProviderAdded", true);
user_pref("extensions.facemoods.sid", "c2d600344720436cb7f70f6bc4ee84e6");
user_pref("extensions.facemoods.smplGrp", "free");
user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=3");
user_pref("extensions.facemoods.vrsn", "1.4.17.11");
user_pref("extensions.ffxtlbr@Facemoods.com.install-event-fired", true);
user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.cntry", "DE");
user_pref("extensions.incredibar.dfltLng", "");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.did", "10665");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "3B48055EDD199A935B3EBF5F2C4101D1");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.id", "1e6b7ca5000000000000485d604e926b");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlDay", "15534");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1411:56:33");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyHNSNn7w&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.upn2", "6OyHNSNn7w");
user_pref("extensions.incredibar.upn2n", "92261747563765158");
user_pref("extensions.incredibar.vrsn", "1.5.11.14");
user_pref("extensions.incredibar.vrsnTs", "1.5.11.1411:56:33");
user_pref("extensions.incredibar.vrsni", "1.5.11.14");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10665");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "1e6b7ca5000000000000485d604e926b");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15534");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyHNSNn7w&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6OyHNSNn7w");
user_pref("extensions.incredibar_i.upn2n", "92261747563765158");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1411:56:33");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1359114097105");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent110", "1355836243363");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1359114097123");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1357996608028");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1359114097137");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1359146655749");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent136", "1358970854932");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1357428235161");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent105", "1358546915625");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1357996119096");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent110", "1356273364395");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1357996119115");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1357996120046");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1357996119131");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent134", "1358948687354");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN64348853325216635&UM=&q=");
user_pref("plasmoo.search.engine.prevkeywordurl", "hxxp://search.babylon.com/?babsrc=toolbar2&q=");
user_pref("smartBar.searchInNewTabOwner", "CT2625848");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT
user_pref("smartbar.machineId", "IUZFG1NMP9PTWIUBSCJKF0W7QQK+PGHCF81MM5WV3G2ZCYCHEIH7AH+UDO6Q/47WADH81FT/YLDBRYQSB97QPG");
user_pref("smartbar.originalHomepage", "hxxp://www.youtube.com/");
user_pref("smartbar.originalSearchAddressUrl", "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1e00b901-9abc-4e0d-a3bd-a4e9a29304f2&affid=1107
user_pref("smartbar.originalSearchEngine", "Google");
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.enable", "true");
user_pref("sweetim.toolbar.simapp_id", "{A060B837-6066-11E0-BD8E-6C626D9211E5}");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.searc
Emptied folder: C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\minidumps [1783 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Meilo\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Folder] C:\Users\Meilo\appdata\local\Google\Chrome\User Data\Default\Extensions\hahpjplbmicfkmoccokbjejahjjpnena
Successfully deleted: [Folder] C:\Users\Meilo\appdata\local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dhkplhfnhceodhffomolpfigojocbpcb
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\gaiilaahiahdejapggenmdmafpmbipje
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\gaiilaahiahdejapggenmdmafpmbipje
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\hahpjplbmicfkmoccokbjejahjjpnena
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\kdidombaedgpfiiedeimiebkmbilgmlc
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.04.2013 at 17:38:01,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.200 - Datei am 18/04/2013 um 17:49:40 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium (32 bits)
# Benutzer : Meilo - MEILO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Meilo\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\searchplugins\plasmoo.xml
Gelöscht mit Neustart : C:\Users\Meilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Users\Meilo\AppData\Local\APN
Ordner Gelöscht : C:\Users\Meilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Ordner Gelöscht : C:\Users\Meilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Ordner Gelöscht : C:\Users\Meilo\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\Meilo\AppData\LocalLow\softonic-de3
Ordner Gelöscht : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\Conduit
Ordner Gelöscht : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\CT2431245
Ordner Gelöscht : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\CT2625848
Ordner Gelöscht : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\CT2851647
Ordner Gelöscht : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gelöscht : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Ordner Gelöscht : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Ordner Gelöscht : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gelöscht : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\extensions\engine@plasmoo.com
Ordner Gelöscht : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\Smartbar
Ordner Gelöscht : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\SweetIMToolbarData
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\softonic-de3
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20E976D3-16DF-4C74-A124-4438551B9444}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9AC2DC0-5A93-456F-A1CC-8FF00D51DF8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5255E21-96CC-411A-8D0B-1F985C4F739D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF67F764-95B6-4360-BB57-B2E5AA6C814B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\Software\softonic-de3
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1e00b901-9abc-4e0d-a3bd-a4e9a29304f2&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1e00b901-9abc-4e0d-a3bd-a4e9a29304f2&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1e00b901-9abc-4e0d-a3bd-a4e9a29304f2&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1e00b901-9abc-4e0d-a3bd-a4e9a29304f2&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Meilo\AppData\Roaming\Mozilla\Firefox\Profiles\uvwa85x5.default\prefs.js
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e31;cj7@3=i\"mbe", "247E61393F236B25707876792A212C6E414F444[...]
