| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus drauf wird aber von Scanner nicht erkanntWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.07.2013, 21:08
| #1 |
 |  Virus drauf wird aber von Scanner nicht erkannt Guten Abend, ich hoffe ich habs jetzt nachm editieren richtig gemacht Also mein Problem: Seid einigen Tagen ist mein PC erheblich Langsamer geworden. Außerdem wird wenn ich anwendungen öffne wie zb den Internet Explorer oder Firefox sofort eine Website mit irgendeiner Werbung geöffnet. Des Weiteren passiert das auch wenn ich eine neuen Task öffne und auf sämtlichen Seiten sind willkürlich ausgewählte Wörter mit irgendwelche Seite verlinkt. Ich habe die 20€ Version von Kaspersky und den Windows Defender mehrmals drüber laufen lassen und es wird bei beiden keine Meldung über einen Virus oder eine Bedrohung angezeigt. Ich hoffe mir kann hier irgendjemand helfen Code:
ATTFilter OTL logfile created on: 30.07.2013 21:21:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 15,44% Memory free 7,82 Gb Paging File | 3,26 Gb Available in Paging File | 41,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 300,41 Gb Total Space | 23,54 Gb Free Space | 7,83% Space Free | Partition Type: NTFS Drive D: | 373,22 Gb Total Space | 120,21 Gb Free Space | 32,21% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.30 21:21:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe PRC - [2013.07.30 21:16:15 | 000,050,477 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCF2750X\Defogger.exe PRC - [2013.07.26 13:52:08 | 000,376,896 | ---- | M] (Wsys Co., Ltd.) -- C:\ProgramData\eSafe\eGdpSvc.exe PRC - [2013.07.01 16:27:30 | 001,519,680 | ---- | M] (1und1 Mail und Media GmbH) -- C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe PRC - [2013.03.04 22:12:34 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2013.01.29 15:28:02 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe PRC - [2011.12.07 00:59:51 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.06.10 20:49:10 | 002,255,360 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.04.28 16:04:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.04.28 12:44:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.04.19 02:51:32 | 000,496,560 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe PRC - [2011.02.01 23:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.01 23:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.13 04:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.10.08 00:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.08.18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2013.07.30 21:16:15 | 000,050,477 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCF2750X\Defogger.exe MOD - [2013.07.14 13:45:34 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1773f7168685423c144d14727e45be6f\IAStorUtil.ni.dll MOD - [2013.07.14 13:45:34 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll MOD - [2013.07.14 12:30:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll MOD - [2013.07.14 12:29:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.14 12:29:51 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.14 12:29:40 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll MOD - [2013.07.14 12:29:36 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.14 12:29:32 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.14 12:29:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.14 12:29:25 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe MOD - [2013.04.07 10:54:20 | 000,306,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll MOD - [2013.01.29 15:28:02 | 000,170,840 | ---- | M] () -- C:\Program Files\Web Assistant\Extension32.dll MOD - [2012.08.17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2012.04.13 15:46:46 | 002,660,016 | ---- | M] () -- C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\tbcore3.dll MOD - [2012.04.13 15:46:46 | 000,311,472 | ---- | M] () -- C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\tbhelper.dll MOD - [2012.04.13 15:46:46 | 000,268,960 | ---- | M] () -- C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\suggestion_plugin.dll MOD - [2011.06.10 20:49:10 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll MOD - [2011.04.28 12:44:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2011.02.19 06:23:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.01.18 13:21:56 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Services (SafeList) ========== SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2013.04.07 10:54:58 | 001,455,408 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService) SRV:64bit: - [2013.01.29 15:28:02 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant) SRV:64bit: - [2011.01.26 00:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.11.30 01:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2013.07.26 13:52:08 | 000,376,896 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (WsysSvc) SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.04 22:12:34 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.04.28 16:04:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.04.28 12:44:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.02.01 23:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 23:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.19 19:38:27 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2013.04.26 14:01:23 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2013.04.26 14:01:23 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2013.03.04 22:26:34 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2013.03.04 22:26:34 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.08.02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2012.06.19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2012.06.05 16:03:52 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.04.28 12:44:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.03.26 10:19:48 | 012,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.07 21:21:16 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.03 15:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.02.26 03:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2011.02.16 11:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.02.11 00:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.11 00:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.31 12:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.11.30 08:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.11.30 01:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.20 12:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.02.25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.09.23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.05.26 05:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 IE - HKLM\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?affID=119776&tt=160512c_ctrl&babsrc=HP_ss&mntrId=F82D72DE2BF09AD1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Dennis\Pictures IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {D8ABEA3F-1283-4DA7-BE65-E40597C4948C} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119776&tt=160512c_ctrl&babsrc=SP_ss&mntrId=F82D72DE2BF09AD1 IE - HKCU\..