TR/Crypt.XPACK.Gen auf Laptop gefunden. Wie entfernen?

chris89mk · 04.06.2013, 01:27

Hallo TrojanerBoard Team

habe wie auch auch Shanti7 http://www.trojaner-board.de/135946-...entfernen.html

TR/Crypt.XPack.Gen auf meinem Laptop.

Ca. alle 5-10 Sekunden popen die Fehlerhinweise

Zitat:

Shell.exe - Komponente nicht gefunden

und danach

Zitat:

macromedia.exe - Komponente nicht gefunden

auf.

In beiden Fehlermeldung heißt es folglich:

Zitat:

Die Anwendung konnte nicht gestartet werden, weil usft_ext.dll nicht gefunden wurde. Neuinstallation der Anwendung könnte das Problem beheben.

Auf Rat des Teammitglieds Markusg habe ich einen OTL scan durchgeführt und die Avira Ereignisse ausgelesen. (nächster post)

Zudem sollte ich vielleicht noch anfügen, dass ich absoluter Pc/Laptop Laie bin.

Danke schon mal für die Hilfe
Chris

Hier die Avira Ergebnisse:

Code:

ATTFilter

xportierte Ereignisse:

03.06.2013 23:42 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Christopher\AppData\Roaming\WindowsFiless\usft_ext.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

03.06.2013 23:40 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Christopher\AppData\Roaming\-1036471146\sidebar.exe'
      wurde ein Virus oder unerwünschtes Programm 'BDS/Androm.tzg' [backdoor] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

03.06.2013 23:40 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Christopher\AppData\Roaming\-1036471146\sidebar.exe'
      wurde ein Virus oder unerwünschtes Programm 'BDS/Androm.tzg' [backdoor] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

03.06.2013 23:40 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Christopher\AppData\Roaming\-1036471146\sidebar.exe'
      wurde ein Virus oder unerwünschtes Programm 'BDS/Androm.tzg' [backdoor] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

03.06.2013 23:39 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Christopher\AppData\Roaming\ie_util.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bgtk' 
      [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5595998b.qua' 
      verschoben!

03.06.2013 23:37 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Christopher\AppData\Roaming\-1036471146\sidebar.exe'
      wurde ein Virus oder unerwünschtes Programm 'BDS/Androm.tzg' [backdoor] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

03.06.2013 23:36 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Christopher\AppData\Roaming\-1036471146\sidebar.exe'
      wurde ein Virus oder unerwünschtes Programm 'BDS/Androm.tzg' [backdoor] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

und die Ergebnisse des OTL Scans:

Code:

ATTFilter

TL logfile created on: 04.06.2013 01:37:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christopher\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 54,32% Memory free
8,13 Gb Paging File | 6,16 Gb Available in Paging File | 75,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 46,29 Gb Free Space | 16,33% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 6,28 Gb Free Space | 42,84% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTOPHER-PC | User Name: Christopher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christopher\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Users\Christopher\AppData\Roaming\Mala\kyofy.exe (Sysinternals)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Christopher\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Users\Christopher\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (msvsmon90) -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe ()
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\DRIVERS\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\DRIVERS\BrUsbSIb.sys (Brother Industries Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files (x86)\myBabylon_English4\tbmyBa.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=hp&installDate={installDate}
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\URLSearchHook: {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files (x86)\myBabylon_English4\tbmyBa.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: FF_AddOn%40viewtubes.de:3.2.0
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.4
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&installDate={installDate}&q="
FF - prefs.js..network.proxy.autoconfig_url: "chrome://viewtubes/content/viewtubes_false.pac"
FF - prefs.js..network.proxy.type: 2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@graphisoft.com/GDL Web Plug-in: C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Christopher\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.20 17:34:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.20 20:09:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.25 00:25:50 | 000,000,000 | ---D | M]
 