Gelöscht : user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2625848.FirstTime", "true");
Gelöscht : user_pref("CT2625848.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2625848.UserID", "UN98709501860664413");
Gelöscht : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.enableFix404ByUser", "TRUE");
Gelöscht : user_pref("CT2625848.fixPageNotFoundErrorByUser", "TRUE");
Gelöscht : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2625848.fixUrls", true);
Gelöscht : user_pref("CT2625848.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2625848.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Gelöscht : user_pref("CT2625848.lastVersion", "10.15.2.523");
Gelöscht : user_pref("CT2625848.mam_gk_installer_preapproved.enc", "RkFMU0U=");
Gelöscht : user_pref("CT2625848.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2625848.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Gelöscht : user_pref("CT2625848.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Gelöscht : user_pref("CT2625848.searchInNewTabEnabledByUser", "true");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.searchUserMode", "1");
Gelöscht : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2625848.serviceLayer_services_appTracking_lastUpdate", "1366299498867");
Gelöscht : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1366300068916");
Gelöscht : user_pref("CT2625848.serviceLayer_services_location_lastUpdate", "1366299617469");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.15.2.523_lastUpdate", "1366300098590");
Gelöscht : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1366299617376");
Gelöscht : user_pref("CT2625848.serviceLayer_services_setupAPI_lastUpdate", "1366299617548");
Gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1366300069096");
Gelöscht : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1366299618699");
Gelöscht : user_pref("CT2625848.settingsINI", true);
Gelöscht : user_pref("CT2625848.showToolbarPermission", "false");
Gelöscht : user_pref("CT2625848.smartbar.CTID", "CT2625848");
Gelöscht : user_pref("CT2625848.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2625848.smartbar.isHidden", true);
Gelöscht : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
Gelöscht : user_pref("CT2625848.toolbarCurrentServerTime", "18-4-2013");
Gelöscht : user_pref("CT2625848.toolbarLoginClientTime", "Thu Apr 18 2013 17:38:17 GMT+0200");
Gelöscht : user_pref("CT2625848.userIdGenerationCounter", "1");
Gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243681/1239354/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2851647&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b57[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Meilo\\AppData\\Roaming\\Mozilla\\F[...]
Gelöscht : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Gelöscht : user_pref("extensions.engine@plasmoo.com.install-event-fired", true);
Gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaultenginename", "chrome://browser-region/locale/regio[...]
Gelöscht : user_pref("plasmoo.search.engine.prevsearchselectedengine", "Google");
Gelöscht : user_pref("plasmoo.search.engine.prevstartuphomepage", "youtube.com");
Gelöscht : user_pref("plasmoo.search.engine.status", "INSTALLED");
Gelöscht : user_pref("smartbar.machineId", "IUZFG1NMP9PTWIUBSCJKF0W7QQK+PGHCF81MM5WV3G2ZCYCHEIH7AH+UDO6Q/47WADH[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Google Chrome v15.0.874.120
Datei : C:\Users\Meilo\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.37] : icon_url = "hxxp://search.conduit.com/fav.ico",
Gelöscht [l.40] : keyword = "search.conduit.com",
Gelöscht [l.43] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2[...]
*************************
AdwCleaner[S1].txt - [30103 octets] - [18/04/2013 17:49:40]
########## EOF - C:\AdwCleaner[S1].txt - [30164 octets] ##########
|
|
18.04.2013, 17:14
| #24 |
| | Proxy-Server Problem OTL.Txt: Code:
ATTFilter OTL logfile created on: 18.04.2013 18:02:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Meilo\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 55,97% Memory free 6,50 Gb Paging File | 4,72 Gb Available in Paging File | 72,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900,41 Gb Total Space | 794,74 Gb Free Space | 88,26% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 27,96 Gb Free Space | 93,21% Space Free | Partition Type: NTFS Computer Name: MEILO-PC | User Name: Meilo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Meilo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Meilo\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) PRC - C:\Users\Meilo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Meilo\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll () MOD - C:\Users\Meilo\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll () MOD - C:\Users\Meilo\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\d0dd051976a66e08325379754531421c\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll () MOD - C:\Program Files\Notepad++\NppShell_04.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ca0e279.dll () SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (XDva389) -- C:\Windows\system32\XDva389.sys File not found DRV - (XDva385) -- C:\Windows\system32\XDva385.sys File not found DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found DRV - (catchme) -- C:\Users\Meilo\AppData\Local\Temp\catchme.sys File not found DRV - (PROCEXP113) -- C:\Windows\System32\drivers\PROCEXP113.SYS (Sysinternals - www.sysinternals.com) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (MotioninJoyXFilter) -- C:\Windows\System32\drivers\MijXfilt.sys (MotioninJoy) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.) DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices) DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic) DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\..\SearchScopes,DefaultScope = {45C9D412-3FFC-42B8-A57A-563F25C13E76} IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\..