\SearchScopes\{1F4D59AD-0B58-4A7F-8954-0DCE61660B4B}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = hxxp://search.speedbit.com/search.aspx?aff=svd_0&q={searchTerms} IE - HKCU\..\SearchScopes\{8E354526-36E3-46CF-8F74-BC804D385922}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{C1F821C0-7823-4701-BB8D-3886288006DD}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyLooBtrf&i=26 IE - HKCU\..\SearchScopes\{D8ABEA3F-1283-4DA7-BE65-E40597C4948C}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..browser.startup.homepage: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523" FF - prefs.js..browser.search.defaultenginename: "qvo6" FF - prefs.js..browser.search.order.1: "qvo6" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.search.selectedEngine: "qvo6" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013.03.01 15:53:00 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013.03.01 15:53:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox [2012.04.13 15:47:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox [2012.04.13 15:47:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013.03.01 15:53:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013.03.01 15:53:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.26 14:01:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.26 14:01:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.26 14:01:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.26 14:01:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.26 14:01:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.12 14:21:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyrix@lyrixeeker.co: C:\Program Files (x86)\LyriXeeker\125.xpi [2013.07.26 13:51:29 | 000,009,283 | ---- | M] () [2013.07.11 20:35:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions [2013.07.26 13:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2013.04.08 19:11:52 | 000,199,379 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\extensions\m2k@m2kdownloader.com.xpi [2013.07.27 14:14:37 | 000,002,120 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\ypoje2mk.default\searchplugins\MyStart Search.xml [2013.07.11 20:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.16 14:16:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.05 16:05:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.07.11 20:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.11 20:29:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.07.26 13:52:03 | 000,000,735 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll () O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (LyricXeeker) - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files (x86)\LyriXeeker\125.dll (LyriXeeker Tech) O2 - BHO: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (SpeedBit Ltd.) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\tbcore3.dll () O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O2 - BHO: (Game Master 2.2 Toolbar) - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\grabber.dll (SpeedBit) O3:64bit: - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\tbcore3.dll () O3 - HKLM\..\Toolbar: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Game Master 2.2 Toolbar) - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert 1.3 Toolbar) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Game Master 2.2 Toolbar) - {D8215D9C-81ED-4E53-B420-BFCDBAC4734D} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [USBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKCU..\Run: [Facebook Update] C:\Users\Dennis\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe File not found O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -update activex File not found O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68F7DAB1-8917-41C6-914E-31F62D999FF5}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{7bb70e58-71e1-11e1-9bd0-5404a6e0a73d}\Shell - "" = AutoRun O33 - MountPoints2\{7bb70e58-71e1-11e1-9bd0-5404a6e0a73d}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe O33 - MountPoints2\{8506d0cc-5eea-11e1-a99b-5404a6e0a73d}\Shell - "" = AutoRun O33 - MountPoints2\{8506d0cc-5eea-11e1-a99b-5404a6e0a73d}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.30 21:20:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe [2013.07.26 18:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.07.26 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Mp3tag [2013.07.26 17:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag [2013.07.26 13:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe [2013.07.26 13:51:43 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\eIntaller [2013.07.26 13:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyriXeeker [2013.07.15 18:48:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013.07.14 21:42:01 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\{FC85F24E-B059-4C37-8F7F-746C878660C3} [2013.07.13 13:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck [2013.07.13 13:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck [2013.07.13 13:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEB.DE MailCheck [2013.07.11 20:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.07.11 20:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.07.03 20:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb [7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.30 21:21:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe [2013.07.30 21:16:49 | 000,000,000 | ---- | M] () -- C:\Users\Dennis\defogger_reenable [2013.07.30 20:16:27 | 000,682,942 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.30 20:16:27 | 000,633,118 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.30 20:16:27 | 000,139,568 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.30 20:16:27 | 000,115,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.30 20:16:26 | 001,559,994 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.30 20:12:44 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001UA.job [2013.07.30 20:12:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.30 14:07:02 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\LyricXeeker Update.job [2013.07.30 14:06:44 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001Core.job [2013.07.29 20:27:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.29 20:27:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.27 14:13:18 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.07.27 14:13:17 | 000,001,471 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.07.27 14:12:55 | 3149,635,584 | -HS- | M] () -- C:\hiberfil.sys [2013.07.26 17:57:56 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2013.07.26 13:52:07 | 000,002,148 | ---- | M] () -- C:\Users\Dennis\Desktop\WEB.DE.lnk [2013.07.26 13:52:07 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2013.07.26 13:52:07 | 000,001,371 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.07.26 13:50:38 | 000,001,087 | ---- | M] () -- C:\Users\Dennis\Desktop\Continue Download Helper Installation.lnk [2013.07.16 20:13:43 | 000,081,056 | ---- | M] () -- C:\Users\Dennis\Documents\Bulgarien 2.pdf [2013.07.16 20:13:27 | 000,326,997 | ---- | M] () -- C:\Users\Dennis\Documents\Bulgarien 1.pdf [2013.07.13 13:14:26 | 000,277,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.30 21:16:49 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\defogger_reenable [2013.07.26 17:57:56 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2013.07.26 13:51:29 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\LyricXeeker Update.job [2013.07.26 13:50:38 | 000,001,087 | ---- | C] () -- C:\Users\Dennis\Desktop\Continue Download Helper Installation.lnk [2013.07.16 20:13:43 | 000,081,056 | ---- | C] () -- C:\Users\Dennis\Documents\Bulgarien 2.pdf [2013.07.16 20:13:25 | 000,326,997 | ---- | C] () -- C:\Users\Dennis\Documents\Bulgarien 1.pdf [2013.07.11 20:29:51 | 000,001,371 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.07.11 20:29:50 | 000,001,383 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.10.13 20:41:58 | 000,007,605 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg [2012.08.26 17:45:17 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.08.26 17:45:17 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.08.26 17:45:17 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.07.16 15:09:05 | 000,007,661 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\.freeciv-client-rc-2.3 [2012.04.04 23:00:54 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.03.18 22:17:35 | 000,004,608 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.07 16:28:59 | 000,017,408 | ---- | C] () -- C:\Users\Dennis\AppData\Local\WebpageIcons.db [2012.02.26 00:18:51 | 000,102,912 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll [2012.02.26 00:18:51 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll [2012.02.08 13:08:27 | 001,564,440 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.16 15:08:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\.freeciv [2012.02.08 12:42:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ASUS WebStorage [2012.05.17 12:37:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Babylon [2012.05.16 14:22:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Cocoon Software [2012.09.08 19:01:51 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2013.07.26 18:08:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoft [2013.07.26 18:07:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers [2013.07.26 13:51:43 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\eIntaller [2013.06.28 15:18:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\File Scout [2012.09.20 21:11:29 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Freemium [2013.07.26 18:03:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mp3tag [2013.03.30 17:16:15 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nokia [2013.03.30 17:16:15 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nokia Suite [2012.08.18 12:35:24 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nuance [2012.09.20 21:11:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenCandy [2012.12.17 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Opera [2012.03.19 21:17:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PC Suite [2013.07.26 19:20:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SoftGrid Client [2012.02.08 15:12:43 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TP [2012.09.20 21:13:04 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2013.01.12 03:34:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Wargaming.net [2012.03.13 21:45:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Windows Live Writer [2012.08.08 23:26:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:862BDB1A @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:957E9765 < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.07.2013 21:21:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 15,44% Memory free
7,82 Gb Paging File | 3,26 Gb Available in Paging File | 41,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,41 Gb Total Space | 23,54 Gb Free Space | 7,83% Space Free | Partition Type: NTFS
Drive D: | 373,22 Gb Total Space | 120,21 Gb Free Space | 32,21% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Dennis\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SPEEDbitVideoConverter] -- "C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe" -convert=%1 (SPEEDbit Ltd.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Dennis\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SPEEDbitVideoConverter] -- "C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe" -convert=%1 (SPEEDbit Ltd.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F0E9315-BE45-4613-AC05-0B66A7EDCCC8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{29E7C2D8-75F1-48D1-86BC-BFD7AD323ABE}" = rport=139 | protocol=6 | dir=out | app=system |
"{40685409-EF6D-4917-AB79-363E925610E1}" = lport=139 | protocol=6 | dir=in | app=system |
"{47C72676-90BB-4640-87A3-657AC0E73AA9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{55D441A1-29BD-42E9-82FF-AE5D98704820}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{58E72BCA-AAC9-445E-8C8C-08A77B305E14}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6105A0E9-3E9B-4B11-AE3D-9BC012C87928}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67AD0860-CC3A-4B9F-946F-DF18C549CFE3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6AB2D1B0-2C2D-4DA9-B18B-EAE0E50F2EB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{70C2B3F3-1F34-4BC9-AF9A-E2280243C8ED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{748CB872-727C-4742-8DF1-FBE2441BBF59}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CDB0B4B-9D77-428C-B72A-5FA1DF1B878E}" = rport=138 | protocol=17 | dir=out | app=system |
"{805CF2D5-CBE2-408F-A376-AC62CB8D88B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99DE6BCC-287A-481F-B324-B0708C1A2554}" = lport=445 | protocol=6 | dir=in | app=system |
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{A8C150B4-F6A5-4471-AD87-7719B23E2788}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9270C74-65BA-457D-8ED0-91D0A1858B90}" = lport=137 | protocol=17 | dir=in | app=system |