[2010.08.20 12:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Extensions
[2013.06.01 13:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\v2ag0v2z.default\extensions
[2012.08.29 19:42:01 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\v2ag0v2z.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}(171)
[2013.04.06 17:05:02 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\v2ag0v2z.default\extensions\ich@maltegoetz.de
[2012.10.11 21:33:09 | 000,012,042 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\FF_AddOn@viewtubes.de.xpi
[2013.04.23 22:59:34 | 000,050,424 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.06.01 13:45:55 | 000,004,503 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.04.22 11:43:09 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.12.24 02:52:12 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.13 01:12:47 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.22 11:47:21 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2010.09.29 16:34:10 | 000,000,873 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\searchplugins\conduit.xml
[2013.03.07 23:44:01 | 000,021,695 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\searchplugins\Web Search.xml
[2013.05.25 00:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.25 00:25:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.25 00:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.25 00:25:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2012.02.23 01:43:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Live Search ()
CHR - default_search_provider: search_url = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2013.05.08 14:32:50 | 000,001,367 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 130.83.168.11 zeus-1
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (myBabylon English4 Toolbar) - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files (x86)\myBabylon_English4\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (myBabylon English4 Toolbar) - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files (x86)\myBabylon_English4\tbmyBa.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found.
O3 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\Toolbar\WebBrowser: (myBabylon English4 Toolbar) - {FC600575-3013-4E8E-941C-4B00DAFCE730} - C:\Program Files (x86)\myBabylon_English4\tbmyBa.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [brah] C:\Users\Christopher\AppData\Roaming\brah\sit.bat ()
O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [GameShadow] C:\Program Files (x86)\GameShadow\GameShadow.exe /q File not found
O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [goze.exe] C:\Users\Christopher\AppData\Roaming\Weiny\goze.exe File not found
O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [ICQ] "C:\Program Files (x86)\ICQ6.5\ICQ.exe" silent File not found
O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [Qilocyebo] C:\Users\Christopher\AppData\Roaming\Mala\kyofy.exe (Sysinternals)
O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [Spotify Web Helper] C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = C:\Users\Christopher\AppData\Roaming\WindowsFiless\usft_ext.exe.vbs ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F80C0622-229D-4773-9137-4F421C7402EA}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.05.18 21:34:37 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{591147f0-0f6a-11e1-80b2-a7d187efc6e1}\Shell - "" = AutoRun
O33 - MountPoints2\{591147f0-0f6a-11e1-80b2-a7d187efc6e1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6921D607-0F40-02DD-9F85-A6712BCDF973} - Themes Setup
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {94E886D0-D7C1-F1B9-F680-976461F589C3} - 
ActiveX:64bit: {C42B2696-2496-4676-5DE7-5FFC2F24D96E} - Microsoft Windows Media Player
ActiveX:64bit: {C82A66B2-51BB-E161-8B12-57F75AE95A62} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {D32B94F3-4AE7-8706-749F-C9E79E20E54A} - Microsoft Windows Media Player
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C3804DB-4145-B885-C8CA-784C8732A1F3} - Internet Explorer
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {733CF723-9022-65DA-195F-37C97E321EB7} - Themes Setup
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A21B43C-8D7D-B32F-6744-8655E8984D21} - Internet Explorer
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94DE1266-E783-ED83-0DD7-4A26C076E50D} - Microsoft Windows Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\Christopher\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
MsConfig:64bit - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MsConfig:64bit - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
MsConfig:64bit - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: SightSpeed - hkey= - key= - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.04 00:24:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe
[2013.06.03 23:36:00 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Avira
[2013.06.03 23:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.03 23:29:57 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.06.03 23:29:57 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.06.03 23:29:57 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.06.03 23:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.03 23:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.06.02 18:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox
[2013.06.02 18:37:31 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\WindowsFiless
[2013.06.02 18:33:24 | 000,000,000 | RHSD | C] -- C:\Users\Christopher\AppData\Roaming\-1036471146
[2013.06.02 18:33:19 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\brah
[2013.05.29 09:34:21 | 000,000,000 | ---D | C] -- C:\Users\Christopher\Desktop\Studie
[2013.05.27 21:06:38 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Ykowem
[2013.05.27 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Waqa
[2013.05.27 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Mala
[2013.05.25 00:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.18 21:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013.05.14 14:50:55 | 000,000,000 | ---D | C] -- C:\Users\Christopher\Desktop\Bilder Ausstellung
[2013.05.07 15:42:12 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\OpenOffice.org
[2013.05.07 15:41:36 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.05.07 15:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.05.07 15:37:35 | 000,000,000 | ---D | C] -- C:\Users\Christopher\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2013.05.07 15:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.05.07 14:41:50 | 000,000,000 | ---D | C] -- C:\Users\Christopher\Desktop\Pavillon Fellbach
[1 C:\Users\Christopher\Desktop\*.tmp files -> C:\Users\Christopher\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.04 01:21:06 | 000,000,962 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
[2013.06.04 01:19:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 01:19:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 01:19:07 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2013.06.04 01:18:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.04 01:18:53 | 4258,115,584 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.04 01:17:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.06.04 00:24:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe
[2013.06.03 23:30:12 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.03 23:25:32 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.06.03 22:56:27 | 009,084,416 | ---- | M] () -- C:\Users\Christopher\Desktop\Lageplan2.pln
[2013.06.03 22:44:22 | 009,084,416 | ---- | M] () -- C:\Users\Christopher\Desktop\Lageplan2.bpn
[2013.06.03 21:54:41 | 000,315,242 | ---- | M] () -- C:\Users\Christopher\Desktop\Lageplan2.pdf
[2013.06.02 18:45:07 | 000,000,959 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.31 17:55:19 | 000,675,222 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.31 17:55:19 | 000,635,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.31 17:55:19 | 000,119,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.31 17:55:18 | 001,568,904 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.31 17:55:18 | 000,145,858 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.30 16:52:19 | 000,274,884 | ---- | M] () -- C:\Users\Christopher\Desktop\ideepodest.skp
[2013.05.30 12:29:07 | 004,702,277 | ---- | M] () -- C:\Users\Christopher\Desktop\bamboo.dwg
[2013.05.30 12:23:42 | 002,556,038 | ---- | M] () -- C:\Users\Christopher\Desktop\bamboo3.dxf
[2013.05.30 12:17:57 | 002,229,687 | ---- | M] () -- C:\Users\Christopher\Desktop\bamboo2.dxf
[2013.05.30 12:12:57 | 000,088,141 | ---- | M] () -- C:\Users\Christopher\Desktop\bamboo.dxf
[2013.05.21 20:40:51 | 000,025,278 | ---- | M] () -- C:\Users\Christopher\Desktop\schrank.jpg
[2013.05.21 10:34:56 | 000,141,608 | ---- | M] () -- C:\Users\Christopher\Desktop\Stuttgart.wea
[2013.05.21 10:32:41 | 000,243,613 | ---- | M] () -- C:\Users\Christopher\Desktop\DEU_Stuttgart.107380_IWEC(1).zip
[2013.05.18 21:36:46 | 000,001,059 | ---- | M] () -- C:\Users\Christopher\Desktop\Ecotect Analysis 2011.lnk
[2013.05.18 21:34:23 | 053,035,316 | ---- | M] () -- C:\Users\Christopher\Desktop\Autodesk_Ecotect_Analysis_2011_English_Win_32bit_r2.exe
[2013.05.16 23:41:37 | 000,000,680 | ---- | M] () -- C:\Users\Christopher\AppData\Local\d3d9caps.dat
[2013.05.16 03:40:15 | 004,976,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.08 15:47:54 | 002,508,964 | ---- | M] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama5.jpg
[2013.05.08 15:43:34 | 002,703,584 | ---- | M] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama4.jpg
[2013.05.08 15:39:04 | 002,711,193 | ---- | M] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama2.jpg
[2013.05.08 15:36:58 | 002,435,373 | ---- | M] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama3.jpg
[2013.05.08 15:10:48 | 000,112,128 | ---- | M] () -- C:\Users\Christopher\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.08 14:34:17 | 000,001,422 | ---- | M] () -- C:\Users\Christopher\Desktop\Fachgebiet - Verknüpfung.lnk
[2013.05.08 08:54:38 | 004,528,412 | ---- | M] () -- C:\Users\Christopher\Desktop\KELLER_TechnProspekt_mw_2013.pdf
[2013.05.08 08:50:37 | 000,765,816 | ---- | M] () -- C:\Users\Christopher\Desktop\Technisches_Datenblatt_MW4__De.pdf
[2013.05.08 08:50:30 | 001,264,640 | ---- | M] () -- C:\Users\Christopher\Desktop\Technisches_Datenblatt_MW_De_01.pdf
[2013.05.08 08:46:48 | 000,652,997 | ---- | M] () -- C:\Users\Christopher\Desktop\Minimal Window 3.jpg
[2013.05.08 08:45:32 | 000,561,859 | ---- | M] () -- C:\Users\Christopher\Desktop\Minimal Window 2.jpg
[2013.05.08 08:43:59 | 000,746,393 | ---- | M] () -- C:\Users\Christopher\Desktop\Minimal Window 1.jpg
[2013.05.08 08:42:17 | 000,605,896 | ---- | M] () -- C:\Users\Christopher\Desktop\Minimal Window 4.jpg
[2013.05.07 17:13:57 | 000,001,850 | ---- | M] () -- C:\Users\Christopher\Desktop\P258_PaF_Pavillon Fellbach - Verknüpfung.lnk
[2013.05.07 15:42:44 | 000,001,072 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.07 15:41:37 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.07 15:37:17 | 152,249,762 | ---- | M] () -- C:\Users\Christopher\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
[2013.05.07 15:16:18 | 000,000,500 | ---- | M] () -- C:\Users\Christopher\Desktop\TUD_FB15 - Verknüpfung.lnk
[1 C:\Users\Christopher\Desktop\*.tmp files -> C:\Users\Christopher\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.03 23:30:12 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.03 21:54:33 | 000,315,242 | ---- | C] () -- C:\Users\Christopher\Desktop\Lageplan2.pdf
[2013.06.02 18:37:44 | 000,000,962 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
[2013.05.30 16:52:18 | 000,274,884 | ---- | C] () -- C:\Users\Christopher\Desktop\ideepodest.skp
[2013.05.30 12:28:03 | 004,702,277 | ---- | C] () -- C:\Users\Christopher\Desktop\bamboo.dwg
[2013.05.30 12:23:42 | 002,556,038 | ---- | C] () -- C:\Users\Christopher\Desktop\bamboo3.dxf
[2013.05.30 12:17:57 | 002,229,687 | ---- | C] () -- C:\Users\Christopher\Desktop\bamboo2.dxf
[2013.05.30 12:12:57 | 000,088,141 | ---- | C] () -- C:\Users\Christopher\Desktop\bamboo.dxf
[2013.05.22 20:11:47 | 009,084,416 | ---- | C] () -- C:\Users\Christopher\Desktop\Lageplan2.pln
[2013.05.22 20:11:47 | 009,084,416 | ---- | C] () -- C:\Users\Christopher\Desktop\Lageplan2.bpn
[2013.05.21 20:41:06 | 000,025,278 | ---- | C] () -- C:\Users\Christopher\Desktop\schrank.jpg
[2013.05.21 10:34:56 | 000,141,608 | ---- | C] () -- C:\Users\Christopher\Desktop\Stuttgart.wea
[2013.05.21 10:32:41 | 000,243,613 | ---- | C] () -- C:\Users\Christopher\Desktop\DEU_Stuttgart.107380_IWEC(1).zip
[2013.05.18 21:36:46 | 000,001,059 | ---- | C] () -- C:\Users\Christopher\Desktop\Ecotect Analysis 2011.lnk
[2013.05.18 21:34:22 | 053,035,316 | ---- | C] () -- C:\Users\Christopher\Desktop\Autodesk_Ecotect_Analysis_2011_English_Win_32bit_r2.exe
[2013.05.08 15:46:57 | 002,508,964 | ---- | C] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama5.jpg
[2013.05.08 15:42:51 | 002,703,584 | ---- | C] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama4.jpg
[2013.05.08 15:37:38 | 002,711,193 | ---- | C] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama2.jpg
[2013.05.08 15:32:50 | 002,435,373 | ---- | C] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama3.jpg
[2013.05.08 14:34:17 | 000,001,422 | ---- | C] () -- C:\Users\Christopher\Desktop\Fachgebiet - Verknüpfung.lnk
[2013.05.08 08:54:35 | 004,528,412 | ---- | C] () -- C:\Users\Christopher\Desktop\KELLER_TechnProspekt_mw_2013.pdf
[2013.05.08 08:50:36 | 000,765,816 | ---- | C] () -- C:\Users\Christopher\Desktop\Technisches_Datenblatt_MW4__De.pdf
[2013.05.08 08:50:29 | 001,264,640 | ---- | C] () -- C:\Users\Christopher\Desktop\Technisches_Datenblatt_MW_De_01.pdf
[2013.05.08 08:48:40 | 000,605,896 | ---- | C] () -- C:\Users\Christopher\Desktop\Minimal Window 4.jpg
[2013.05.08 08:46:57 | 000,652,997 | ---- | C] () -- C:\Users\Christopher\Desktop\Minimal Window 3.jpg
[2013.05.08 08:45:53 | 000,561,859 | ---- | C] () -- C:\Users\Christopher\Desktop\Minimal Window 2.jpg
[2013.05.08 08:45:22 | 000,746,393 | ---- | C] () -- C:\Users\Christopher\Desktop\Minimal Window 1.jpg
[2013.05.07 17:13:56 | 000,001,850 | ---- | C] () -- C:\Users\Christopher\Desktop\P258_PaF_Pavillon Fellbach - Verknüpfung.lnk
[2013.05.07 15:42:44 | 000,001,072 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.07 15:41:37 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.07 15:37:13 | 152,249,762 | ---- | C] () -- C:\Users\Christopher\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
[2013.05.07 15:16:18 | 000,000,500 | ---- | C] () -- C:\Users\Christopher\Desktop\TUD_FB15 - Verknüpfung.lnk
[2013.05.07 14:48:41 | 000,001,815 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2013.01.20 20:16:31 | 000,126,056 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.12.06 18:25:05 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.23 23:04:35 | 000,001,456 | ---- | C] () -- C:\Users\Christopher\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.10.17 01:54:01 | 083,023,306 | ---- | C] () -- C:\ProgramData\nogolniw.pad
[2012.10.04 06:55:18 | 000,000,379 | ---- | C] () -- C:\Users\Christopher\Dokumente - Verknüpfung.lnk
[2012.05.15 02:45:00 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.05.15 02:45:00 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.05.15 02:44:11 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.05.15 02:44:11 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.05.15 02:39:41 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.05.15 02:39:40 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.05.15 02:39:39 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.05.15 02:35:27 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2012.01.14 21:08:09 | 000,059,232 | ---- | C] () -- C:\Windows\SysWow64\CNC8100W.DAT
[2011.10.27 00:29:59 | 000,000,148 | ---- | C] () -- C:\Users\Christopher\.xconvrc
[2011.01.24 22:57:51 | 000,003,332 | ---- | C] () -- C:\Users\Christopher\.recently-used.xbel
[2010.11.10 03:08:34 | 000,015,893 | ---- | C] () -- C:\Users\Christopher\Layout3.2010_11_10_02_08_34.0.svg
[2010.09.18 16:56:31 | 000,000,000 | ---- | C] () -- C:\Users\Christopher\AppData\Local\PCD650.L!C
[2010.08.13 21:09:27 | 002,696,192 | ---- | C] () -- C:\Users\Christopher\softonic-Deutsch.exe
[2010.08.13 21:09:05 | 000,260,384 | ---- | C] () -- C:\Users\Christopher\SoftonicDownloader11503.exe
[2010.07.26 02:14:22 | 000,000,612 | ---- | C] () -- C:\Users\Christopher\smartkey.inf
[2010.01.21 14:46:00 | 000,004,096 | -H-- | C] () -- C:\Users\Christopher\AppData\Local\keyfile3.drm
[2009.12.03 19:32:46 | 000,016,384 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\DataSafeDotNet.exe
[2009.10.16 10:45:44 | 000,008,663 | ---- | C] () -- C:\Users\Christopher\gsview32.ini
[2009.10.11 20:44:28 | 000,000,732 | ---- | C] () -- C:\Users\Christopher\AppData\Local\d3d9caps64.dat
[2009.10.09 12:12:51 | 000,011,776 | ---- | C] () -- C:\Users\Christopher\setx.exe
[2009.10.01 23:48:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 15:27:09 | 000,000,680 | ---- | C] () -- C:\Users\Christopher\AppData\Local\d3d9caps.dat
[2009.09.17 14:23:58 | 000,000,000 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\wklnhst.dat
[2009.09.10 17:11:42 | 000,112,128 | ---- | C] () -- C:\Users\Christopher\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.03 23:41:13 | 000,000,000 | RHSD | M] -- C:\Users\Christopher\AppData\Roaming\-1036471146
[2010.11.22 20:35:29 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Autodesk
[2010.07.07 16:32:50 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Azureus
[2010.08.16 15:46:57 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Babylon
[2013.06.02 18:33:19 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\brah
[2012.02.24 17:38:26 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Canon
[2012.01.14 21:36:02 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\CD-LabelPrint
[2011.02.07 23:46:31 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.03.07 23:51:44 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\DAEMON Tools Lite
[2013.06.04 01:22:34 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Dropbox
[2011.06.08 01:38:06 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.16 15:48:50 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\FinalTorrent
[2010.11.12 22:30:46 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\FpSpellCheck
[2010.09.29 16:33:50 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\GrabPro
[2012.07.18 16:00:10 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Graphisoft
[2010.12.01 03:31:51 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\gtk-2.0
[2010.08.16 16:15:20 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\inkscape
[2013.05.27 21:06:37 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Mala
[2013.03.07 23:35:57 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\OpenCandy
[2013.05.07 15:42:12 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\OpenOffice.org
[2010.12.31 02:36:48 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Orbit
[2010.09.29 16:33:53 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\ProgSense
[2013.04.23 22:44:38 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Ritycy
[2012.03.31 12:38:36 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Samsung
[2013.06.04 01:37:15 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\SlimBrowser
[2013.05.30 17:34:04 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Spotify
[2011.01.29 14:11:14 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009.09.17 14:24:42 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Template
[2013.03.07 23:37:34 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\TuneUp Software
[2013.06.04 00:25:29 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Waqa
[2013.06.03 23:42:35 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\WindowsFiless
[2012.12.13 01:40:14 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\WindSolutions
[2013.05.27 21:06:38 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Ykowem
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.16 01:27:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.09.01 17:51:59 | 000,000,000 | ---D | M] -- C:\1033
[2013.05.18 21:34:37 | 000,000,000 | ---D | M] -- C:\Autodesk
[2009.12.07 00:37:11 | 000,000,000 | -HSD | M] -- C:\boot
[2011.05.08 14:47:08 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2012.10.21 19:48:19 | 000,000,000 | ---D | M] -- C:\DELL
[2009.09.10 16:43:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.01.08 22:15:21 | 000,000,000 | ---D | M] -- C:\downloads
[2009.07.30 09:30:45 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.08.12 17:17:37 | 000,000,000 | ---D | M] -- C:\e4d0642fea7bbb6f28693a5b00
[2009.07.30 05:39:45 | 000,000,000 | ---D | M] -- C:\EFI
[2009.09.01 18:12:30 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.01.08 22:16:23 | 000,000,000 | ---D | M] -- C:\Output
[2008.01.21 05:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.05.07 15:02:55 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.06.03 23:29:56 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.06.03 23:29:56 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.09.10 16:43:57 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.09.10 16:50:12 | 000,000,000 | -HSD | M] -- C:\System Recovery
[2013.06.04 01:42:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.12.23 22:42:45 | 000,000,000 | R--D | M] -- C:\Users
[2013.05.07 15:12:39 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 17:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 17:42:03 | 000,032,516 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.16 15:46:38 | 000,000,440 | ---- | C] () -- C:\Windows\Tasks\PCConfidential.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.30 12:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.30 12:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.04.30 12:48:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009.04.30 12:48:36 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009.04.30 12:48:37 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009.04.30 12:48:36 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009.04.30 12:48:36 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009.04.30 12:48:36 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009.04.30 12:48:35 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009.04.30 12:48:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:50:16 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2013.04.05 00:09:30 | 009,738,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
< %USERPROFILE%\*.* >
[2011.01.24 22:57:51 | 000,003,332 | ---- | M] () -- C:\Users\Christopher\.recently-used.xbel
[2011.10.27 00:29:59 | 000,000,148 | ---- | M] () -- C:\Users\Christopher\.xconvrc
[2012.10.04 06:55:18 | 000,000,379 | ---- | M] () -- C:\Users\Christopher\Dokumente - Verknüpfung.lnk
[2010.08.25 13:05:48 | 000,008,663 | ---- | M] () -- C:\Users\Christopher\gsview32.ini
[2010.11.10 03:08:34 | 000,015,893 | ---- | M] () -- C:\Users\Christopher\Layout3.2010_11_10_02_08_34.0.svg
[2013.06.04 02:07:09 | 006,291,456 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat
[2013.06.04 02:07:09 | 000,262,144 | -H-- | M] () -- C:\Users\Christopher\ntuser.dat.LOG1
[2013.04.29 23:53:11 | 000,262,144 | -H-- | M] () -- C:\Users\Christopher\ntuser.dat.LOG2
[2013.02.13 06:03:25 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{290c7cb0-f2d7-11e1-a28b-a96fd8646e27}.TM.blf
[2013.02.13 06:03:25 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{290c7cb0-f2d7-11e1-a28b-a96fd8646e27}.TMContainer00000000000000000001.regtrans-ms
[2012.08.30 21:18:48 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{290c7cb0-f2d7-11e1-a28b-a96fd8646e27}.TMContainer00000000000000000002.regtrans-ms
[2012.01.10 02:43:18 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{31cdf0b4-4ce0-11e0-8be3-eb5321e98110}.TM.blf
[2012.01.10 02:43:18 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{31cdf0b4-4ce0-11e0-8be3-eb5321e98110}.TMContainer00000000000000000001.regtrans-ms
[2011.03.13 03:19:17 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{31cdf0b4-4ce0-11e0-8be3-eb5321e98110}.TMContainer00000000000000000002.regtrans-ms
[2013.04.30 03:57:29 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{3e24fe57-b139-11e2-a194-f6c4a8aa2510}.TM.blf
[2013.04.30 03:57:29 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{3e24fe57-b139-11e2-a194-f6c4a8aa2510}.TMContainer00000000000000000001.regtrans-ms
[2013.04.30 03:57:29 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{3e24fe57-b139-11e2-a194-f6c4a8aa2510}.TMContainer00000000000000000002.regtrans-ms
[2012.08.30 19:58:50 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{981eeae5-3bf3-11e1-a038-a0a33fba2728}.TM.blf
[2012.08.30 19:58:50 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{981eeae5-3bf3-11e1-a038-a0a33fba2728}.TMContainer00000000000000000001.regtrans-ms
[2012.01.11 04:38:04 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{981eeae5-3bf3-11e1-a038-a0a33fba2728}.TMContainer00000000000000000002.regtrans-ms
[2010.06.12 20:18:45 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.06.12 20:18:45 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009.09.10 17:23:46 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2011.03.10 01:48:04 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{d29554f8-776b-11df-a867-f1fa54239015}.TM.blf
[2011.03.10 01:48:04 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{d29554f8-776b-11df-a867-f1fa54239015}.TMContainer00000000000000000001.regtrans-ms
[2010.06.14 06:28:54 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{d29554f8-776b-11df-a867-f1fa54239015}.TMContainer00000000000000000002.regtrans-ms
[2013.06.04 01:17:34 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{d6cdff6b-b14b-11e2-8c3b-892b3e606052}.TM.blf
[2013.06.04 01:17:34 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{d6cdff6b-b14b-11e2-8c3b-892b3e606052}.TMContainer00000000000000000001.regtrans-ms
[2013.04.30 07:28:06 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{d6cdff6b-b14b-11e2-8c3b-892b3e606052}.TMContainer00000000000000000002.regtrans-ms
[2013.04.29 23:53:12 | 001,048,576 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c77-7701-11e2-9041-eea3ab361b8b}.TxR.0.regtrans-ms
[2013.04.29 23:53:12 | 001,048,576 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c77-7701-11e2-9041-eea3ab361b8b}.TxR.1.regtrans-ms
[2013.04.29 23:53:12 | 001,048,576 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c77-7701-11e2-9041-eea3ab361b8b}.TxR.2.regtrans-ms
[2013.04.29 23:53:12 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c77-7701-11e2-9041-eea3ab361b8b}.TxR.blf
[2013.04.29 02:21:17 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c78-7701-11e2-9041-eea3ab361b8b}.TM.blf
[2013.04.29 02:21:17 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c78-7701-11e2-9041-eea3ab361b8b}.TMContainer00000000000000000001.regtrans-ms
[2013.02.15 04:59:03 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c78-7701-11e2-9041-eea3ab361b8b}.TMContainer00000000000000000002.regtrans-ms
[2009.09.10 16:47:41 | 000,000,020 | -HS- | M] () -- C:\Users\Christopher\ntuser.ini
[2009.10.09 12:12:51 | 000,011,776 | ---- | M] () -- C:\Users\Christopher\setx.exe
[2010.10.18 02:38:06 | 000,000,612 | ---- | M] () -- C:\Users\Christopher\smartkey.inf
[2010.08.13 21:10:09 | 002,696,192 | ---- | M] () -- C:\Users\Christopher\softonic-Deutsch.exe
[2010.08.13 21:09:20 | 000,260,384 | ---- | M] () -- C:\Users\Christopher\SoftonicDownloader11503.exe
[2013.05.22 10:46:01 | 000,000,000 | ---- | M] () -- C:\Users\Christopher\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >

chris89mk · 04.06.2013, 01:32

Extras.txt :

Code:

ATTFilter

OTL Extras logfile created on: 04.06.2013 01:37:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christopher\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 54,32% Memory free
8,13 Gb Paging File | 6,16 Gb Available in Paging File | 75,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 46,29 Gb Free Space | 16,33% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 6,28 Gb Free Space | 42,84% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTOPHER-PC | User Name: Christopher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = SlimBrowserHtml] -- C:\Program Files (x86)\SlimBrowser\sbframe.exe (FlashPeak Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.scr[@ = Ecotect Script] -- C:\Program Files (x86)\Autodesk\Ecotect Analysis 2011\ScriptManager.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = SlimBrowserHtml] -- C:\Program Files (x86)\SlimBrowser\sbframe.exe (FlashPeak Inc.)
.scr [@ = Ecotect Script] -- C:\Program Files (x86)\Autodesk\Ecotect Analysis 2011\ScriptManager.exe ()
 
[HKEY_USERS\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\SlimBrowser\sbframe.exe" -nosp -ni (FlashPeak Inc.)
https [open] -- "C:\Program Files (x86)\SlimBrowser\sbframe.exe" -nosp -ni (FlashPeak Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\SlimBrowser\sbframe.exe" -nosp -ni (FlashPeak Inc.)
https [open] -- "C:\Program Files (x86)\SlimBrowser\sbframe.exe" -nosp -ni (FlashPeak Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = EB 10 3A B5 C4 76 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3245422325-1982515113-604505586-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6A3B0B2-F478-45F9-87B9-C937707AA6E1}" = protocol=17 | dir=in | app=c:\users\christopher\appdata\roaming\spotify\spotify.exe | 
"{E774926B-4E56-48C3-84A8-76C636401ECB}" = protocol=6 | dir=in | app=c:\users\christopher\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{080831C4-1CE8-45CF-862F-67821FAD5667}C:\program files\graphisoft\archicad 16\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 16\archicad.exe | 
"TCP Query User{0F1C56EC-8887-4680-9E8D-853104FD4932}C:\program files\graphisoft\archicad 16\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 16\archicad.exe | 
"TCP Query User{6830D167-6CDD-45F3-8332-952B0EE5D4F0}C:\program files\graphisoft\archicad 13\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 13\archicad.exe | 
"TCP Query User{B089D5AD-A1BF-4CA2-8001-64B4757A71C5}C:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe | 
"TCP Query User{BEE86E86-9111-4052-8110-F8D8582554AA}C:\users\christopher\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\christopher\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C6430D24-A910-46B5-98C9-0CBFDF163261}C:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe | 
"UDP Query User{303D64B8-7105-4E64-9D58-674D9D337850}C:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe | 
"UDP Query User{3C48E5D0-F39F-46FA-BC8B-2288FEC4CFBB}C:\program files\graphisoft\archicad 16\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 16\archicad.exe | 
"UDP Query User{5C826AD3-B67C-42E1-A347-3F0F5587FE42}C:\program files\graphisoft\archicad 13\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 13\archicad.exe | 
"UDP Query User{8012BA7D-50A2-4EC5-B522-22051784C297}C:\program files\graphisoft\archicad 16\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 16\archicad.exe | 
"UDP Query User{84B9BB7C-E269-436C-83BC-FF82286E9FC9}C:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe | 
"UDP Query User{A5EF2757-EFA8-4733-8AF6-E9C7777508DB}C:\users\christopher\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\christopher\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series" = Canon MG8100 series MP Drivers
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{261F2A97-EF19-44F7-8040-78DC574CD22A}" = Intel(R) PROSet/Wireless WiFi-Software
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.6600
"{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{E87F997C-3E93-6DAD-1AE6-619002BA9623}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"001FFF2FFF13FF00FF0201F00F02F000-R1" = ArchiCAD 13 GER
"001FFF2FFF16FF00FF0201F01F02F000-R1" = ArchiCAD 16 GER
"Creative OA008" = Integrated Webcam Driver (1.04.01.0601)  
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"ProInst" = Intel PROSet Wireless
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CE69E03-1021-EB74-0836-C706CADC213A}" = Catalyst Control Center Localization Korean
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{15F7FA6D-8FC5-08FD-2727-8AE6811A2A0D}" = CCC Help Russian
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{180BEABD-453E-4047-96B4-4F86EE605589}" = CCC Help Danish
"{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light
"{184BF682-537C-4CAE-8789-6696508A4032}" = Brother MFL-Pro Suite MFC-5895CW
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1E5196FA-47EF-F0C7-847B-960F3349E9B5}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2094F083-B28B-AFFD-4075-49E803BE17B7}" = CCC Help Italian
"{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23467AA2-058A-1064-40C5-E0E0533C2D7D}" = Catalyst Control Center Localization French
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26B29DE2-7759-F8BB-FB10-98142B343C8C}" = CCC Help Korean
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{3945F4B5-0FAD-38E3-B39B-2F497550C847}" = CCC Help French
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8
"{3F6107B9-D211-EBCC-EA41-BD2FAC156A23}" = Catalyst Control Center Localization Japanese
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586DD9D2-09B2-D1DB-AD2A-95194A771C49}" = CCC Help Dutch
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C16A05F-C202-578A-108C-AFA4D9167CCC}" = Catalyst Control Center Localization Spanish
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6C6D7326-770A-812B-B104-442F71A826F8}" = Catalyst Control Center Localization Russian
"{6EA1C352-4D16-5A9F-7751-D7AE08AA7F63}" = Catalyst Control Center Localization Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74622EDD-7879-3185-976D-A6098420D889}" = CCC Help Portuguese
"{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English
"{76C4BA9A-BFA5-151D-8A39-AA0E74041F83}" = Catalyst Control Center Localization Danish
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing
"{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7CDF0744-7A0D-961B-3695-49756E822FC4}" = Catalyst Control Center Localization Swedish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{8247BD1D-C258-DBEE-3225-B9F0214763AB}" = CCC Help Japanese
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B820540-400F-4F11-976E-4ADE5C1AAB88}_is1" = Autodesk Ecotect Analysis 2011
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92491D2C-D9E9-5FDD-64CD-82D5688872A9}" = Catalyst Control Center Localization Italian
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9EF77B2D-FF26-9237-BBAB-127110FD65CC}" = Catalyst Control Center Localization Portuguese
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACB08AF2-DFE9-C179-8BC9-E3209F3EBC28}" = CCC Help Chinese Traditional
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common
"{C34482B5-C041-49B9-9BFB-4AEF839C86DC}" = Autodesk Ecotect Shared Components
"{C5D85C24-A56B-6954-77F1-B25A4B4E7B52}" = CCC Help Spanish
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8C5CE76-860E-B5FA-27EA-C52C74DDBD2D}" = Catalyst Control Center Localization Finnish
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy
"{D071B7C5-07A2-D000-05B8-2DE6A63249D9}" = Catalyst Control Center Localization Norwegian
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2D3882A-3624-2963-EA08-27589DBCEF8A}" = CCC Help Norwegian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8E8C42E-E817-C7DA-1A81-BFD8388B4014}" = CCC Help Swedish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EFD537AE-0530-8887-DC9C-433E113547D7}" = Catalyst Control Center Localization Chinese Standard
"{F081ED08-77AE-8019-D554-904EF4F88FC1}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F133ACD4-CFCF-BADD-4AC5-9408E2E7FD74}" = Catalyst Control Center Localization Dutch
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"001FFF1FFF13FF00FF0201F00F02F000-R1" = ArchiCAD 13 GER (x86)
"039FFF1FFF13FF00FF0201F00F02F000-R1" = Google Earth Connections AC13 GER (x86)
"063FFFFFFF13FF00FF0201F00F02F000-R1" = 3DStudio Import 13 GER (x86)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Akamai" = Akamai NetSession Interface Service
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MG8100 series Benutzerregistrierung" = Canon MG8100 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FPSpellCheck" = FPSpellCheck (remove only)
"Free YouTube Download_is1" = Free YouTube Download version 2.10.36.517
"Freeze Wallpaper" = Freeze Wallpaper
"GSview 4.7" = GSview 4.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MeshLab" = MeshLab 1.3.1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"myBabylon_English4 Toolbar" = myBabylon_English4 Toolbar
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.0.6 for Windows
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.2.0 for Windows Vista
"SlimBrowser" = FlashPeak SlimBrowser
"Smilies" = Smilies
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SqrSoftACF" = SqrSoft® Advanced Crossfading (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Card Manager" = Card Manager
"Dropbox" = Dropbox
"JNLP" = JNLP
"Move Media Player" = Move Media Player
"pdfsam" = pdfsam
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2013 19:37:08 | Computer Name = Christopher-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung macromedia.exe, Version 7.0.13047.0, Zeitstempel
 0x5175e297, fehlerhaftes Modul usft_ext.dll, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e39f, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,  Prozess-ID 0x58c, 
Anwendungsstartzeit 01ce60b342228c70.
 
Error - 03.06.2013 19:37:18 | Computer Name = Christopher-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung shell.exe, Version 7.0.13047.0, Zeitstempel 
0x5175e297, fehlerhaftes Modul usft_ext.dll, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e39f, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,  Prozess-ID 0x114c,
 Anwendungsstartzeit 01ce60b34843d2d0.
 
Error - 03.06.2013 19:37:24 | Computer Name = Christopher-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1528  Anfangszeit: 01ce60b32b517420  Zeitpunkt der Beendigung:
 15
 
Error - 03.06.2013 19:37:27 | Computer Name = Christopher-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung macromedia.exe, Version 7.0.13047.0, Zeitstempel
 0x5175e297, fehlerhaftes Modul usft_ext.dll, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e39f, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,  Prozess-ID 0x16b8,
 Anwendungsstartzeit 01ce60b34e595960.
 
Error - 03.06.2013 19:37:38 | Computer Name = Christopher-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung shell.exe, Version 7.0.13047.0, Zeitstempel 
0x5175e297, fehlerhaftes Modul usft_ext.dll, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e39f, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,  Prozess-ID 0x1550,
 Anwendungsstartzeit 01ce60b3546b4610.
 
Error - 03.06.2013 19:41:53 | Computer Name = Christopher-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 03.06.2013 19:41:53 | Computer Name = Christopher-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 03.06.2013 19:55:54 | Computer Name = Christopher-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung macromedia.exe, Version 7.0.13047.0, Zeitstempel
 0x5175e297, fehlerhaftes Modul usft_ext.dll, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e39f, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,  Prozess-ID 0x8ac, 
Anwendungsstartzeit 01ce60b35a827a50.
 
Error - 03.06.2013 19:55:55 | Computer Name = Christopher-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung shell.exe, Version 7.0.13047.0, Zeitstempel 
0x5175e297, fehlerhaftes Modul usft_ext.dll, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e39f, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,  Prozess-ID 0x1274,
 Anwendungsstartzeit 01ce60b36090fc00.
 
Error - 03.06.2013 19:56:47 | Computer Name = Christopher-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung shell.exe, Version 7.0.13047.0, Zeitstempel 
0x5175e297, fehlerhaftes Modul usft_ext.dll, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e39f, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,  Prozess-ID 0x1328,
 Anwendungsstartzeit 01ce60b5ff2939c0.
 