\SearchScopes\{0DBB675E-5797-4438-A2F4-CF36EA088854}: "URL" = hxxp://www.mysearchresults.com/search?&c=4003&t=10&q={searchTerms} IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\..\SearchScopes\{45C9D412-3FFC-42B8-A57A-563F25C13E76}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\..\SearchScopes\{5E1C4034-45D4-440D-AB96-64F47D6D1CF5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=08a43a93-d9be-4772-a2b4-46b4aea34962&apn_sauid=93374EFD-6DBE-4115-ACF3-9B334012E9F1 IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\..\SearchScopes\{D28B64A2-C80B-4D3D-AD6D-99DCFFD208C9}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:80 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.youtube.com" FF - prefs.js..extensions.enabledAddons: uploader%40adblockfilters.mozdev.org:2.1 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7 FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3 FF - prefs.js..extensions.enabledAddons: info%40maltegoetz.de:1.0.1 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.http: "www-proxy.t-online.de" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks_version: 4 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Meilo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Meilo\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 14:01:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 14:01:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 14:01:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 14:11:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 14:11:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.31 20:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meilo\AppData\Roaming\mozilla\Extensions [2013.04.18 17:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meilo\AppData\Roaming\mozilla\Firefox\Profiles\uvwa85x5.default\extensions [2013.04.10 20:42:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Meilo\AppData\Roaming\mozilla\Firefox\Profiles\uvwa85x5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.04.05 19:28:01 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Meilo\AppData\Roaming\mozilla\Firefox\Profiles\uvwa85x5.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2012.10.13 22:07:06 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Meilo\AppData\Roaming\mozilla\Firefox\Profiles\uvwa85x5.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.04.16 21:24:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Meilo\AppData\Roaming\mozilla\Firefox\Profiles\uvwa85x5.default\extensions\ich@maltegoetz.de [2013.03.03 01:49:07 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.03.22 22:56:44 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\extensions\firefox@mega.co.nz.xpi [2011.10.19 10:01:14 | 000,174,405 | ---- | M] () (No name found) -- C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\extensions\guiconfig@slosd.net.xpi [2013.04.13 19:43:56 | 000,011,691 | ---- | M] () (No name found) -- C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\extensions\info@maltegoetz.de.xpi [2011.06.11 20:58:18 | 000,075,438 | ---- | M] () (No name found) -- C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\extensions\uploader@adblockfilters.mozdev.org.xpi [2012.12.11 15:03:10 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.14 20:48:53 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.22 22:57:10 | 000,001,064 | ---- | M] () -- C:\Users\Meilo\AppData\Roaming\mozilla\firefox\profiles\uvwa85x5.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml [2013.04.12 14:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.04.12 14:11:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.12 14:11:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.12 14:11:58 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.27 13:12:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.27 13:12:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.27 13:12:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.27 13:12:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.27 13:12:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.27 13:12:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://search.b1.org/?bsrc=4hcxr&chid=c167991 CHR - default_search_provider: Conduit (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.b1.org/?bsrc=4hcxr&chid=c167991 CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Meilo\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Meilo\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Meilo\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Meilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Battlefield Play4Free = C:\Users\Meilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\ CHR - Extension: AdBlock = C:\Users\Meilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Meilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Skype Click to Call = C:\Users\Meilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\ CHR - Extension: Anti-Banner = C:\Users\Meilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2013.04.17 20:45:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKU\S-1-5-21-375966446-2734493509-1640836784-1000..\Run: [Akamai NetSession Interface] C:\Users\Meilo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-375966446-2734493509-1640836784-1000..