"{B676651C-007C-47B5-96B2-C89AFD2935D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B74B9974-8309-4D4B-9D78-85DF3DD1F659}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C7A8C9CF-5920-419B-8D86-267B5670F73A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D62E7AC8-B3D0-4BCB-ABF4-50AB7E7C7E7B}" = rport=445 | protocol=6 | dir=out | app=system |
"{D71B82F9-A67C-4AF6-855F-26CBDC07FECD}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD740C99-9E1F-4F6C-B12D-47581EBD0B95}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{DFEDFD4C-90D3-498C-A019-764994A05730}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E9BF3629-BBC2-4BDF-A1E9-6AA9D5936564}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0979CCBC-FC16-4E3C-B51C-BC350E42A2E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{09D1DC46-26F9-4E06-804D-8F32A9DF25FB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{16B9E514-4DE9-4E52-941E-8917DBD2307E}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{17D6824C-E403-44C7-8E32-CC92B27F9075}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1E369545-520B-43F1-BE64-92E0373FF338}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{2585DD95-3777-4D3B-8F25-C25F94F181C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{288DD202-16C2-4EA3-8AF3-E75446E0E3A4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"{38A6D1F7-2BE9-4F6D-A608-7A8CEC34191C}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{39BCF1A3-5AF3-4E7E-B3D2-4A03B3431CB1}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{4CA2ECDA-103C-46F4-99F7-1DEB28C72527}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5A5A1C10-D408-4DC4-A2DF-8E9688D04CB2}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{63A4B0CA-29F2-49D2-BB2A-01A5587611BC}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{6835EC21-1DE2-47CD-9EAE-24B7152634CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AF11C3C-DB4F-4FA4-9C22-1ADADD2C63BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6CCA79C6-AC53-43E7-93E5-8956507FABB2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7339D0B7-28D3-41E0-96C8-947B71D9BC1E}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{73A3BC8E-9938-43A4-874F-E439B36BD185}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{78CC96F5-053A-4D6C-8BC0-AAE8086175B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{79A4362B-0237-4089-BA1C-06FF7C8FDCA8}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{79CDCDBC-850C-4B07-A921-7ACD4D2C69B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F3F2858-12AF-48A0-91EA-682FB32FE7F6}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{7F81A4DF-E1A4-422B-AA2F-6C0C90BCA8B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8C175214-A31E-4CBA-8C2B-23C0526052BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{AC006DDE-9C16-40AD-9DA3-EFBB6EE91BFA}" = protocol=6 | dir=out | app=system |
"{B01B4F6E-9632-4FAC-91A3-D8D865CEB73B}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B5181AC3-39B1-409C-A157-68E6DD2225DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BBBC22CD-79AF-4F99-8927-86DB60FE259A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0877613-8A31-470B-A03B-C4481822FC8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C1037972-D67B-46A6-8A9B-F29E6EAB032D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D63CA58C-3C1D-4D38-9544-EEDAEE84DDCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D95E4CBF-DF5A-4661-A13D-AC3FA644047D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBE82048-47E5-42C5-A20E-0BC81CB64F27}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E09B4617-93F2-4EF1-9C4C-7062D5E88859}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E4DC1CD0-E63F-4785-8CA8-9697E24A81E5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E6C30F76-1E0D-48F6-83D6-B8AF71CDA072}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F8F48BAA-E751-4341-BA8F-56B79028BFB7}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{F9E40860-4AE8-483E-963D-D2C33F917172}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE880F54-B818-4173-A398-48441A037F35}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.572
"{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid
"{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{74AC7ECE-87E1-41F7-ABA2-5ED9B13CECFA}" = Windows Live Family Safety
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.39
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71277DC4-4217-462A-9FF4-62D7815B2C69}" = ADDICT-THING
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}" = Wireless Console 3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"1&1 Mail & Media GmbH 1und1DesktopIconsInstaller" = WEB.DE Desktop Icons
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"Free Audio Converter_is1" = Free Audio Converter version 5.0.27.725
"Game_Master_2.2 Toolbar" = Game Master 2.2 Toolbar
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"lyrix@lyrixeeker.co" = LyricXeeker
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.57
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.11.1661" = Opera 12.11
"SPEEDbit Video Downloader" = SpeedBit Video Downloader
"Submarine Titans" = Subm
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WiseConvert_1.3 Toolbar" = WiseConvert 1.3 Toolbar
"WNLT" = IB Updater Service
"WsysControl" = Wsys Control 1.0.0.2557
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.04.2013 09:06:53 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Error - 08.04.2013 09:08:45 | Computer Name = Dennis-PC | Source = Application Error
| ID = 1000
Error - 08.04.2013 09:50:16 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Error - 08.04.2013 09:57:47 | Computer Name = Dennis-PC | Source = Application Error
| ID = 1000
Error - 08.04.2013 09:59:38 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Error - 08.04.2013 10:23:00 | Computer Name = Dennis-PC | Source = Application Error
| ID = 1000
Error - 08.04.2013 10:23:03 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x10d8 Startzeit der fehlerhaften Anwendung: 0x01ce3461507259b5
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: d288d895-a057-11e2-9006-5404a6e0a73d
Error - 09.04.2013 08:54:37 | Computer Name = Dennis-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 09.04.2013 13:35:02 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Error - 09.04.2013 13:36:12 | Computer Name = Dennis-PC | Source = Application Error
| ID = 1000
Error - 09.04.2013 14:04:58 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Error - 10.04.2013 09:51:07 | Computer Name = Dennis-PC | Source = Customer Experience
Improvement Program | ID = 1008
Description =
Error - 10.04.2013 13:30:03 | Computer Name = Dennis-PC | Source = Customer Experience
Improvement Program | ID = 1008
Description =
Error - 10.04.2013 14:27:56 | Computer Name = Dennis-PC | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16470, Zeitstempel: 0x510c8801
Name des fehlerhaften Moduls: Grabber_pluginU.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ea97632