[ OSession Events ]
Error - 24.07.2011 12:06:01 | Computer Name = Christopher-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.06.2013 17:49:26 | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 03.06.2013 17:49:30 | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.06.2013 17:50:00 | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 03.06.2013 17:50:00 | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.06.2013 17:51:16 | Computer Name = Christopher-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.06.2013 17:51:48 | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 03.06.2013 19:20:40 | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.06.2013 19:20:40 | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 03.06.2013 19:21:20 | Computer Name = Christopher-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{F80C0622-229D-4773-9137-4F421C7402EA}" kann nicht
 zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 03.06.2013 19:22:46 | Computer Name = Christopher-PC | Source = Service Control Manager | ID = 7009
Description = 
 
 
< End of report >

markusg · 04.06.2013, 10:07

Hi,

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = C:\Users\Christopher\AppData\Roaming\WindowsFiless\usft_ext.exe.vbs
()
O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [Qilocyebo] C:\Users\Christopher\AppData\Roaming\Mala\kyofy.exe (Sysinternals)
O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [brah] C:\Users\Christopher\AppData\Roaming\brah\sit.bat ()
[2013.06.02 18:37:31 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\WindowsFiless
[2013.06.02 18:33:24 | 000,000,000 | RHSD | C] -- C:\Users\Christopher\AppData\Roaming\-1036471146
[2013.05.27 21:06:38 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Ykowem
[2013.05.27 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Waqa
[2013.05.27 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Mala
:files
C:\Users\Christopher\AppData\Roaming\Mala
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

chris89mk · 04.06.2013, 22:25

Hab den OTL mit Fix laufen lassen.

Nach ca.15 Minuten, kam eine Meldung, dass der Prozess abgebrochen wurde.
Dann hat der Laptop neu gestartet.

Bei dem Versuch den OTL ein weiteres mal durchlaufen zu lassen popte sofort folgende txt Datei auf:

Zitat:

Files\Folders moved on Reboot...
C:\Users\Christopher\AppData\Roaming\WindowsFiless folder moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Sollte das so?

MovedFiles sind nun auch hochgeladen.

markusg · 05.06.2013, 00:22

upload hat geklappt.
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

chris89mk · 06.06.2013, 16:54

Hier die Der Inhalt der TDSSKILLER logfilfe:

Zitat:

17:49:33.0626 5564 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:49:33.0750 5564 ============================================================
17:49:33.0750 5564 Current date / time: 2013/06/06 17:49:33.0750
17:49:33.0750 5564 SystemInfo:
17:49:33.0750 5564
17:49:33.0750 5564 OS Version: 6.0.6002 ServicePack: 2.0
17:49:33.0750 5564 Product type: Workstation
17:49:33.0750 5564 ComputerName: CHRISTOPHER-PC
17:49:33.0750 5564 UserName: Christopher
17:49:33.0750 5564 Windows directory: C:\Windows
17:49:33.0750 5564 System windows directory: C:\Windows
17:49:33.0750 5564 Running under WOW64
17:49:33.0750 5564 Processor architecture: Intel x64
17:49:33.0750 5564 Number of processors: 2
17:49:33.0750 5564 Page size: 0x1000
17:49:33.0750 5564 Boot type: Normal boot
17:49:33.0750 5564 ============================================================
17:49:35.0326 5564 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:49:35.0342 5564 ============================================================
17:49:35.0342 5564 \Device\Harddisk0\DR0:
17:49:35.0342 5564 MBR partitions:
17:49:35.0342 5564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
17:49:35.0342 5564 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB
17:49:35.0342 5564 ============================================================
17:49:35.0373 5564 C: <-> \Device\Harddisk0\DR0\Partition2
17:49:35.0388 5564 D: <-> \Device\Harddisk0\DR0\Partition1
17:49:35.0388 5564 ============================================================
17:49:35.0388 5564 Initialize success
17:49:35.0388 5564 ============================================================
17:49:42.0399 0532 ============================================================
17:49:42.0399 0532 Scan started
17:49:42.0399 0532 Mode: Manual; SigCheck; TDLFS;
17:49:42.0399 0532 ============================================================
17:49:45.0257 0532 ================ Scan system memory ========================
17:49:45.0257 0532 System memory - ok
17:49:45.0257 0532 ================ Scan services =============================
17:49:45.0491 0532 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:49:45.0662 0532 ACPI - ok
17:49:45.0803 0532 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:49:45.0818 0532 AdobeARMservice - ok
17:49:45.0896 0532 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:49:45.0943 0532 adp94xx - ok
17:49:45.0974 0532 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:49:46.0021 0532 adpahci - ok
17:49:46.0068 0532 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:49:46.0099 0532 adpu160m - ok
17:49:46.0115 0532 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:49:46.0130 0532 adpu320 - ok
17:49:46.0177 0532 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:49:46.0364 0532 AeLookupSvc - ok
17:49:46.0474 0532 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
17:49:46.0552 0532 AESTFilters - ok
17:49:46.0630 0532 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
17:49:46.0723 0532 AFD - ok
17:49:46.0786 0532 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:49:46.0817 0532 agp440 - ok
17:49:46.0895 0532 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:49:46.0910 0532 aic78xx - ok
17:49:47.0207 0532 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
17:49:47.0207 0532 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
17:49:47.0238 0532 Akamai ( HiddenFile.Multi.Generic ) - warning
17:49:47.0238 0532 Akamai - detected HiddenFile.Multi.Generic (1)
17:49:47.0285 0532 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
17:49:47.0503 0532 ALG - ok
17:49:47.0534 0532 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
17:49:47.0566 0532 aliide - ok
17:49:47.0597 0532 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
17:49:47.0612 0532 amdide - ok
17:49:47.0675 0532 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:49:47.0768 0532 AmdK8 - ok
17:49:48.0158 0532 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:49:48.0190 0532 AntiVirSchedulerService - ok
17:49:48.0299 0532 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:49:48.0361 0532 AntiVirService - ok
17:49:48.0392 0532 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
17:49:48.0470 0532 Appinfo - ok
17:49:48.0548 0532 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:49:48.0580 0532 Apple Mobile Device - ok
17:49:48.0642 0532 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
17:49:48.0658 0532 arc - ok
17:49:48.0704 0532 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:49:48.0736 0532 arcsas - ok
17:49:48.0860 0532 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:49:48.0876 0532 aspnet_state - ok
17:49:48.0985 0532 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:49:49.0126 0532 AsyncMac - ok
17:49:49.0172 0532 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
17:49:49.0189 0532 atapi - ok
17:49:49.0232 0532 [ 00DACE1D9A0DA60215022C6B1FAC1673 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
17:49:49.0372 0532 Ati External Event Utility - ok
17:49:49.0528 0532 [ CEF278088637401F07A0064B0B900A32 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:49:49.0856 0532 atikmdag - ok
17:49:49.0934 0532 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:49:50.0058 0532 AudioEndpointBuilder - ok
17:49:50.0090 0532 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:49:50.0136 0532 AudioSrv - ok
17:49:50.0230 0532 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:49:50.0261 0532 avgntflt - ok
17:49:50.0292 0532 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:49:50.0324 0532 avipbb - ok
17:49:50.0355 0532 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:49:50.0386 0532 avkmgr - ok
17:49:50.0464 0532 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
17:49:50.0589 0532 BFE - ok
17:49:50.0698 0532 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
17:49:50.0823 0532 BITS - ok
17:49:50.0885 0532 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:49:50.0916 0532 blbdrive - ok
17:49:51.0026 0532 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
17:49:51.0057 0532 Bonjour Service - ok
17:49:51.0104 0532 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:49:51.0166 0532 bowser - ok
17:49:51.0182 0532 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:49:51.0244 0532 BrFiltLo - ok
17:49:51.0275 0532 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:49:51.0322 0532 BrFiltUp - ok
17:49:51.0384 0532 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
17:49:51.0478 0532 Browser - ok
17:49:51.0540 0532 [ 6DF544E72FF139E8FBBBA6D0E569BEA5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
17:49:51.0587 0532 BrSerIb - ok
17:49:51.0618 0532 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
17:49:51.0899 0532 Brserid - ok
17:49:51.0930 0532 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:49:52.0008 0532 BrSerWdm - ok
17:49:52.0024 0532 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:49:52.0102 0532 BrUsbMdm - ok
17:49:52.0118 0532 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:49:52.0196 0532 BrUsbSer - ok
17:49:52.0227 0532 [ 80082AD46578F0D3270D2E56D6433082 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
17:49:52.0274 0532 BrUsbSIb - ok
17:49:52.0336 0532 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
17:49:52.0414 0532 BthEnum - ok
17:49:52.0476 0532 [ 72F70A38BB15252EB7C4DA7BA3BD4ED1 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:49:52.0539 0532 BTHMODEM - ok
17:49:52.0570 0532 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:49:52.0679 0532 BthPan - ok
17:49:52.0773 0532 [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
17:49:52.0866 0532 BTHPORT - ok
17:49:52.0929 0532 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
17:49:52.0991 0532 BthServ - ok
17:49:53.0022 0532 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
17:49:53.0069 0532 BTHUSB - ok
17:49:53.0116 0532 [ E2677B9234E4C31055B940B70536D377 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
17:49:53.0132 0532 btwaudio - ok
17:49:53.0178 0532 [ E59A0C091AE64063B53B9AC1294A3679 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
17:49:53.0210 0532 btwavdt - ok
17:49:53.0303 0532 [ 51342B4A550B8D6D2FCAFA5BC198E8C1 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
17:49:53.0350 0532 btwdins - ok
17:49:53.0397 0532 [ D33875CA5940F2E0ED06FB74D556E2DB ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
17:49:53.0428 0532 btwl2cap - ok
17:49:53.0444 0532 [ A465B855CEF659655DE80D012C2DE761 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
17:49:53.0459 0532 btwrchid - ok
17:49:53.0709 0532 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:49:53.0802 0532 cdfs - ok
17:49:53.0865 0532 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:49:53.0943 0532 cdrom - ok
17:49:53.0974 0532 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
17:49:54.0052 0532 CertPropSvc - ok
17:49:54.0083 0532 chlellnr - ok
17:49:54.0099 0532 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
17:49:54.0192 0532 circlass - ok
17:49:54.0239 0532 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
17:49:54.0302 0532 CLFS - ok
17:49:54.0391 0532 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:49:54.0449 0532 clr_optimization_v2.0.50727_32 - ok
17:49:54.0511 0532 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:49:54.0542 0532 clr_optimization_v2.0.50727_64 - ok
17:49:54.0652 0532 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:49:54.0667 0532 clr_optimization_v4.0.30319_32 - ok
17:49:54.0714 0532 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:49:54.0730 0532 clr_optimization_v4.0.30319_64 - ok
17:49:54.0761 0532 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:49:54.0823 0532 CmBatt - ok
17:49:54.0870 0532 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:49:54.0886 0532 cmdide - ok
17:49:54.0901 0532 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:49:54.0917 0532 Compbatt - ok
17:49:54.0917 0532 COMSysApp - ok
17:49:54.0932 0532 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:49:54.0948 0532 crcdisk - ok
17:49:55.0010 0532 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:49:55.0073 0532 CryptSvc - ok
17:49:55.0120 0532 [ 580033E37BEB30E7176CAF46D8C282F3 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:49:55.0198 0532 CtClsFlt - ok
17:49:55.0291 0532 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:49:55.0369 0532 DcomLaunch - ok
17:49:55.0416 0532 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:49:55.0478 0532 DfsC - ok
17:49:55.0790 0532 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
17:49:56.0087 0532 DFSR - ok
17:49:56.0165 0532 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:49:56.0258 0532 Dhcp - ok
17:49:56.0368 0532 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
17:49:56.0399 0532 disk - ok
17:49:56.0446 0532 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:49:56.0524 0532 Dnscache - ok
17:49:56.0602 0532 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:49:56.0633 0532 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
17:49:56.0633 0532 DockLoginService - detected UnsignedFile.Multi.Generic (1)
17:49:56.0680 0532 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
17:49:56.0758 0532 dot3svc - ok
17:49:56.0804 0532 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
17:49:56.0898 0532 DPS - ok
17:49:56.0992 0532 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:49:57.0085 0532 drmkaud - ok
17:49:57.0163 0532 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:49:57.0194 0532 dtsoftbus01 - ok
17:49:57.0272 0532 [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:49:57.0335 0532 DXGKrnl - ok
17:49:57.0397 0532 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
17:49:57.0506 0532 e1express - ok
17:49:57.0584 0532 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
17:49:57.0662 0532 E1G60 - ok
17:49:57.0865 0532 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
17:49:57.0974 0532 EapHost - ok
17:49:58.0021 0532 eavlhpxr - ok
17:49:58.0099 0532 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
17:49:58.0130 0532 Ecache - ok
17:49:58.0224 0532 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:49:58.0286 0532 ehRecvr - ok
17:49:58.0318 0532 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
17:49:58.0380 0532 ehSched - ok
17:49:58.0411 0532 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
17:49:58.0474 0532 ehstart - ok
17:49:58.0520 0532 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:49:58.0583 0532 elxstor - ok
17:49:58.0661 0532 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:49:58.0801 0532 EMDMgmt - ok
17:49:58.0832 0532 [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:49:58.0895 0532 ErrDev - ok
17:49:59.0004 0532 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
17:49:59.0144 0532 EventSystem - ok
17:49:59.0254 0532 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
17:49:59.0378 0532 exfat - ok
17:49:59.0456 0532 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:49:59.0574 0532 fastfat - ok
17:49:59.0621 0532 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:49:59.0699 0532 fdc - ok
17:49:59.0808 0532 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
17:49:59.0886 0532 fdPHost - ok
17:49:59.0949 0532 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
17:50:00.0089 0532 FDResPub - ok
17:50:00.0292 0532 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:50:00.0308 0532 FileInfo - ok
17:50:00.0339 0532 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:50:00.0401 0532 Filetrace - ok
17:50:00.0510 0532 [ D60EF46DC0E757FE5EB579DB95B88954 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:50:00.0651 0532 FLEXnet Licensing Service - ok
17:50:00.0666 0532 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:50:00.0729 0532 flpydisk - ok
17:50:00.0776 0532 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:50:00.0807 0532 FltMgr - ok
17:50:00.0900 0532 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
17:50:01.0010 0532 FontCache - ok
17:50:01.0072 0532 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:50:01.0088 0532 FontCache3.0.0.0 - ok
17:50:01.0181 0532 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:50:01.0228 0532 Fs_Rec - ok
17:50:01.0259 0532 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:50:01.0290 0532 gagp30kx - ok
17:50:01.0337 0532 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:50:01.0353 0532 GEARAspiWDM - ok
17:50:01.0400 0532 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
17:50:01.0462 0532 gpsvc - ok
17:50:01.0540 0532 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:50:01.0634 0532 HdAudAddService - ok
17:50:01.0821 0532 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:50:01.0930 0532 HDAudBus - ok
17:50:01.0961 0532 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:50:02.0055 0532 HidBth - ok
17:50:02.0086 0532 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:50:02.0180 0532 HidIr - ok
17:50:02.0211 0532 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
17:50:02.0258 0532 hidserv - ok
17:50:02.0289 0532 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:50:02.0351 0532 HidUsb - ok
17:50:02.0382 0532 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
17:50:02.0429 0532 hkmsvc - ok
17:50:02.0460 0532 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:50:02.0492 0532 HpCISSs - ok
17:50:02.0554 0532 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:50:02.0663 0532 HTTP - ok
17:50:02.0694 0532 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:50:02.0726 0532 i2omp - ok
17:50:02.0757 0532 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:50:02.0835 0532 i8042prt - ok
17:50:02.0866 0532 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:50:02.0944 0532 iaStorV - ok
17:50:03.0084 0532 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:50:03.0240 0532 idsvc - ok
17:50:03.0272 0532 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:50:03.0303 0532 iirsp - ok
17:50:03.0396 0532 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
17:50:03.0428 0532 IJPLMSVC - ok
17:50:03.0662 0532 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
17:50:03.0818 0532 IKEEXT - ok
17:50:03.0864 0532 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
17:50:03.0896 0532 intelide - ok
17:50:03.0927 0532 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:50:04.0005 0532 intelppm - ok
17:50:04.0052 0532 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:50:04.0145 0532 IPBusEnum - ok
17:50:04.0208 0532 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:50:04.0270 0532 IpFilterDriver - ok
17:50:04.0317 0532 [ BF0DBFA9792C5C14FA00F61C75116C1B ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
17:50:04.0364 0532 IpHlpSvc - ok
17:50:04.0364 0532 IpInIp - ok
17:50:04.0395 0532 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:50:04.0473 0532 IPMIDRV - ok
17:50:04.0504 0532 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:50:04.0582 0532 IPNAT - ok
17:50:04.0614 0532 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:50:04.0695 0532 iPod Service - ok
17:50:04.0711 0532 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:50:04.0773 0532 IRENUM - ok
17:50:04.0820 0532 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:50:04.0851 0532 isapnp - ok
17:50:04.0913 0532 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:50:04.0929 0532 iScsiPrt - ok
17:50:04.0960 0532 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:50:04.0976 0532 iteatapi - ok
17:50:05.0007 0532 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:50:05.0023 0532 iteraid - ok
17:50:05.0069 0532 [ EB5C7891B9E6E4A1A4428F2160B12B53 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
17:50:05.0101 0532 k57nd60a - ok
17:50:05.0116 0532 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:50:05.0132 0532 kbdclass - ok
17:50:05.0210 0532 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:50:05.0272 0532 kbdhid - ok
17:50:05.0288 0532 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
17:50:05.0350 0532 KeyIso - ok
17:50:05.0397 0532 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:50:05.0428 0532 KSecDD - ok
17:50:05.0475 0532 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:50:05.0537 0532 ksthunk - ok
17:50:05.0569 0532 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
17:50:05.0678 0532 KtmRm - ok
17:50:05.0725 0532 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:50:05.0803 0532 LanmanServer - ok
17:50:05.0865 0532 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:50:05.0943 0532 LanmanWorkstation - ok
17:50:05.0974 0532 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:50:06.0052 0532 lltdio - ok
17:50:06.0177 0532 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:50:06.0255 0532 lltdsvc - ok
17:50:06.0286 0532 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:50:06.0364 0532 lmhosts - ok
17:50:06.0395 0532 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:50:06.0427 0532 LSI_FC - ok
17:50:06.0458 0532 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:50:06.0489 0532 LSI_SAS - ok
17:50:06.0505 0532 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:50:06.0536 0532 LSI_SCSI - ok
17:50:06.0567 0532 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
17:50:06.0661 0532 luafv - ok
17:50:06.0739 0532 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
17:50:06.0785 0532 McComponentHostService - ok
17:50:06.0817 0532 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:50:06.0848 0532 Mcx2Svc - ok
17:50:06.0879 0532 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
17:50:06.0910 0532 megasas - ok
17:50:06.0957 0532 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:50:07.0004 0532 MegaSR - ok
17:50:07.0066 0532 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:50:07.0097 0532 Microsoft Office Groove Audit Service - ok
17:50:07.0144 0532 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
17:50:07.0222 0532 MMCSS - ok
17:50:07.0253 0532 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
17:50:07.0331 0532 Modem - ok
17:50:07.0363 0532 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:50:07.0456 0532 monitor - ok
17:50:07.0472 0532 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:50:07.0503 0532 mouclass - ok
17:50:07.0534 0532 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:50:07.0612 0532 mouhid - ok
17:50:07.0628 0532 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:50:07.0675 0532 MountMgr - ok
17:50:07.0768 0532 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:50:07.0784 0532 MozillaMaintenance - ok
17:50:07.0831 0532 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:50:07.0862 0532 MpFilter - ok
17:50:07.0893 0532 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
17:50:07.0924 0532 mpio - ok
17:50:07.0955 0532 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:50:08.0018 0532 mpsdrv - ok
17:50:08.0096 0532 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
17:50:08.0189 0532 MpsSvc - ok
17:50:08.0205 0532 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:50:08.0236 0532 Mraid35x - ok
17:50:08.0267 0532 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:50:08.0330 0532 MRxDAV - ok
17:50:08.0377 0532 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:50:08.0470 0532 mrxsmb - ok
17:50:08.0517 0532 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:50:08.0579 0532 mrxsmb10 - ok
17:50:08.0611 0532 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:50:08.0657 0532 mrxsmb20 - ok
17:50:08.0735 0532 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
17:50:08.0767 0532 msahci - ok
17:50:08.0798 0532 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:50:08.0813 0532 msdsm - ok
17:50:08.0891 0532 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
17:50:08.0985 0532 MSDTC - ok
17:50:09.0047 0532 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:50:09.0141 0532 Msfs - ok
17:50:09.0172 0532 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:50:09.0203 0532 msisadrv - ok
17:50:09.0235 0532 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:50:09.0313 0532 MSiSCSI - ok
17:50:09.0328 0532 msiserver - ok
17:50:09.0344 0532 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:50:09.0469 0532 MSKSSRV - ok
17:50:09.0531 0532 MsMpSvc - ok
17:50:09.0562 0532 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:50:09.0687 0532 MSPCLOCK - ok
17:50:09.0688 0532 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:50:09.0760 0532 MSPQM - ok
17:50:09.0823 0532 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:50:09.0869 0532 MsRPC - ok
17:50:09.0885 0532 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:50:09.0901 0532 mssmbios - ok
17:50:09.0932 0532 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:50:10.0010 0532 MSTEE - ok
17:50:10.0306 0532 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
17:50:10.0587 0532 msvsmon90 - ok
17:50:10.0649 0532 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
17:50:10.0681 0532 Mup - ok
17:50:10.0759 0532 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
17:50:10.0821 0532 napagent - ok
17:50:10.0883 0532 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:50:10.0946 0532 NativeWifiP - ok
17:50:11.0024 0532 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:50:11.0102 0532 NDIS - ok
17:50:11.0149 0532 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:50:11.0227 0532 NdisTapi - ok