\Run: [Facebook Update] C:\Users\Meilo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - Startup: C:\Users\Meilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Meilo\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Meilo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBE86777-7DD3-4086-BB69-CF7B20CCF1C3}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\wlpg - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.18 18:00:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meilo\Desktop\OTL.exe [2013.04.18 17:27:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.18 17:26:53 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.18 17:26:01 | 000,551,702 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Meilo\Desktop\JRT.exe [2013.04.17 21:28:23 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS [2013.04.17 20:45:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.17 20:40:08 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.17 20:40:08 | 000,000,000 | ---D | C] -- C:\Users\Meilo\AppData\Local\temp [2013.04.17 20:30:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.17 20:30:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.17 20:30:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.17 20:30:26 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.04.17 20:30:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.17 20:30:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.17 20:23:02 | 005,054,659 | R--- | C] (Swearware) -- C:\Users\Meilo\Desktop\ComboFix.exe [2013.04.13 19:05:00 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.13 19:05:00 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.13 15:43:08 | 000,000,000 | ---D | C] -- C:\Users\Meilo\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013.04.12 14:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.10 14:53:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.10 14:53:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.10 14:53:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.10 14:53:18 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.10 14:53:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.10 14:53:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.10 14:53:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.10 14:53:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.10 12:43:18 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.10 12:43:08 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 12:43:07 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 12:43:07 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.10 12:43:00 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.04.10 12:43:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.04.09 15:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.03.27 14:02:49 | 000,000,000 | ---D | C] -- C:\Users\Meilo\Desktop\Switchbotv3_1 [2013.03.26 03:05:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.25 23:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.25 23:23:03 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.25 23:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.25 23:22:53 | 000,000,000 | ---D | C] -- C:\Users\Meilo\AppData\Local\Programs [2013.03.25 23:10:58 | 000,000,000 | ---D | C] -- C:\Users\Meilo\Desktop\Artimys2 - Client [2011.03.31 23:50:48 | 000,079,024 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dat [2011.03.31 23:50:44 | 002,550,960 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps.exe [2011.03.31 23:47:52 | 000,163,840 | ---- | C] (Beepa P/L) -- C:\Program Files\frapslcd.dll [2011.03.29 09:03:36 | 000,253,104 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps32.dll [2011.03.29 09:03:36 | 000,201,904 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dll [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.18 18:00:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meilo\Desktop\OTL.exe [2013.04.18 17:59:13 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.18 17:59:13 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.18 17:51:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.18 17:51:06 | 2616,684,544 | -HS- | M] () -- C:\hiberfil.sys [2013.04.18 17:50:01 | 000,000,172 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.18 17:40:24 | 000,613,083 | ---- | M] () -- C:\Users\Meilo\Desktop\adwcleaner.exe [2013.04.18 17:26:17 | 000,551,702 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Meilo\Desktop\JRT.exe [2013.04.18 17:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.17 21:52:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-375966446-2734493509-1640836784-1000UA.job [2013.04.17 21:28:23 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS [2013.04.17 20:45:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.17 20:29:58 | 005,054,659 | R--- | M] (Swearware) -- C:\Users\Meilo\Desktop\ComboFix.exe [2013.04.17 12:52:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-375966446-2734493509-1640836784-1000Core.job [2013.04.16 21:32:41 | 005,260,321 | ---- | M] () -- C:\Users\Meilo\Desktop\D-Block & S-Te-Fan Ft Zatox - Madhouse (FuLL) (HD).mp3 [2013.04.16 13:22:59 | 454,672,665 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.15 20:28:48 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.15 20:28:48 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.15 20:28:48 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.15 20:28:48 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.13 19:05:00 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.13 19:05:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.10 19:45:29 | 003,646,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.09 22:06:45 | 003,667,902 | ---- | M] () -- C:\Users\Meilo\Desktop\Benny Benassi - Satisfaction (RL Grime Remix).mp3 [2013.04.08 02:13:20 | 000,061,661 | -H-- | M] () -- C:\Users\Meilo\Desktop\46829_323129301138550_1847491961_n.jpg [2013.04.08 02:07:05 | 000,154,535 | -H-- | M] () -- C:\Users\Meilo\Desktop\2013_03_31_21.55.00.jpg [2013.03.31 20:26:43 | 000,000,000 | ---- | M] () -- C:\Users\Meilo\defogger_reenable [2013.03.27 16:08:27 | 000,000,454 | ---- | M] () -- C:\Users\Meilo\Desktop\Coretime.asx [2013.03.25 23:05:35 | 000,000,454 | ---- | M] () -- C:\Users\Meilo\Desktop\Hardbase.asx [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.18 17:49:44 | 000,000,172 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.18 17:40:17 | 000,613,083 | ---- | C] () -- C:\Users\Meilo\Desktop\adwcleaner.exe [2013.04.17 20:30:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.17 20:30:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.17 20:30:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.17 20:30:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.17 20:30:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.16 21:31:31 | 005,260,321 | ---- | C] () -- C:\Users\Meilo\Desktop\D-Block & S-Te-Fan Ft Zatox - Madhouse (FuLL) (HD).mp3 [2013.04.14 13:15:31 | 454,672,665 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.13 19:05:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.09 22:06:20 | 003,667,902 | ---- | C] () -- C:\Users\Meilo\Desktop\Benny Benassi - Satisfaction (RL Grime Remix).mp3 [2013.04.08 02:13:19 | 000,061,661 | -H-- | C] () -- C:\Users\Meilo\Desktop\46829_323129301138550_1847491961_n.jpg [2013.04.08 02:06:58 | 000,154,535 | -H-- | C] () -- C:\Users\Meilo\Desktop\2013_03_31_21.55.00.jpg [2013.03.31 20:26:43 | 000,000,000 | ---- | C] () -- C:\Users\Meilo\defogger_reenable [2013.03.27 16:08:18 | 000,000,454 | ---- | C] () -- C:\Users\Meilo\Desktop\Coretime.asx [2013.03.14 22:58:56 | 001,065,984 | ---- | C] () -- C:\Users\Meilo\AppData\Local\file__0.localstorage [2013.02.19 19:20:45 | 000,000,306 | RHS- | C] () -- C:\Users\Meilo\ntuser.pol [2013.01.12 19:08:57 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2012.12.22 03:01:56 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.12.22 03:01:56 | 000,022,328 | ---- | C] () -- C:\Users\Meilo\AppData\Roaming\PnkBstrK.sys [2012.12.22 03:01:28 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.12.22 03:01:26 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.12.12 15:23:37 | 000,163,580 | ---- | C] () -- C:\Users\Meilo\Schnappschuss von mir 1.png [2012.08.01 02:09:35 | 000,001,908 | ---- | C] () -- C:\Users\Meilo\Minecraft&Updater.lnk [2012.07.26 14:40:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2012.04.15 12:30:47 | 000,017,408 | ---- | C] () -- C:\Users\Meilo\AppData\Local\WebpageIcons.db [2012.04.15 12:29:03 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2012.04.15 12:29:03 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.11.01 20:38:17 | 000,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll [2011.11.01 20:38:16 | 000,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll [2011.10.16 21:35:26 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe [2011.10.10 23:26:39 | 000,000,132 | ---- | C] () -- C:\Users\Meilo\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.07.25 13:59:34 | 000,004,608 | ---- | C] () -- C:\Users\Meilo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.06.07 11:10:47 | 000,108,506 | ---- | C] () -- C:\Users\Meilo\justb.jpg [2011.06.04 10:55:09 | 002,647,614 | ---- | C] () -- C:\Users\Meilo\Fraps v3.4.0 (Full Registered Version).rar [2011.04.06 20:36:44 | 000,000,600 | ---- | C] () -- C:\Users\Meilo\AppData\Local\PUTTY.RND [2011.03.31 20:42:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.29 09:02:14 | 000,001,905 | ---- | C] () -- C:\Program Files\README.HTM ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.04.2013 18:02:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Meilo\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 55,97% Memory free
6,50 Gb Paging File | 4,72 Gb Available in Paging File | 72,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900,41 Gb Total Space | 794,74 Gb Free Space | 88,26% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 27,96 Gb Free Space | 93,21% Space Free | Partition Type: NTFS
Computer Name: MEILO-PC | User Name: Meilo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-375966446-2734493509-1640836784-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09825C79-1BDC-4B2B-8052-AAACB7D61F01}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C3E00C1-30F9-452C-A4A4-A2CB72B3EF02}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0C5B6562-1966-40F5-8CB6-AF2505344263}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{16180A37-26A3-442A-B8CC-18E8EBD3CA59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D1BB1E7-7DD7-4911-BF9F-57FB25CCBBB4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{289FF668-3986-4D84-97CB-4C60C7D94635}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{300E50E9-2337-4C2A-A01C-36FB75BA0251}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36EA691D-B54A-4486-8CB3-8234D55AF898}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{421B18D2-6661-4519-803E-CF0C891A18AF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4A3F1ACC-8ECF-415F-A354-57B4507DB494}" = lport=25565 | protocol=6 | dir=in | name=justforkill server |
"{4D765992-8C95-43D2-81AE-F14CE54C2F79}" = lport=2869 | protocol=6 | dir=in | app=system |
"{539210FF-6846-4DB3-95E3-87331D1FDEB0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54FAF5DF-2F58-4DCE-9810-53F3EB81EAC3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{55CB6B44-F2B0-4D05-BBF9-9DA27FCB35F5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{66EAEB40-BF67-4539-BFE5-B3CF1409918F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67E81907-0A45-4EB6-91AA-7E07137C365F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69182442-1445-4525-AF6A-4B06ECEEE82A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6D1FA6A2-9DEE-46F6-885E-4830E6DEA41D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{853B176F-59E9-46ED-BD74-97E88EDF9F8D}" = lport=445 | protocol=6 | dir=in | app=system |
"{88E8E0B6-0573-4F2B-A56C-5FF9C7B4E4F2}" = lport=139 | protocol=6 | dir=in | app=system |
"{9927990B-3389-4523-92DA-28C614FCE227}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B20DAD2-02DE-4673-A7F2-C28D7D232129}" = rport=138 | protocol=17 | dir=out | app=system |
"{9BD66222-0497-4232-AA84-D5A6BB84DB35}" = lport=138 | protocol=17 | dir=in | app=system |
"{A5DE19EC-7099-4428-83AC-6B4FF389B59A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8E21997-F2BA-4910-A940-35EFC0248611}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B0C3B5AE-9F5E-4207-B56E-68D7AB7B9FC9}" = rport=137 | protocol=17 | dir=out | app=system |
"{BAFA771F-F4F8-4D82-A49A-3774D6C9FF27}" = rport=139 | protocol=6 | dir=out | app=system |
"{C157E343-FA66-4B7F-AC00-5279F5CBB8BB}" = lport=52355 | protocol=6 | dir=in | name=akamai netsession interface |
"{C6CFD659-4E54-4216-B668-5781082AC0DE}" = rport=445 | protocol=6 | dir=out | app=system |