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0d983af8
ID des fehlerhaften Prozesses: 0x1d5c
Startzeit der fehlerhaften Anwendung: 0x01ce3610bc59db0e
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad des fehlerhaften Moduls: Grabber_pluginU.dll
Berichtskennung: 5ce25db6-a20c-11e2-9006-5404a6e0a73d
Error - 10.04.2013 15:42:59 | Computer Name = Dennis-PC | Source = Application Error
| ID = 1000
Error - 11.04.2013 11:34:15 | Computer Name = Dennis-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 11.04.2013 15:13:48 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Error - 13.04.2013 07:12:14 | Computer Name = Dennis-PC | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16476, Zeitstempel: 0x5126e7ac
Name des fehlerhaften Moduls: Grabber_pluginU.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ea97632
Ausnahmecode: 0xc0000005
Fehleroffset: 0x06303af8
ID des fehlerhaften Prozesses: 0x99c
Startzeit der fehlerhaften Anwendung: 0x01ce36f254ff481b
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad des fehlerhaften Moduls: Grabber_pluginU.dll
Berichtskennung: fdff3146-a42a-11e2-a55d-5404a6e0a73d
Error encountered while reading event logs.
< End of report >
Geändert von scar_curse (30.07.2013 um 21:23 Uhr) |
|
30.07.2013, 21:45
| #2 |
| /// TB-Ausbilder   | Virus drauf wird aber von Scanner nicht erkannt Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen. |
|
30.07.2013, 21:51
| #3 |
| /// TB-Ausbilder | Virus drauf wird aber von Scanner nicht erkannt Servus,
__________________AdwCleaner bitte zweimal direkt hintereinander genau so ausführen und beide Logdateien davon posten! Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte poste mit deiner nächsten Antwort
|
|
30.07.2013, 22:14
| #4 |
| | Virus drauf wird aber von Scanner nicht erkannt da ist die GMER datei die hatte oben keinen platz mehr Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-30 22:51:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0001 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dennis\AppData\Local\Temp\pwdirpog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031bb000 77 bytes [4C, 8D, 05, 99, 6D, 07, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 639 fffff800031bb04f 16 bytes {MOV RCX, [RSP+0x260]; XOR RCX, RSP; CALL 0xffffffffffd65081}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffce900d8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffce90148
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffce90110
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd25be40 8 bytes JMP 000007fffce901b8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe4f7490 11 bytes JMP 000007fffce90228
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe50bf00 7 bytes JMP 000007fffce90260
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c51d1b 5 bytes JMP 0000000173042450
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c51dc9 5 bytes JMP 00000001730424b0
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c52aa4 5 bytes JMP 0000000173042520
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c52d0a 5 bytes JMP 0000000173042670
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e8e9a2 5 bytes JMP 0000000173041a00
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e8ebdc 5 bytes JMP 0000000173041a90
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ac5ea5 5 bytes JMP 0000000173041ce0
.text C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075af9d0b 5 bytes JMP 0000000173041c70
.text C:\ProgramData\eSafe\eGdpSvc.exe[1568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760b1465 2 bytes [0B, 76]
.text C:\ProgramData\eSafe\eGdpSvc.exe[1568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760b14bb 2 bytes [0B, 76]
.text ... * 2
.text C:\Windows\system32\Dwm.exe[1876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffce900d8
.text C:\Windows\system32\Dwm.exe[1876] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffce90148
.text C:\Windows\system32\Dwm.exe[1876] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text C:\Windows\system32\Dwm.exe[1876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffce90110
.text C:\Windows\system32\Dwm.exe[1876] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text C:\Windows\system32\Dwm.exe[1876] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd25be40 8 bytes JMP 000007fffce901b8
.text C:\Windows\AsScrPro.exe[1092] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Windows\AsScrPro.exe[1092] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Windows\AsScrPro.exe[1092] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Windows\AsScrPro.exe[1092] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Windows\AsScrPro.exe[1092] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Windows\AsScrPro.exe[1092] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffce900d8
.text C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffce90148
.text C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffce90110
.text C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd25be40 8 bytes JMP 000007fffce901b8
.text C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe4f7490 11 bytes JMP 000007fffce90228
.text C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe50bf00 7 bytes JMP 000007fffce90260
.text C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
.text C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffce900d8
.text C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffce90148
.text C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffce90110
.text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffce900d8
.text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffce90148
.text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffce90110
.text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd25be40 8 bytes JMP 000007fffce901b8
.text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe4f7490 11 bytes JMP 000007fffce90228
.text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe50bf00 7 bytes JMP 000007fffce90260
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c51d1b 5 bytes JMP 0000000173042450
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c51dc9 5 bytes JMP 00000001730424b0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c52aa4 5 bytes JMP 0000000173042520
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c52d0a 5 bytes JMP 0000000173042670
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e8e9a2 5 bytes JMP 0000000173041a00
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e8ebdc 5 bytes JMP 0000000173041a90