17:50:11.0242 0532 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:50:11.0320 0532 Ndisuio - ok
17:50:11.0461 0532 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:50:11.0539 0532 NdisWan - ok
17:50:11.0585 0532 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:50:11.0679 0532 NDProxy - ok
17:50:11.0710 0532 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:50:11.0804 0532 NetBIOS - ok
17:50:11.0851 0532 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:50:11.0929 0532 netbt - ok
17:50:11.0944 0532 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
17:50:11.0975 0532 Netlogon - ok
17:50:12.0100 0532 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
17:50:12.0350 0532 Netman - ok
17:50:12.0459 0532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:50:12.0506 0532 NetMsmqActivator - ok
17:50:12.0506 0532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:50:12.0537 0532 NetPipeActivator - ok
17:50:12.0599 0532 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
17:50:12.0677 0532 netprofm - ok
17:50:12.0677 0532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:50:12.0709 0532 NetTcpActivator - ok
17:50:12.0724 0532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:50:12.0740 0532 NetTcpPortSharing - ok
17:50:12.0911 0532 [ F17EDA58C8C5B1A4F873B322729168FF ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
17:50:13.0317 0532 NETw5v64 - ok
17:50:13.0364 0532 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:50:13.0379 0532 nfrd960 - ok
17:50:13.0411 0532 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:50:13.0442 0532 NisDrv - ok
17:50:13.0457 0532 NisSrv - ok
17:50:13.0629 0532 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
17:50:13.0707 0532 NlaSvc - ok
17:50:13.0816 0532 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:50:13.0910 0532 Npfs - ok
17:50:13.0941 0532 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
17:50:14.0003 0532 nsi - ok
17:50:14.0050 0532 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:50:14.0128 0532 nsiproxy - ok
17:50:14.0253 0532 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:50:14.0440 0532 Ntfs - ok
17:50:14.0503 0532 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
17:50:14.0627 0532 Null - ok
17:50:14.0659 0532 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:50:14.0690 0532 nvraid - ok
17:50:14.0705 0532 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:50:14.0737 0532 nvstor - ok
17:50:14.0752 0532 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:50:14.0809 0532 nv_agp - ok
17:50:14.0823 0532 NwlnkFlt - ok
17:50:14.0832 0532 NwlnkFwd - ok
17:50:14.0905 0532 [ 404B0121AE1A75D9A63B6934EB07C258 ] OA008Ufd C:\Windows\system32\DRIVERS\OA008Ufd.sys
17:50:14.0967 0532 OA008Ufd - ok
17:50:15.0014 0532 [ 126885007E8F601861165FC77C93F1BE ] OA008Vid C:\Windows\system32\DRIVERS\OA008Vid.sys
17:50:15.0061 0532 OA008Vid - ok
17:50:15.0123 0532 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:50:15.0186 0532 odserv - ok
17:50:15.0248 0532 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:50:15.0326 0532 ohci1394 - ok
17:50:15.0388 0532 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:50:15.0420 0532 ose - ok
17:50:15.0466 0532 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:50:15.0622 0532 p2pimsvc - ok
17:50:15.0654 0532 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
17:50:15.0685 0532 p2psvc - ok
17:50:15.0732 0532 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
17:50:15.0825 0532 Parport - ok
17:50:15.0966 0532 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:50:16.0028 0532 partmgr - ok
17:50:16.0075 0532 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
17:50:16.0153 0532 PcaSvc - ok
17:50:16.0200 0532 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
17:50:16.0215 0532 pci - ok
17:50:16.0278 0532 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
17:50:16.0324 0532 pciide - ok
17:50:16.0356 0532 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:50:16.0387 0532 pcmcia - ok
17:50:16.0418 0532 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:50:16.0574 0532 PEAUTH - ok
17:50:16.0668 0532 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:50:16.0746 0532 PerfHost - ok
17:50:16.0870 0532 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
17:50:17.0011 0532 pla - ok
17:50:17.0073 0532 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:50:17.0167 0532 PlugPlay - ok
17:50:17.0214 0532 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:50:17.0229 0532 PNRPAutoReg - ok
17:50:17.0292 0532 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:50:17.0323 0532 PNRPsvc - ok
17:50:17.0401 0532 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:50:17.0494 0532 PolicyAgent - ok
17:50:17.0541 0532 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:50:17.0572 0532 PptpMiniport - ok
17:50:17.0588 0532 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
17:50:17.0650 0532 Processor - ok
17:50:17.0697 0532 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
17:50:17.0728 0532 ProfSvc - ok
17:50:17.0884 0532 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:50:17.0900 0532 ProtectedStorage - ok
17:50:17.0962 0532 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:50:17.0994 0532 PSched - ok
17:50:18.0025 0532 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:50:18.0040 0532 PxHlpa64 - ok
17:50:18.0118 0532 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:50:18.0274 0532 ql2300 - ok
17:50:18.0337 0532 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:50:18.0368 0532 ql40xx - ok
17:50:18.0430 0532 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
17:50:18.0477 0532 QWAVE - ok
17:50:18.0508 0532 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:50:18.0540 0532 QWAVEdrv - ok
17:50:18.0696 0532 [ CEF278088637401F07A0064B0B900A32 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
17:50:18.0945 0532 R300 - ok
17:50:19.0242 0532 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:50:19.0320 0532 RasAcd - ok
17:50:19.0366 0532 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
17:50:19.0429 0532 RasAuto - ok
17:50:19.0476 0532 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:50:19.0538 0532 Rasl2tp - ok
17:50:19.0585 0532 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
17:50:19.0632 0532 RasMan - ok
17:50:19.0678 0532 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:50:19.0741 0532 RasPppoe - ok
17:50:19.0772 0532 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:50:19.0819 0532 RasSstp - ok
17:50:19.0850 0532 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:50:19.0902 0532 rdbss - ok
17:50:19.0936 0532 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:50:19.0999 0532 RDPCDD - ok
17:50:20.0030 0532 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:50:20.0077 0532 rdpdr - ok
17:50:20.0077 0532 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:50:20.0124 0532 RDPENCDD - ok
17:50:20.0171 0532 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:50:20.0202 0532 RDPWD - ok
17:50:20.0233 0532 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:50:20.0295 0532 RemoteAccess - ok
17:50:20.0342 0532 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:50:20.0405 0532 RemoteRegistry - ok
17:50:20.0467 0532 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:50:20.0545 0532 RFCOMM - ok
17:50:20.0576 0532 [ D13D70FAC45FC1DF69F88559B1F72F0A ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
17:50:20.0623 0532 rimmptsk - ok
17:50:20.0654 0532 [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
17:50:20.0701 0532 rimsptsk - ok
17:50:20.0717 0532 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
17:50:20.0748 0532 rismxdp - ok
17:50:20.0763 0532 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
17:50:20.0826 0532 RpcLocator - ok
17:50:20.0888 0532 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
17:50:20.0919 0532 RpcSs - ok
17:50:20.0966 0532 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:50:21.0013 0532 rspndr - ok
17:50:21.0029 0532 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
17:50:21.0044 0532 SamSs - ok
17:50:21.0060 0532 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:50:21.0091 0532 sbp2port - ok
17:50:21.0122 0532 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:50:21.0200 0532 SCardSvr - ok
17:50:21.0278 0532 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
17:50:21.0434 0532 Schedule - ok
17:50:21.0481 0532 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:50:21.0528 0532 SCPolicySvc - ok
17:50:21.0590 0532 [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:50:21.0637 0532 sdbus - ok
17:50:21.0653 0532 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:50:21.0731 0532 SDRSVC - ok
17:50:21.0746 0532 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:50:21.0855 0532 secdrv - ok
17:50:21.0902 0532 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
17:50:21.0996 0532 seclogon - ok
17:50:22.0027 0532 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
17:50:22.0105 0532 SENS - ok
17:50:22.0136 0532 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:50:22.0277 0532 Serenum - ok
17:50:22.0292 0532 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
17:50:22.0386 0532 Serial - ok
17:50:22.0448 0532 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:50:22.0511 0532 sermouse - ok
17:50:22.0573 0532 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
17:50:22.0667 0532 SessionEnv - ok
17:50:22.0729 0532 [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:50:22.0823 0532 sffdisk - ok
17:50:22.0885 0532 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:50:22.0979 0532 sffp_mmc - ok
17:50:22.0994 0532 [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:50:23.0057 0532 sffp_sd - ok
17:50:23.0088 0532 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:50:23.0213 0532 sfloppy - ok
17:50:23.0337 0532 [ 4EF8FC5158AA1A01DF37FDB3FADDA077 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
17:50:23.0447 0532 SftService - ok
17:50:23.0478 0532 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:50:23.0587 0532 SharedAccess - ok
17:50:23.0649 0532 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:50:23.0743 0532 ShellHWDetection - ok
17:50:23.0805 0532 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:50:23.0837 0532 SiSRaid2 - ok
17:50:23.0868 0532 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:50:23.0946 0532 SiSRaid4 - ok
17:50:24.0102 0532 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:50:24.0336 0532 Skype C2C Service - ok
17:50:24.0476 0532 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:50:24.0492 0532 SkypeUpdate - ok
17:50:24.0632 0532 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
17:50:24.0819 0532 slsvc - ok
17:50:24.0866 0532 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:50:24.0913 0532 SLUINotify - ok
17:50:24.0991 0532 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:50:25.0022 0532 Smb - ok
17:50:25.0184 0532 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:50:25.0247 0532 SNMPTRAP - ok
17:50:25.0325 0532 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
17:50:25.0356 0532 spldr - ok
17:50:25.0403 0532 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
17:50:25.0528 0532 Spooler - ok
17:50:25.0559 0532 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
17:50:25.0606 0532 sprtsvc_DellSupportCenter - ok
17:50:25.0652 0532 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
17:50:25.0746 0532 srv - ok
17:50:25.0808 0532 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:50:25.0886 0532 srv2 - ok
17:50:25.0949 0532 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:50:25.0980 0532 srvnet - ok
17:50:26.0027 0532 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:50:26.0120 0532 SSDPSRV - ok
17:50:26.0183 0532 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:50:26.0230 0532 SstpSvc - ok
17:50:26.0370 0532 [ C5DF63AE2693C9B6B01B4A2E6C1C64AC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
17:50:26.0401 0532 STacSV - ok
17:50:26.0479 0532 [ BA16447226ABFD342E130D2F24F73D32 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:50:26.0573 0532 STHDA - ok
17:50:26.0620 0532 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:50:26.0682 0532 StillCam - ok
17:50:26.0729 0532 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
17:50:26.0822 0532 stisvc - ok
17:50:26.0900 0532 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
17:50:26.0932 0532 stllssvr - ok
17:50:26.0963 0532 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:50:26.0978 0532 swenum - ok
17:50:27.0119 0532 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:50:27.0197 0532 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
17:50:27.0197 0532 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
17:50:27.0244 0532 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
17:50:27.0337 0532 swprv - ok
17:50:27.0368 0532 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:50:27.0400 0532 Symc8xx - ok
17:50:27.0415 0532 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:50:27.0446 0532 Sym_hi - ok
17:50:27.0478 0532 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:50:27.0509 0532 Sym_u3 - ok
17:50:27.0540 0532 [ 79A93EC9D224B1F43C0E2F023D61DCA3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:50:27.0571 0532 SynTP - ok
17:50:28.0336 0532 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
17:50:28.0460 0532 SysMain - ok
17:50:28.0570 0532 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:50:28.0632 0532 TabletInputService - ok
17:50:28.0694 0532 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:50:28.0772 0532 TapiSrv - ok
17:50:28.0788 0532 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
17:50:28.0882 0532 TBS - ok
17:50:28.0975 0532 [ 2860D16C5021F72130212DDB1C53018F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:50:29.0162 0532 Tcpip - ok
17:50:29.0272 0532 [ 2860D16C5021F72130212DDB1C53018F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:50:29.0365 0532 Tcpip6 - ok
17:50:29.0428 0532 [ EFC6BE643B476118EC726D35A821B2A9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:50:29.0521 0532 tcpipreg - ok
17:50:29.0552 0532 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:50:29.0615 0532 TDPIPE - ok
17:50:29.0646 0532 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:50:29.0708 0532 TDTCP - ok
17:50:29.0740 0532 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:50:29.0818 0532 tdx - ok
17:50:29.0849 0532 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:50:29.0880 0532 TermDD - ok
17:50:29.0927 0532 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
17:50:30.0020 0532 TermService - ok
17:50:30.0052 0532 TFsExDisk - ok
17:50:30.0083 0532 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
17:50:30.0098 0532 Themes - ok
17:50:30.0110 0532 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
17:50:30.0186 0532 THREADORDER - ok
17:50:30.0217 0532 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
17:50:30.0310 0532 TrkWks - ok
17:50:30.0404 0532 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:50:30.0420 0532 TrustedInstaller - ok
17:50:30.0482 0532 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:50:30.0513 0532 tssecsrv - ok
17:50:30.0544 0532 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:50:30.0560 0532 tunmp - ok
17:50:30.0638 0532 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:50:30.0685 0532 tunnel - ok
17:50:30.0700 0532 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:50:30.0716 0532 uagp35 - ok
17:50:30.0825 0532 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:50:30.0903 0532 udfs - ok
17:50:30.0966 0532 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:50:31.0012 0532 UI0Detect - ok
17:50:31.0044 0532 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:50:31.0059 0532 uliagpkx - ok
17:50:31.0090 0532 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:50:31.0122 0532 uliahci - ok
17:50:31.0246 0532 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:50:31.0278 0532 UlSata - ok
17:50:31.0293 0532 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:50:31.0324 0532 ulsata2 - ok
17:50:31.0356 0532 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:50:31.0418 0532 umbus - ok
17:50:31.0449 0532 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
17:50:31.0605 0532 upnphost - ok
17:50:31.0714 0532 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:50:31.0761 0532 USBAAPL64 - ok
17:50:31.0808 0532 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:50:31.0933 0532 usbccgp - ok
17:50:31.0964 0532 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:50:32.0089 0532 usbcir - ok
17:50:32.0120 0532 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:50:32.0214 0532 usbehci - ok
17:50:32.0354 0532 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:50:32.0448 0532 usbhub - ok
17:50:32.0510 0532 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:50:32.0650 0532 usbohci - ok
17:50:32.0760 0532 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:50:32.0822 0532 usbprint - ok
17:50:32.0884 0532 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:50:32.0947 0532 usbscan - ok
17:50:32.0994 0532 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:50:33.0056 0532 USBSTOR - ok
17:50:33.0290 0532 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:50:33.0368 0532 usbuhci - ok
17:50:33.0415 0532 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:50:33.0477 0532 usbvideo - ok
17:50:33.0555 0532 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
17:50:33.0633 0532 UxSms - ok
17:50:33.0711 0532 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
17:50:33.0836 0532 vds - ok
17:50:33.0976 0532 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:50:34.0086 0532 vga - ok
17:50:34.0086 0532 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:50:34.0179 0532 VgaSave - ok
17:50:34.0210 0532 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
17:50:34.0242 0532 viaide - ok
17:50:34.0257 0532 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:50:34.0288 0532 volmgr - ok
17:50:34.0351 0532 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:50:34.0398 0532 volmgrx - ok
17:50:34.0460 0532 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:50:34.0522 0532 volsnap - ok
17:50:34.0554 0532 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:50:34.0585 0532 vsmraid - ok
17:50:34.0803 0532 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
17:50:35.0037 0532 VSS - ok
17:50:35.0115 0532 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
17:50:35.0280 0532 W32Time - ok
17:50:35.0389 0532 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:50:35.0498 0532 WacomPen - ok
17:50:35.0545 0532 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:50:35.0607 0532 Wanarp - ok
17:50:35.0623 0532 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:50:35.0670 0532 Wanarpv6 - ok
17:50:35.0748 0532 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:50:35.0888 0532 wcncsvc - ok
17:50:35.0982 0532 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:50:36.0044 0532 WcsPlugInService - ok
17:50:36.0075 0532 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
17:50:36.0075 0532 Wd - ok
17:50:36.0153 0532 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:50:36.0263 0532 Wdf01000 - ok
17:50:36.0263 0532 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:50:36.0325 0532 WdiServiceHost - ok
17:50:36.0325 0532 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:50:36.0372 0532 WdiSystemHost - ok
17:50:36.0450 0532 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
17:50:36.0481 0532 WebClient - ok
17:50:36.0528 0532 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:50:36.0637 0532 Wecsvc - ok
17:50:36.0668 0532 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:50:36.0715 0532 wercplsupport - ok
17:50:36.0762 0532 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
17:50:36.0824 0532 WerSvc - ok
17:50:36.0855 0532 WinDefend - ok
17:50:36.0871 0532 WinHttpAutoProxySvc - ok
17:50:36.0996 0532 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:50:37.0074 0532 Winmgmt - ok
17:50:37.0167 0532 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
17:50:37.0386 0532 WinRM - ok
17:50:37.0448 0532 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:50:37.0651 0532 Wlansvc - ok
17:50:37.0698 0532 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:50:37.0807 0532 WmiAcpi - ok
17:50:37.0901 0532 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:50:37.0947 0532 wmiApSrv - ok
17:50:38.0057 0532 WMPNetworkSvc - ok
17:50:38.0181 0532 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:50:38.0415 0532 WPCSvc - ok
17:50:38.0462 0532 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:50:38.0540 0532 WPDBusEnum - ok
17:50:38.0571 0532 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:50:38.0618 0532 WpdUsb - ok
17:50:39.0102 0532 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:50:39.0195 0532 WPFFontCache_v0400 - ok
17:50:39.0242 0532 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:50:39.0320 0532 ws2ifsl - ok
17:50:39.0414 0532 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
17:50:39.0445 0532 wscsvc - ok
17:50:39.0461 0532 WSearch - ok
17:50:39.0570 0532 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:50:39.0757 0532 wuauserv - ok
17:50:39.0819 0532 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:50:39.0897 0532 WudfPf - ok
17:50:39.0944 0532 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:50:39.0991 0532 WUDFRd - ok
17:50:40.0038 0532 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:50:40.0100 0532 wudfsvc - ok
17:50:40.0147 0532 ================ Scan global ===============================
17:50:40.0163 0532 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:50:40.0225 0532 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
17:50:40.0303 0532 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
17:50:40.0405 0532 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
17:50:40.0405 0532 [Global] - ok
17:50:40.0405 0532 ================ Scan MBR ==================================
17:50:40.0468 0532 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
17:50:41.0123 0532 \Device\Harddisk0\DR0 - ok
17:50:41.0123 0532 ================ Scan VBR ==================================
17:50:41.0154 0532 [ 0C077572F3499894870D654AA26B1A61 ] \Device\Harddisk0\DR0\Partition1
17:50:41.0154 0532 \Device\Harddisk0\DR0\Partition1 - ok
17:50:41.0185 0532 [ 837EE9100B987129F9C62BDE3F6833AF ] \Device\Harddisk0\DR0\Partition2
17:50:41.0185 0532 \Device\Harddisk0\DR0\Partition2 - ok
17:50:41.0201 0532 ============================================================
17:50:41.0201 0532 Scan finished
17:50:41.0201 0532 ============================================================
17:50:41.0217 4476 Detected object count: 3
17:50:41.0217 4476 Actual detected object count: 3
17:51:04.0752 4476 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:51:04.0752 4476 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
17:51:04.0752 4476 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
17:51:04.0752 4476 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:51:04.0752 4476 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
17:51:04.0752 4476 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 08.06.2013, 16:19

Hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

chris89mk · 09.06.2013, 20:11

Combofix ist durchgelaufen.

keine Fehler beim Scan, keine Fehler beim Neustart

Code:

ATTFilter

omboFix 13-06-08.02 - Christopher 09.06.2013  20:24:19.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4060.2421 [GMT 2:00]
ausgeführt von:: c:\users\Christopher\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\SecureW2 TTLS Client\Uninstall.exe
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\nogolniw.pad
c:\users\Christopher\AppData\Roaming\DataSafeDotNet.exe
c:\users\Christopher\setx.exe
c:\users\Christopher\SoftonicDownloader11503.exe
c:\users\Christopher\videos\n_v14.exe
D:\AUTORUN.INF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-09 bis 2013-06-09  ))))))))))))))))))))))))))))))
.
.
2013-06-09 18:39 . 2013-06-09 18:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-04 20:48 . 2013-06-04 21:44	--------	d-----w-	C:\_OTL
2013-06-03 21:36 . 2013-06-03 21:36	--------	d-----w-	c:\users\Christopher\AppData\Roaming\Avira
2013-06-03 21:29 . 2013-03-06 14:13	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-06-03 21:29 . 2013-02-26 14:56	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-06-03 21:29 . 2013-02-26 14:56	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-06-03 21:29 . 2013-06-03 21:29	--------	d-----w-	c:\programdata\Avira
2013-06-03 21:29 . 2013-06-03 21:29	--------	d-----w-	c:\program files (x86)\Avira
2013-06-02 16:44 . 2013-06-02 16:44	--------	d-----w-	c:\program files (x86)\Dropbox
2013-06-02 16:33 . 2013-06-04 20:48	--------	d-----w-	c:\users\Christopher\AppData\Roaming\brah
2013-05-21 20:03 . 2013-05-21 20:03	76232	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98F91860-FB16-42A7-8424-2B96665D7BFE}\offreg.dll
2013-05-21 20:01 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98F91860-FB16-42A7-8424-2B96665D7BFE}\mpengine.dll
2013-05-21 08:11 . 2013-05-21 08:08	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{733795DF-EEDB-4977-BA70-62E0FF0A6400}\gapaengine.dll
2013-05-21 08:09 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-18 19:38 . 2013-05-18 19:38	--------	d-----w-	c:\program files (x86)\Common Files\Macrovision Shared
2013-05-16 01:16 . 2013-04-05 00:55	816640	----a-w-	c:\windows\system32\jscript.dll
2013-05-16 01:16 . 2013-04-05 00:55	599040	----a-w-	c:\windows\system32\vbscript.dll
2013-05-16 01:16 . 2013-04-05 01:03	887808	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2013-05-16 01:16 . 2013-04-05 01:02	499200	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2013-05-16 01:16 . 2013-04-04 22:05	678912	----a-w-	c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-05-16 01:16 . 2013-04-04 22:04	387584	----a-w-	c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-05-16 01:16 . 2013-04-05 01:19	10926080	----a-w-	c:\windows\system32\ieframe.dll
2013-05-16 01:03 . 2013-05-05 21:36	17818624	----a-w-	c:\windows\system32\mshtml.dll
2013-05-16 01:03 . 2013-05-05 21:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-16 01:03 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-05-15 12:50 . 2013-04-09 01:55	2774016	----a-w-	c:\windows\system32\win32k.sys
2013-05-15 12:50 . 2013-04-15 14:17	901496	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 12:50 . 2013-04-13 03:34	47104	----a-w-	c:\windows\system32\cdd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 01:11 . 2006-11-02 12:35	75016696	----a-w-	c:\windows\system32\mrt.exe
2013-05-02 15:29 . 2009-10-02 23:59	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-24 21:26 . 2013-04-24 21:27	905296	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6F28592-9EE4-4D74-9A22-0B8C7C50134C}\gapaengine.dll
2013-04-24 21:26 . 2011-03-26 16:24	905296	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-24 05:52 . 2012-11-13 10:45	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-24 05:52 . 2011-12-01 01:38	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-16 19:39 . 2013-04-16 19:39	98304	----a-w-	c:\windows\SysWow64\CmdLineExt.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc600575-3013-4e8e-941c-4b00dafce730}"= "c:\program files (x86)\myBabylon_English4\tbmyBa.dll" [2009-07-02 2215960]
.
[HKEY_CLASSES_ROOT\clsid\{fc600575-3013-4e8e-941c-4b00dafce730}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\softonic-de3\prxtbsof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fc600575-3013-4e8e-941c-4b00dafce730}]
2009-07-02 08:18	2215960	----a-w-	c:\program files (x86)\myBabylon_English4\tbmyBa.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files (x86)\softonic-de3\prxtbsof0.dll" [2011-05-09 176936]
"{fc600575-3013-4e8e-941c-4b00dafce730}"= "c:\program files (x86)\myBabylon_English4\tbmyBa.dll" [2009-07-02 2215960]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{fc600575-3013-4e8e-941c-4b00dafce730}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Spotify Web Helper"="c:\users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-16 1105408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-04-04 345312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-04-17 165104]
.
c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
Dropbox.lnk - c:\users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-25 27776968]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-18 1066536]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Christopher\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=hp&installDate={installDate}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate}
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\v2ag0v2z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&installDate={installDate}&q=
FF - ExtSQL: !HIDDEN! 2009-10-18 16:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Dateityp-Verknüpfung -------
.
.scr=Ecotect Script
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ICQ - c:\program files (x86)\ICQ6.5\ICQ.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-GameShadow - c:\program files (x86)\GameShadow\GameShadow.exe
Wow6432Node-HKCU-Run-goze.exe - c:\users\Christopher\AppData\Roaming\Weiny\goze.exe
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{FC600575-3013-4E8E-941C-4B00DAFCE730} - (no file)
WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-Freeze Wallpaper - c:\progra~2\Freeze.com\Freeze Wallpaper\UNINSTAL.EXE
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
AddRemove-SecureW2 TTLS Client - c:\program files (x86)\SecureW2\SecureW2 TTLS Client\Uninstall.exe
AddRemove-Smilies - c:\progra~2\Freeze.com\Smilies\UNINSTAL.EXE
AddRemove-SqrSoftACF - c:\program files (x86)\Winamp\unout_sqr.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
AddRemove-Card Manager - c:\windows\system32\javaws.exe
AddRemove-JNLP - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-06-09  20:44:09
ComboFix-quarantined-files.txt  2013-06-09 18:44
.
Vor Suchlauf: 15 Verzeichnis(se), 58.238.398.464 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 60.535.500.800 Bytes frei
.
- - End Of File - - 6482EAC40577871DC174B5C337C1329C
CDB4DE4BBD714F152979DA2DCBEF57EB

markusg · 09.06.2013, 20:21

Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

chris89mk · 18.06.2013, 00:00

es wurde was gefunden und gleich entfernt

Zitat:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.17.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Christopher :: CHRISTOPHER-PC [Administrator]

Schutz: Aktiviert

17.06.2013 20:59:39
mbam-log-2013-06-17 (20-59-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 594647
Laufzeit: 3 Stunde(n), 53 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 10
C:\_OTL\MovedFiles.zip (Trojan.Zbot.FV) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\06042013_224826\C_Users\Christopher\AppData\Roaming\WindowsFiless\macromedia.exe (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\06042013_224826\C_Users\Christopher\AppData\Roaming\WindowsFiless\miner.dll (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\06042013_224826\C_Users\Christopher\AppData\Roaming\WindowsFiless\shell.exe (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\06042013_224826\C_Users\Christopher\AppData\Roaming\WindowsFiless\macro\macromedia.exe (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\06042013_224826\C_Users\Christopher\AppData\Roaming\WindowsFiless\macro\macromedia.exe_part1 (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\06042013_224826\C_Users\Christopher\AppData\Roaming\WindowsFiless\min\miner.dll (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\06042013_224826\C_Users\Christopher\AppData\Roaming\WindowsFiless\min\miner.dll_part1 (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\06042013_224826\C_Users\Christopher\AppData\Roaming\WindowsFiless\shel\shell.exe (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\06042013_224826\C_Users\Christopher\AppData\Roaming\WindowsFiless\shel\shell.exe_part1 (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg · 18.06.2013, 16:19

Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

chris89mk · 18.06.2013, 19:52

ccleaner txt:

Zitat:

3DStudio Import 13 GER (x86) 16.11.2011 notwendig
Adobe AIR Adobe Systems Inc. 29.08.2010 30,6MB 1.5.3.9120 notwendig
Adobe Community Help Adobe Systems Incorporated 29.08.2010 2,52MB 3.0.0.400
Adobe Creative Suite 5 Master Collection Adobe Systems Incorporated 19.01.2011 9,18GB 5.0 notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 30.11.2011 11.1.102.55 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 24.04.2013 11.7.700.169 notwendig
Adobe Illustrator CS5 Adobe Systems Incorporated 01.11.2010 1,14GB 15.0 notwendig
Adobe Media Player Adobe Systems Incorporated 29.08.2010 2,69MB 1.8 notwendig
Adobe Photoshop CS5 Adobe Systems Incorporated 29.08.2010 2,53GB 12.0 notwendig
Adobe Reader X (10.1.6) - Deutsch Adobe Systems Incorporated 21.02.2013 167MB 10.1.6 notwendig
Advanced Audio FX Engine Creative Technology Ltd 01.09.2009 112KB 1.12.05 notwendig
Akamai NetSession Interface Akamai Technologies, Inc 20.06.2012 5,66MB unbekannt
Akamai NetSession Interface Service 02.11.2011 5,66MB unbekannt
Apple Application Support Apple Inc. 30.06.2011 50,9MB 1.5.2 notwendig
Apple Mobile Device Support Apple Inc. 30.06.2011 22,6MB 3.4.1.2 notwendig
Apple Software Update Apple Inc. 30.06.2011 2,25MB 2.1.3.127 notwendig
ArchiCAD 13 GER Graphisoft 12.08.2010 790MB unnötig
ArchiCAD 13 GER (x86) Graphisoft 04.06.2010 745MB unnötig
ArchiCAD 16 GER GRAPHISOFT 18.07.2012 1,30GB 16.0 notwendig
ATI Catalyst Control Center 01.09.2009 24,0KB 2.008.1114.2148 notwendig
Autodesk Design Review 2011 Autodesk, Inc. 21.11.2010 115MB 11.0.0.86 unnötig
Autodesk Ecotect Analysis 2011 Autodesk, Inc. 18.05.2013 111MB 2011 notwendig
Autodesk Material Library 2011 Autodesk 21.11.2010 182MB 2.0.0.100 notwendig
Autodesk Material Library 2011 Base Image library Autodesk 21.11.2010 255MB 2.0.0.49 notwendig
Autodesk Material Library 2011 Medium Image library Autodesk 21.11.2010 749MB 2.0.0.49 notwendig
Avira Free Antivirus Avira 03.06.2013 205MB 13.0.0.3640 notwendig
Bonjour Apple Inc. 30.06.2011 1,14MB 2.0.5.0 notwendig
Brother MFL-Pro Suite MFC-5895CW Brother Industries, Ltd. 15.05.2012 16,0MB 1.0.2.0 notwendig
Canon Easy-PhotoPrint EX 05.03.2013 227MB notwendig
Canon Easy-PhotoPrint Pro 05.03.2013 43,0MB notwendig
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data 05.03.2013 43,0MB notwendig
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data 05.03.2013 11,9MB notwendig
Canon Easy-WebPrint EX 13.01.2012 6,81MB notwendig
Canon IJ Network Scan Utility 13.01.2012 1,07MB notwendig
Canon IJ Network Tool 13.01.2012 2,96MB notwendig
Canon Inkjet Printer/Scanner/Fax Extended Survey Program 05.03.2013 1,24MB notwendig
Canon MG8100 series Benutzerregistrierung 05.03.2013 1,18MB notwendig
Canon MG8100 series MP Drivers 13.01.2012 410MB notwendig
Canon MP Navigator EX 4.0 05.03.2013 75,3MB notwendig
Canon My Printer 05.03.2013 5,92MB notwendig
Canon Solution Menu EX 05.03.2013 12,3MB notwendig
CCleaner Piriform 24.05.2013 11,5MB 4.02 notwendig
CD-LabelPrint 13.01.2012 11,7MB notwendig
Compatibility Pack für 2007 Office System Microsoft Corporation 09.01.2013 55,2MB 12.0.6612.1000 notwendig
Dell DataSafe Local Backup Dell 01.09.2009 126MB 9.3.10 x64 notwendig
Dell DataSafe Local Backup - Support Software Dell 01.09.2009 1,41MB 2.25 notwendig
Dell DataSafe Online Dell, Inc. 01.09.2009 1.1.0029 notwendig
Dell Dock Dell 01.09.2009 1.0.0 notwendig
Dell Getting Started Guide Dell Inc. 01.09.2009 1.00.0000 unbekannt
Dell Support Center (Support Software) Dell 01.09.2009 2.5.09100 notwendig
Dell Touchpad Synaptics 01.09.2009 26,7MB 12.0.1.0 notwendig
Dell Video Chat SightSpeed Inc. 01.09.2009 22,0MB 6.0 (6567) notwendig
Dell Webcam Central Creative Technology Ltd 01.09.2009 27,6MB 1.03.04 notwendig
DivX Converter DivX, Inc. 19.11.2012 45,3MB 7.1.0 notwendig
DivX Player DivX, Inc. 02.10.2009 8,43MB 7.2.0 notwendig
DivX Plus DirectShow Filters DivX, Inc. 19.11.2012 1,58MB notwendig
DivX-Setup DivX, LLC 19.11.2012 3,64MB 2.6.1.22 notwendig
Dropbox Dropbox, Inc. 02.06.2013 24,0MB 2.0.22 notwendig
FlashPeak SlimBrowser FlashPeak Inc. 01.10.2011 3,41MB 6.00.061 unnötig
FPSpellCheck (remove only) 11.11.2010 688KB unbekannt
Free YouTube Download version 2.10.36.517 DVDVideoSoft Limited. 08.06.2011 unbekannt
Freeze Wallpaper Freeze.com, LLC 16.08.2010 296KB unbekannt
Google Earth Connections AC13 GER (x86) Graphisoft 17.11.2010 769MB notwendig
Google SketchUp Pro 8 Google, Inc. 31.01.2012 136MB 3.0.3117 notwendig
GSview 4.7 16.10.2009 3,52MB unbekannt
Integrated Webcam Driver (1.04.01.0601) Creative Technology Ltd. 07.12.2009 1.04.01.0601 notwendig
Intel(R) PROSet/Wireless WiFi-Software Intel(R) Corporation 07.05.2013 15,6MB 12.00.4000 notwendig
iTunes Apple Inc. 30.06.2011 144MB 10.3.1.55 notwendig
Java(TM) 6 Update 31 Oracle 22.02.2012 95,1MB 6.0.310 unbekannt
Live! Cam Avatar Creator Creative Technology Ltd 01.09.2009 170MB 4.6.2919.1 unbekannt
Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 09.06.2013 13,4MB 1.75.0.1300 notwendig
McAfee Security Scan Plus McAfee, Inc. 24.04.2013 9,12MB 3.0.318.3 notwendig
MeshLab 1.3.1 Paolo Cignoni VCG - ISTI - CNR 16.11.2011 76,1MB 1.3.1 notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 04.10.2009 42,2MB notwendig
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 30.04.2009 41,6MB notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 30.12.2010 189MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Extended Microsoft Corporation 30.12.2010 46,4MB 4.0.30319 notwendig
Microsoft Default Manager Microsoft Corporation 01.09.2009 2.0.69.0 notwendig
Microsoft Office Enterprise 2007 Microsoft Corporation 18.02.2012 616MB 12.0.6612.1000 notwendig
Microsoft Office File Validation Add-In Microsoft Corporation 13.10.2012 7,95MB 14.0.5130.5003 notwendig
Microsoft Office Home and Student 2007 Microsoft Corporation 18.02.2012 296MB 12.0.6612.1000 notwendig
Microsoft Office Live Add-in 1.5 Microsoft Corporation 11.10.2012 506KB 2.0.4024.1 notwendig
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 09.01.2013 50,0MB 12.0.6612.1000 notwendig
Microsoft Office Suite Activation Assistant Microsoft Corporation 01.09.2009 8,36MB 2.9 notwendig
Microsoft Security Essentials Microsoft Corporation 27.02.2013 21,5MB 4.2.223.1 notwendig
Microsoft Silverlight Microsoft Corporation 13.03.2013 11,7MB 5.1.20125.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 01.09.2009 1,74MB 3.1.0000 notwendig
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 01.09.2009 624KB 1.0.1215.0 notwendig
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 01.09.2009 1,44MB 1.0.1215.0 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 07.04.2010 250KB 8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.06.2011 294KB 8.0.59193 notwendig
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 04.06.2010 614KB 8.0.61000 notwendig
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 27.04.2011 574KB 8.0.51011 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 07.04.2010 199KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 27.04.2011 784KB 9.0.30729.5570 notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 27.04.2011 592KB 9.0.30729.5570 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 21.11.2010 782KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 18.06.2011 782KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 06.12.2011 1,41MB 9.0.21022 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.03.2011 233KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.11.2010 589KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 18.06.2011 594KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 19.07.2012 13,8MB 10.0.40219 notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 19.07.2012 15,0MB 10.0.40219 notwendig
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU Microsoft Corporation 21.11.2010 14,2MB notwendig
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Microsoft Corporation 21.11.2010 14,2MB notwendig
Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Corporation 18.06.2011 214MB 9.0.30729 notwendig
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU Microsoft Corporation 21.11.2010 96,0MB 9.0.30729 notwendig
Microsoft Visual Studio Tools for Applications 2.0 Runtime Microsoft Corporation 21.11.2010 150KB 9.0.30729 notwendig
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU Microsoft Corporation 21.11.2010 225KB 9.0.30729 notwendig
Microsoft Works Microsoft Corporation 11.10.2012 9.7.0621 notwendig
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme Microsoft Corporation 24.11.2009 132KB 12.0.4518.1014 notwendig
Move Media Player Move Networks 15.03.2010 notwendig
Mozilla Firefox 21.0 (x86 de) Mozilla 26.05.2013 51,5MB 21.0 notwendig
Mozilla Maintenance Service Mozilla 26.05.2013 204KB 21.0 unbekannt
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 16.05.2012 1,23MB 4.20.9841.0 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 16.05.2012 1,27MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 18.05.2012 1,33MB 4.20.9876.0 unbekannt
myBabylon_English4 Toolbar 16.08.2010 2,32MB unbekannt
OpenOffice.org 3.4.1 Apache Software Foundation 07.05.2013 331MB 3.41.9593 notwendig
PaperPort Image Printer 64-bit Nuance Communications, Inc. 15.05.2012 557KB 1.00.0000 unbekannt
pdfsam 14.12.2010 15,3MB 2.2.1 unnötig
PowerDVD Dell 01.09.2009 41,9MB 8.1 unnötig
Project64 1.6 Project64 10.10.2009 3,46MB 1.6 unbekannt
Quickset Dell Inc. 01.09.2009 9.2.13 notwendig
QuickTime Apple Inc. 22.12.2010 73,7MB 7.69.80.9 notwendig
Rhinoceros 4.0 McNeel & Associates 12.05.2011 172MB 4.0.20118 notwendig
Roxio Creator DE Roxio 01.09.2009 18,0MB 10.1 unbekannt
Safari Apple Inc. 30.06.2011 41,2MB 5.33.21.1 notwendig
Samsung Mobile Modem Device Software 31.03.2012 unnötig
SAMSUNG Mobile Modem Driver Set 31.03.2012 unnötig
Samsung Mobile phone USB driver Software 31.03.2012 unnötig
SAMSUNG Mobile USB Modem 1.0 Software 31.03.2012 unnötig
SAMSUNG Mobile USB Modem Software 31.03.2012 unnötig
ScanSoft PaperPort 11 Nuance Communications, Inc. 15.05.2012 146MB 11.2.0000 notwendig
SecureW2 EAP Suite 1.0.6 for Windows 29.10.2012 112KB notwendig
SecureW2 TTLS Client 3.2.0 for Windows Vista 16.11.2009 52,0KB notwendig
Skype Click to Call Skype Technologies S.A. 29.10.2012 12,6MB 6.3.11079 notwendig
Skype™ 6.3 Skype Technologies S.A. 18.05.2013 21,1MB 6.3.107 notwendig
Smilies Freeze.com, LLC 16.08.2010 300KB unbekannt
softonic-de3 Toolbar softonic-de3 28.09.2011 2,82MB 6.5.2.8 unnötig
Spotify Spotify AB 16.05.2013 49,5MB 0.9.0.133.gd18ed589 notwendig
SqrSoft® Advanced Crossfading (remove only) 24.01.2010 unbekannt
Uninstall 1.0.0.1 08.06.2011 36,7MB unbekannt
VLC media player 0.9.9 VideoLAN Team 19.09.2009 63,1MB 0.9.9 notwendig
WIDCOMM Bluetooth Software 6.2.0.6600 Dell 01.09.2009 117MB 6.2.0.6600 notwendig
Winamp Erkennungs-Plug-in Nullsoft, Inc 24.01.2010 132KB 1.0.0.1 unbekannt
Windows Live Anmelde-Assistent Microsoft Corporation 07.04.2010 1,93MB 5.000.818.6 notwendig
Windows Live Essentials Microsoft Corporation 01.09.2009 139MB 14.0.8050.1202 notwendig
Windows Live Sync Microsoft Corporation 01.09.2009 2,79MB 14.0.8050.1202 notwendig
Windows Live-Uploadtool Microsoft Corporation 01.09.2009 225KB 14.0.8014.1029 notwendig
WinRAR 19.02.2010 4,39MB notwendig
Yahoo! Toolbar 19.02.2010 3,33MB unnötig

markusg · 18.06.2013, 20:19

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
FlashPeak
FPSpellCheck
Free YouTube
Freeze
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
myBabylon_English4
pdfsam
PowerDVD
SAMSUNG : alle
Smilies
softonic
Yahoo
Öffne CCleaner, analysiren, starten, PC neustarten
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

chris89mk · 18.06.2013, 22:28

nach dem Löschvorgang:

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.303 - Datei am 18/06/2013 um 23:17:09 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Christopher - CHRISTOPHER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christopher\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\v2ag0v2z.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\v2ag0v2z.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\v2ag0v2z.default\searchplugins\Web Search.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Babylon
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\Plasmoo
Gelöscht mit Neustart : C:\Program Files (x86)\Conduit
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\ProgramData\ICQ\ICQToolbar
Gelöscht mit Neustart : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Gelöscht mit Neustart : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.com
Gelöscht mit Neustart : C:\Users\Christopher\AppData\Local\Babylon
Gelöscht mit Neustart : C:\Users\Christopher\AppData\Local\Conduit
Gelöscht mit Neustart : C:\Users\Christopher\AppData\LocalLow\boost_interprocess
Gelöscht mit Neustart : C:\Users\Christopher\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Christopher\AppData\LocalLow\ConduitEngine
Gelöscht mit Neustart : C:\Users\Christopher\AppData\LocalLow\facemoods.com
Gelöscht mit Neustart : C:\Users\Christopher\AppData\LocalLow\PriceGong
Gelöscht mit Neustart : C:\Users\Christopher\AppData\Roaming\Babylon
Gelöscht mit Neustart : C:\Users\Christopher\AppData\Roaming\dvdvideosoftiehelpers
Gelöscht mit Neustart : C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freeze.com
Gelöscht mit Neustart : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\v2ag0v2z.default\Conduit
Gelöscht mit Neustart : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\v2ag0v2z.default\ConduitCommon
Gelöscht mit Neustart : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\v2ag0v2z.default\CT2269050
Gelöscht mit Neustart : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\v2ag0v2z.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}(171)
Gelöscht mit Neustart : C:\Users\Christopher\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\softonic-de3 Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2856415
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=hp&installDate={installDate} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\v2ag0v2z.default\prefs.js

C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\v2ag0v2z.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "23-8-2012");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Thu Aug 23 2012 14:49:33 GMT+0200");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Sun Apr 22 2012 11:50:08 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "29-9-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.HPProtectChoice", true);
Gelöscht : user_pref("CT2269050.HPProtectCount", 2);
Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2269050.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.orbitdownloader.com");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Wed Sep 29 2010 16:34:10 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Thu Aug 23 2012 14:49:32 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.2.0", "Fri Apr 01 2011 15:16:42 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Thu Apr 26 2012 02:44:17 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Fri Jun 01 2012 10:49:50 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Tue Jul 03 2012 00:20:09 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Thu Aug 23 2012 14:49:32 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.14.1.0");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Sun Apr 22 2012 11:43:28 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchEngineBeforeUnload", "Search");
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Thu Aug 23 2012 14:49:30 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2269050.SearchProtectorEnabled", true);
Gelöscht : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Thu Aug 23 2012 14:49:30 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Thu Aug 23 2012 14:49:30 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1345579180");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Aug 23 2012 14:49:29 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
Gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2269050.UserID", "UN35948832444718785");
Gelöscht : user_pref("CT2269050.ValidationData_Search", 2);
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Sun Apr 22 2012 11:43:28 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.approveUntrustedApps", false);
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6E6D736C6E6E7771");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737473797274747D77242F4B4947[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "396D6D3D726C70757A4446457720754C207E2551527C262A53[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "696F6A6A736F73437A477944767547797D7C4D7E21");
Gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6E6D736C6E6E7671737179");
Gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050isadsdisabled", "66616C7365");
Gelöscht : user_pref("CT2269050.backendstorage.facebook_mode", "32");
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "4672692041707220323720323031322031313A[...]
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Gelöscht : user_pref("CT2269050.backendstorage.youtubelang", "4445");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.components.1000034", false);
Gelöscht : user_pref("CT2269050.components.1000080", true);
Gelöscht : user_pref("CT2269050.components.1000082", false);
Gelöscht : user_pref("CT2269050.components.1000234", false);
Gelöscht : user_pref("CT2269050.components.129023235807856892", false);
Gelöscht : user_pref("CT2269050.components.129121052374999726", false);
Gelöscht : user_pref("CT2269050.components.129351672002618989", false);
Gelöscht : user_pref("CT2269050.components.129351776130744254", false);
Gelöscht : user_pref("CT2269050.components.129391330693125668", false);
Gelöscht : user_pref("CT2269050.components.129466585396013141", false);
Gelöscht : user_pref("CT2269050.components.129681780741097243", false);
Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Thu Aug 23 2012 14:49:33 GMT+0200");
Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.initDone", true);
Gelöscht : user_pref("CT2269050.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2269050.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129466585399606892,129[...]
Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.testingCtid", "");
Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Thu Aug 23 2012 14:49:33 GMT+0200");
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2269050.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c74[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Christopher\\AppData\\Roaming\\Mozi[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://youtube.conduitapps.com/v3.1.0/gadget.htm[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v213/gadget.html", "[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Apr 01 2011 15:16:42 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "8559a722-d8bb-48d7-8b10-696ef789b5ba");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Aug 23 2012 14:49:3[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Aug 23 2012 14:49:39 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Aug 23 2012 14:49:31 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "52fe5231-31ed-4288-873e-836bee2edc84");
Gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&use[...]
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2e[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [28337 octets] - [18/06/2013 23:17:09]

########## EOF - C:\AdwCleaner[S1].txt - [28398 octets] ##########

--- --- ---

markusg · 18.06.2013, 22:39

Hi,
neustarten bitte.
HitmanPro - Download - Filepony
Hitmanpro laden, doppelklicken, scan klicken.
Nichts löschen, auf weiter klicken.
Log speichern und posten, bzw als XML exportieren, packen und anhängen