"{DA5AE83A-5BB3-4E75-BFC6-7720DB609883}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DC4F24C2-B539-4DE3-BF8E-5EE94D6ABC63}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC72C40B-9AD6-409B-A93C-4D83FFFA9E50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECB224B1-3F14-4A1A-A135-BC8616257725}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7118162-240C-4635-8CE0-DB526695DF10}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F9BE143E-17F6-4038-8857-0FC772692660}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FE9DA506-3B7A-4C71-B729-222936AD77F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF29AF2A-B232-4462-AB1B-E2A07975492F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B8777C-1663-47EF-A6C0-D8BFC53560A8}" = protocol=6 | dir=out | app=system |
"{01C0BD1E-BD96-4CDC-B9AD-EB5CC0B29726}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0501A3CB-D87C-451F-A3B6-D6822FE2E285}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{0E685686-DBDA-424D-B641-72893B313599}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0E9DFB27-85ED-4F89-8D83-FBCC8D9D5623}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0EB8BA62-8BFB-45B1-ACBC-E85542BB20A0}" = protocol=17 | dir=in | app=c:\users\meilo\appdata\roaming\winupd.exe |
"{13D64274-6BA0-4FC9-BA20-18ECEF80241E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{1589581A-66FB-476B-AA66-CFD4EBD5CF90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BEA2F80-B2B2-4C20-88D2-39FAB03077B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DA5B1B9-838E-4362-BDD9-C3097838616F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1E851347-1452-40AB-B18E-1395394F8C0A}" = protocol=17 | dir=in | app=c:\users\meilo\desktop\artimys2 - client\artimys2 starter.exe |
"{1EB7A058-F307-4D1F-A2AD-3464F8C403AE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{1F88E392-0F86-4BF8-83D6-3F2721DA96B3}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{3CC92B57-3320-43C4-92A9-6F00796B8E03}" = protocol=17 | dir=in | app=c:\users\meilo\appdata\roaming\winupd.exe |
"{44B24643-0227-41A9-A8FA-0D642CF11FC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{450A58E1-049C-42B9-8EBF-C67C9C49877A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51F9C55D-87AC-45F2-BED3-1D5C6A596266}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{551CDF98-A8C5-4CAD-A897-CEC70F74968B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{57F34E1A-ABD7-44F6-9A7D-3DAC37AB76CC}" = dir=in | app=%appdata%\winupd.exe |
"{61E90EF8-22FE-4D5C-A340-B56C0136B596}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6FAD9597-05D5-4A27-84D6-E230029633E0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{70FB8003-AA24-4AB5-92B5-1C495BC7413D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{77148036-3EC3-4946-93E4-8597AEEED5F9}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"{79FCD74E-9B3F-43F5-BBC0-AD89CA223E0B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{87E9150A-BD1C-4B2D-AA8D-4228D181BEDF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{881A36BF-BB97-4F87-9A20-51C39162C370}" = protocol=6 | dir=in | app=c:\users\meilo\appdata\roaming\winupd.exe |
"{88239FAB-4E7B-42B7-9371-5F180FA01223}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{91A8D0C2-C7D9-4B73-B03B-B0D7241E59C7}" = protocol=6 | dir=in | app=c:\users\meilo\desktop\artimys2 - client\artimys2 starter.exe |
"{948771B4-7C0F-41D2-9F1B-35182601585A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{97FC3729-C1BF-469E-8E66-F36A9A80FB50}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99AE01A3-4441-4154-A120-52C75375B5F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A565BC8-10FD-4A20-AFC1-ACAE136A2151}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A643ADF9-528F-42DD-8240-4AB92F98245A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{ACCBDD2D-6F02-4583-8DBB-9A778D07B72E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C249EA65-803D-4FFC-9E00-51008B3D895B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C300227F-F9E0-47C3-A545-3842855C871D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{C846DB54-E29D-490E-B31C-DBB0CEAC3633}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{CA78888A-2104-475D-A1BD-1E94E56A42B1}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CD6D3ABF-14C6-4D2A-8554-87BD0C7D9CA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD88037F-8960-4F9F-8F25-E418C0823DB2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CEAB3B87-FD77-41DC-8544-7AE3B4870C94}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{CF49B527-8A9E-4A91-BD3F-A680E48E8A43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D9CA9A36-2306-410D-BF77-B019B741554A}" = protocol=6 | dir=in | app=c:\users\meilo\appdata\roaming\winupd.exe |
"{E27BE33E-98FD-443F-9EC6-E7636D93A6FC}" = dir=out | app=%appdata%\winupd.exe |
"{E50AB746-9371-49EB-9A67-FB13176041A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EBED1B4D-3383-4C69-8E1F-6CB612DCFCA2}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{F6687736-C1F4-40C2-BCA2-9AB188ED54E7}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"{F768FA39-98CC-40C5-8A5A-D2FF7EC75E79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF9EA2B8-4654-495D-8320-4992E3048536}" = dir=in | app=c:\users\meilo\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{09BFBD6B-3C16-4F81-BFBE-7D05CA392B27}C:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5m.dat" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5m.dat |
"TCP Query User{0A4D85B9-D634-4CBD-8207-F8B418F35A2D}C:\users\meilo\appdata\local\iw4m\iw4m.dat" = protocol=6 | dir=in | app=c:\users\meilo\appdata\local\iw4m\iw4m.dat |
"TCP Query User{0D40CFDD-6CC7-428E-A3A6-AA8FF60F3537}C:\users\meilo\appdata\local\iw4m\iw4m.dat" = protocol=6 | dir=in | app=c:\users\meilo\appdata\local\iw4m\iw4m.dat |