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1996] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1996] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1996] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1996] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1996] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1996] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2028] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2028] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2028] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2028] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2028] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2028] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffce900d8
.text C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffce90148
.text C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffce90110
.text C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd25be40 8 bytes JMP 000007fffce901b8
.text C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe4f7490 11 bytes JMP 000007fffce90228
.text C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe50bf00 7 bytes JMP 000007fffce90260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffce900d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffce90148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffce90110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd25be40 8 bytes JMP 000007fffce901b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe4f7490 11 bytes JMP 000007fffce90228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe50bf00 7 bytes JMP 000007fffce90260
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffce900d8
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffce90148
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffce90110
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd25be40 8 bytes JMP 000007fffce901b8
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe4f7490 11 bytes JMP 000007fffce90228
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe50bf00 7 bytes JMP 000007fffce90260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffce900d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffce90148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffce90110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe4f7490 11 bytes JMP 000007fffce90228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe50bf00 7 bytes JMP 000007fffce90260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd25be40 8 bytes JMP 000007fffce901b8
.text C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffce900d8
.text C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffce90148
.text C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffce90110
.text C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd25be40 8 bytes JMP 000007fffce901b8
.text C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe4f7490 11 bytes JMP 000007fffce90228
.text C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe50bf00 7 bytes JMP 000007fffce90260
.text C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffcc800d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffcc80148
.text C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffcc80180
.text C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffcc80110
.text C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2589e0 8 bytes JMP 000007fffcc801f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd25be40 8 bytes JMP 000007fffcc801b8
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c51d1b 5 bytes JMP 0000000173042450
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c51dc9 5 bytes JMP 00000001730424b0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c52aa4 5 bytes JMP 0000000173042520
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c52d0a 5 bytes JMP 0000000173042670
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e8e9a2 5 bytes JMP 0000000173041a00
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e8ebdc 5 bytes JMP 0000000173041a90
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760b1465 2 bytes [0B, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760b14bb 2 bytes [0B, 76]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000070c311a8 2 bytes [C3, 70]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000070c313a8 2 bytes [C3, 70]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000070c31422 2 bytes [C3, 70]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000070c31498 2 bytes [C3, 70]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c51d1b 5 bytes JMP 0000000173042450
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c51dc9 5 bytes JMP 00000001730424b0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c52aa4 5 bytes JMP 0000000173042520
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c52d0a 5 bytes JMP 0000000173042670
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e8e9a2 5 bytes JMP 0000000173041a00
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e8ebdc 5 bytes JMP 0000000173041a90
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ac5ea5 5 bytes JMP 0000000173041ce0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075af9d0b 5 bytes JMP 0000000173041c70
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c51d1b 5 bytes JMP 0000000173042450
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c51dc9 5 bytes JMP 00000001730424b0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c52aa4 5 bytes JMP 0000000173042520
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c52d0a 5 bytes JMP 0000000173042670
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c51d1b 5 bytes JMP 0000000173042450
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c51dc9 5 bytes JMP 00000001730424b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c52aa4 5 bytes JMP 0000000173042520
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c52d0a 5 bytes JMP 0000000173042670
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c51d1b 5 bytes JMP 0000000173042450
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c51dc9 5 bytes JMP 00000001730424b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c52aa4 5 bytes JMP 0000000173042520
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c52d0a 5 bytes JMP 0000000173042670
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c51d1b 5 bytes JMP 0000000173042450
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c51dc9 5 bytes JMP 00000001730424b0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c52aa4 5 bytes JMP 0000000173042520
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c52d0a 5 bytes JMP 0000000173042670
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffce900d8
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffce90148
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffce90110
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd25be40 8 bytes JMP 000007fffce901b8
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe4f7490 11 bytes JMP 000007fffce90228
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe50bf00 7 bytes JMP 000007fffce90260