"TCP Query User{2A9C057A-08DC-46AE-ABBC-AA681AFDE4EF}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{31CDF017-FF49-4EBD-BCA6-786A88F9F395}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{35A3FD66-544E-4252-AC1D-746BB0C3EB9A}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{3DB7C98B-74F1-4A27-AF0F-3BE4B90A83D5}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{4D1D7282-1D72-4CE1-A9AB-986832C34FB6}C:\users\meilo\appdata\local\virtualstore\program files\metin2 singapore\metin2.bin" = protocol=6 | dir=in | app=c:\users\meilo\appdata\local\virtualstore\program files\metin2 singapore\metin2.bin |
"TCP Query User{856D2EE7-E0BF-43AA-858F-E21597118D15}C:\users\meilo\desktop\artimys2 - client\artimys2 starter.exe" = protocol=6 | dir=in | app=c:\users\meilo\desktop\artimys2 - client\artimys2 starter.exe |
"TCP Query User{8E8BC283-BB16-4966-87D0-F8B19C597497}C:\users\meilo\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\meilo\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A7A5DB83-D736-4979-9DDC-98F05D763CC7}C:\users\meilo\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\meilo\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B3C89E78-7629-4034-B1A3-30A835C27B29}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{C980DE8F-9943-4889-BF83-18AF5F0B75D7}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{25755B7D-90D6-48EF-B780-8AAE00EBD147}C:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5m.dat" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5m.dat |
"UDP Query User{5C997089-872D-4991-BC8C-7C0D69D79599}C:\users\meilo\appdata\local\iw4m\iw4m.dat" = protocol=17 | dir=in | app=c:\users\meilo\appdata\local\iw4m\iw4m.dat |
"UDP Query User{693D495F-6849-4C2B-B6D1-31106F77D0BC}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{6B728555-3EBE-4C40-A96A-9B65622C1E52}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{6DE437F1-77BF-4981-A7BB-6EE2033F9C0C}C:\users\meilo\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\meilo\appdata\local\akamai\netsession_win.exe |
"UDP Query User{70EE5573-440C-45E8-AFEC-F7FF6FC63F7C}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{912FCD13-50CD-472D-947E-9C6E55130F87}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{95078902-FD44-4656-8791-70ED57A60EA8}C:\users\meilo\appdata\local\iw4m\iw4m.dat" = protocol=17 | dir=in | app=c:\users\meilo\appdata\local\iw4m\iw4m.dat |
"UDP Query User{95086DA7-7C52-400F-890A-58D5057D11B3}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{964CE7D0-CC70-4A96-AD57-5C9AB2BBCF50}C:\users\meilo\appdata\local\virtualstore\program files\metin2 singapore\metin2.bin" = protocol=17 | dir=in | app=c:\users\meilo\appdata\local\virtualstore\program files\metin2 singapore\metin2.bin |
"UDP Query User{DD0F2D2C-0FB9-4E56-88D3-0A4E714C38B1}C:\users\meilo\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\meilo\appdata\local\akamai\netsession_win.exe |
"UDP Query User{FC0A3FC9-60C4-4B2B-B95B-4ED969A14D47}C:\users\meilo\desktop\artimys2 - client\artimys2 starter.exe" = protocol=17 | dir=in | app=c:\users\meilo\desktop\artimys2 - client\artimys2 starter.exe |
"UDP Query User{FFE8E670-2CFD-45A9-9168-E660A86BA7DF}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0634960F-1E4E-DC4B-1DB5-F2F08876ACF4}" = Catalyst Control Center Localization All
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A1651F1-7E0F-4613-93FE-967F5BC3C1B7}" = Windows Live Remote Service Resources
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources
"{212C88D2-4552-2D93-B7A3-4E1F2AF6A8C2}" = CCC Help Swedish
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{255CCFF0-B271-4CAD-6635-495C1DCC6BB3}" = ccc-utility
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BC3B1A5-30E3-4DDB-BE08-E7262B838B5F}" = Windows Live Remote Client Resources
"{3BFB2388-64EE-4AAA-9235-5FE725FED6DE}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F8095EB-53CD-9F17-820D-4898EC1A9FE8}" = CCC Help Japanese
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{586647DB-C4AC-6691-FD95-9A1B3B603502}" = ATI Catalyst Install Manager
"{5C8BC258-A629-4DF2-97D0-E106C2A9B1BD}" = Windows Live Remote Client Resources
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{66B0B400-22AB-47E6-8673-38A5D37F6331}" = Windows Live Remote Client Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B0A2ECE-E4C6-4BA3-AE9D-8B827F03B992}" = Windows Live UX Platform Language Pack
"{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6BE7495E-8DF1-11E1-BB7D-F04DA23A5C58}" = Vegas Pro 11.0
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7189F66A-1560-1573-05C9-DE53613AEA1A}" = Versandhelfer
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77B7AA9B-EF4A-8796-8A83-CE56DD76ECA8}" = CCC Help Norwegian
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82EE333F-45A9-4585-A5D9-31FE16B7FB25}" = Windows Live Remote Service Resources
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{898214AC-F58D-D2EB-5E00-6A46608E06A4}" = ccc-core-static
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92416F19-9B58-841E-463C-A152825838C0}" = CCC Help Spanish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97C79033-A7C5-34E8-9E01-EB1FD751D358}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A4C16B19-10AA-4990-AA87-D14F653E3345}" = Windows Live Remote Client Resources
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9ABC0A6-DC01-4102-BEC9-86974A73B214}" = Windows Live Remote Client Resources
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.0 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B38FD782-EE99-9FA8-CBFC-009F3D89F5D8}" = CCC Help Italian
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B74B7AA4-6A82-9DE4-9DA0-3B1D13D447E4}" = Catalyst Control Center InstallProxy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C0E743EE-0C91-1C11-2D6B-C4C403C49725}" = CCC Help German
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3ADBF61-28D8-C4AA-BA9D-06BFAC717428}" = CCC Help French
"{C4E7704D-5AFB-44CA-B8BA-F16C8FA46D5F}" = Windows Live Remote Service Resources
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9A28461-B9AB-DFC0-56E1-851C1A7C69FE}" = CCC Help English
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD6CB7F1-1B8E-424A-9B81-F8D2F03958EC}" = Windows Live Remote Client Resources
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D24A09D2-3CF5-619E-9FB1-3479B9E51F66}" = Catalyst Control Center Graphics Previews Vista
"{D378BEA1-912E-4827-B9DB-D3B2C3D0BD4A}" = Windows Live Remote Service Resources
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEDF8BAB-98D7-4CFA-9C42-27431EC4BD1F}" = Windows Live Remote Service Resources
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E25F1ECC-3A4E-9FBF-CA0D-86E499CFB242}" = CCC Help Dutch
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E7FB0043-24A5-4B30-AED6-01B47B44CB67}" = Windows Live Remote Client Resources
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EDF74FF5-A6B0-7C7C-2234-0EC90D72C644}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F2F7D8E1-03A2-11E1-AA2E-F04DA23A5C58}" = MSVCRT Redists
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F81DB83D-A016-45A6-A6A0-135B1E6939EF}" = Windows Live Remote Service Resources
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas
"Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Metin2_is1" = Metin2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlue 3D Explosions for Vegas" = NewBlue 3D Explosions for Vegas
"NewBlue 3D Transformations for Vegas" = NewBlue 3D Transformations for Vegas
"NewBlue Art Blends" = NewBlue Art Blends
"NewBlue Art Effects" = NewBlue Art Effects
"NewBlue Cartoonr for Vegas" = NewBlue Cartoonr for Vegas
"NewBlue Film Effects for Vegas" = NewBlue Film Effects for Vegas
"NewBlue Motion Blends" = NewBlue Motion Blends
"NewBlue Motion Effects" = NewBlue Motion Effects
"Notepad++" = Notepad++
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-375966446-2734493509-1640836784-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.04.2013 11:49:40 | Computer Name = Meilo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0x12bc Startzeit der fehlerhaften Anwendung: 0x01ce3c4c095ae40f Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 94211b7c-a83f-11e2-bf9c-6c626d9211e5
< End of report >
|
|
19.04.2013, 00:09
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Proxy-Server ProblemFixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\..\SearchScopes\{0DBB675E-5797-4438-A2F4-CF36EA088854}: "URL" = http://www.mysearchresults.com/search?&c=4003&t=10&q={searchTerms}
IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\..\SearchScopes\{5E1C4034-45D4-440D-AB96-64F47D6D1CF5}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=08a43a93-d9be-4772-a2b4-46b4aea34962&apn_sauid=93374EFD-6DBE-4115-ACF3-9B334012E9F1
IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\..\SearchScopes\{D28B64A2-C80B-4D3D-AD6D-99DCFFD208C9}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-375966446-2734493509-1640836784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:80
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2013, 11:42
| #26 |
| | Proxy-Server ProblemCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-375966446-2734493509-1640836784-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0DBB675E-5797-4438-A2F4-CF36EA088854}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DBB675E-5797-4438-A2F4-CF36EA088854}\ not found.
Registry key HKEY_USERS\S-1-5-21-375966446-2734493509-1640836784-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5E1C4034-45D4-440D-AB96-64F47D6D1CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E1C4034-45D4-440D-AB96-64F47D6D1CF5}\ not found.
Registry key HKEY_USERS\S-1-5-21-375966446-2734493509-1640836784-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D28B64A2-C80B-4D3D-AD6D-99DCFFD208C9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D28B64A2-C80B-4D3D-AD6D-99DCFFD208C9}\ not found.
HKU\S-1-5-21-375966446-2734493509-1640836784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-375966446-2734493509-1640836784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Meilo\Desktop\cmd.bat deleted successfully.
C:\Users\Meilo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Meilo
->Temp folder emptied: 126793 bytes
->Temporary Internet Files folder emptied: 1321425 bytes
->Java cache emptied: 2032543 bytes
->FireFox cache emptied: 33457222 bytes
->Google Chrome cache emptied: 6275082 bytes
->Flash cache emptied: 45434 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68841 bytes
RecycleBin emptied: 1374176545 bytes
Total Files Cleaned = 1.352,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 04192013_123720
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
19.04.2013, 15:10
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Proxy-Server Problem Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2013, 20:16
| #28 |
| | Proxy-Server Problem Malware: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.19.07 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Meilo :: MEILO-PC [Administrator] 19.04.2013 21:04:24 mbam-log-2013-04-19 (21-04-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206540 Laufzeit: 11 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8d881e149f84df48a058c7ccb0828808
# engine=13657
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-19 09:46:55
# local_time=2013-04-19 11:46:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1285 16777213 100 100 11360 62731965 0 0
# compatibility_mode=5893 16776573 100 94 39858 118039206 0 0
# scanned=231089
# found=0
# cleaned=0
# scan_time=9163
|
|
20.04.2013, 17:02
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Proxy-Server Problem Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.04.2013, 19:38
| #30 |
| | Proxy-Server Problem Ich werde mir mal CookieCuller holen Und mein Computer stürzt manchmal einfach ab das stört mich jetzt nicht so aber wäre schön wenn es weg ist ich glaube aber nich das es an einem virus liegt Mehr kann ich dazu nicht sagen |
|
| Themen zu Proxy-Server Problem |
| block, blockt, eigefangen, folge, folgendes, freue, glaube, guten, liebe, logfiles, proble, problem, proxy-server, pup.gameplaylab, pup.software.updater, troja, trojan.downloader, trojaner-board, virus, worm.blackshades, würde, ähnliches |
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