.text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c51d1b 5 bytes JMP 0000000173042450
.text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c51dc9 5 bytes JMP 00000001730424b0
.text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c52aa4 5 bytes JMP 0000000173042520
.text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c52d0a 5 bytes JMP 0000000173042670
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ac5ea5 5 bytes JMP 0000000173041ce0
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075af9d0b 5 bytes JMP 0000000173041c70
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d69640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffce900d8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffce90148
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffce90110
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd25be40 8 bytes JMP 000007fffce901b8
.text C:\Windows\system32\DllHost.exe[4840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcea3460 7 bytes JMP 000007fffce900d8
.text C:\Windows\system32\DllHost.exe[4840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9940 6 bytes JMP 000007fffce90148
.text C:\Windows\system32\DllHost.exe[4840] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text C:\Windows\system32\DllHost.exe[4840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefceaa150 5 bytes JMP 000007fffce90110
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760b1465 2 bytes [0B, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760b14bb 2 bytes [0B, 76]
.text ... * 2
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c51d1b 5 bytes JMP 0000000173042450
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c51dc9 5 bytes JMP 00000001730424b0
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c52aa4 5 bytes JMP 0000000173042520
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c52d0a 5 bytes JMP 0000000173042670
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e8e9a2 5 bytes JMP 0000000173041a00
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e8ebdc 5 bytes JMP 0000000173041a90
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ac5ea5 5 bytes JMP 0000000173041ce0
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075af9d0b 5 bytes JMP 0000000173041c70
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760b1465 2 bytes [0B, 76]
.text C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760b14bb 2 bytes [0B, 76]
.text ... * 2
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000766f1429 7 bytes JMP 0000000173041e90
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007670b223 5 bytes JMP 0000000173041da0
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767888f4 7 bytes JMP 0000000173041d90
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076788979 5 bytes JMP 0000000173041e80
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076788ccf 3 bytes JMP 0000000173041e10
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4 0000000076788cd3 1 byte [FC]
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c51d1b 5 bytes JMP 0000000173042450
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c51dc9 5 bytes JMP 00000001730424b0
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c52aa4 5 bytes JMP 0000000173042520
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c52d0a 5 bytes JMP 0000000173042670
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e8e9a2 5 bytes JMP 0000000173041a00
.text C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e8ebdc 5 bytes JMP 0000000173041a90
---- Kernel IAT/EAT - GMER 2.1 ----
IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004b76d18] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd502bbc
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd502bbc (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
---- EOF - GMER 2.1 ----
1. Code:
ATTFilter # AdwCleaner v2.306 - Datei am 30/07/2013 um 22:59:22 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dennis - DENNIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk
Datei Desinfiziert : C:\Users\Dennis\Desktop\WEB.DE.lnk
Datei Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\Public\Desktop\Opera.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ypoje2mk.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\Dennis\Desktop\SPEEDbit Video Downloader.lnk
Datei Gelöscht : C:\Users\UpdatusUser\Desktop\SPEEDbit Video Downloader.lnk
Gelöscht mit Neustart : C:\ProgramData\eSafe
Gelöscht mit Neustart : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Speedbit
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Freemium
Ordner Gelöscht : C:\Program Files (x86)\SearchPredict
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\Speedbit Video Downloader
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\WiseConvert_1.3
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\Speedbit
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Dennis\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Dennis\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Dennis\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Dennis\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Dennis\AppData\LocalLow\delta
Ordner Gelöscht : C:\Users\Dennis\AppData\LocalLow\Speedbit
Ordner Gelöscht : C:\Users\Dennis\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Dennis\AppData\LocalLow\WiseConvert_1.3
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\Freemium
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523
Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\WiseConvert_1.3
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SpeedBit
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\dedc8de73ce444
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3176986
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3242337
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B}
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\SpeedBit
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\Software\WiseConvert_1.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\dedc8de73ce444
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A292B31-8E42-4D7F-9AD5-640305FC3455}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A054DDEA-7F78-4158-BFC1-6DD5F0C07F07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{71277DC4-4217-462A-9FF4-62D7815B2C69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{774C0434-9948-4DEE-A14E-69CDD316E36C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_1.3 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ypoje2mk.default\prefs.js
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ypoje2mk.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultenginename", "qvo6");
Gelöscht : user_pref("browser.search.order.1", "qvo6");
Gelöscht : user_pref("browser.search.selectedEngine", "qvo6");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid[...]
-\\ Opera v12.11.1661.0
Datei : C:\Users\Dennis\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [30157 octets] - [30/07/2013 22:57:52]
AdwCleaner[S1].txt - [413 octets] - [30/07/2013 22:58:32]
AdwCleaner[S2].txt - [27316 octets] - [30/07/2013 22:59:22]
########## EOF - C:\AdwCleaner[S2].txt - [27377 octets] ##########
Code:
ATTFilter # AdwCleaner v2.306 - Datei am 30/07/2013 um 23:03:40 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dennis - DENNIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\ProgramData\eSafe
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ypoje2mk.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.11.1661.0
Datei : C:\Users\Dennis\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [30157 octets] - [30/07/2013 22:57:52]
AdwCleaner[S1].txt - [413 octets] - [30/07/2013 22:58:32]
AdwCleaner[S2].txt - [27377 octets] - [30/07/2013 22:59:22]
AdwCleaner[S3].txt - [1178 octets] - [30/07/2013 23:03:40]
########## EOF - C:\AdwCleaner[S3].txt - [1238 octets] ##########
ich hab es auf dem desktop gespeichert und mit doppelklick geöffnet der bildschirm wird kurz schwarz und ich werde gefragt ob ich ich das program ausführen möchte jedoch öffnet sich dann die cmd funktion und nicht das programm |
|
30.07.2013, 22:27
| #5 |
| /// TB-Ausbilder | Virus drauf wird aber von Scanner nicht erkannt Servus, alles klar. So geht es weiter: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
Bitte poste mit deiner nächsten Antwort
|
|
30.07.2013, 22:58
| #6 |
| | Virus drauf wird aber von Scanner nicht erkannt 1. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by Dennis at 2013-07-30 23:40:22
Running from C:\Users\Dennis\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
7-Zip 9.20 (x32)
Adobe AIR (x32 Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.3.300.262)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Apple Software Update (x32 Version: 2.1.3.127)
ASUS AI Recovery (x32 Version: 1.0.14)
ASUS FancyStart (x32 Version: 1.1.0)
ASUS LifeFrame3 (x32 Version: 3.0.30)
ASUS Live Update (x32 Version: 2.5.9)
ASUS Power4Gear Hybrid (Version: 1.1.45)
ASUS SmartLogon (x32 Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031)
ASUS USB Charger Plus (x32 Version: 2.0.0)
ASUS Virtual Camera (x32 Version: 1.0.21)
ASUS WebStorage (x32 Version: 3.0.84.161)
ASUS_Screensaver (x32)
AsusVibe2.0 (x32 Version: 2.0.10.168)
Atheros Client Installation Program (x32 Version: 7.0)
ATK Package (x32 Version: 1.0.0010)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink Power2Go (x32 Version: 6.1.3602c)
D3DX10 (x32 Version: 15.4.2368.0902)
dows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
ETDWare PS/2-X64 8.0.5.1_WHQL (Version: 8.0.5.1)
Fast Boot (Version: 1.0.9)
Free Audio Converter version 5.0.27.725 (x32 Version: 5.0.27.725)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Game Master 2.2 Toolbar (x32 Version: 6.8.8.8)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2345)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
Intel(R) Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Java Auto Updater (x32 Version: 2.0.7.1)
Java(TM) 6 Update 35 (x32 Version: 6.0.350)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
LyricXeeker (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Age of Empires II (x32)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mp3tag v2.57 (x32 Version: v2.57)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA 3D Vision Driver 268.39 (Version: 268.39)
NVIDIA Control Panel 268.39 (Version: 268.39)
NVIDIA Graphics Driver 268.39 (Version: 268.39)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.265.41.0)
NVIDIA Optimus 1.0.21 (Version: 1.0.21)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6839)
NVIDIA Update Components (Version: 1.0.21)
Opera 12.11 (x32 Version: 12.11.1661)
PC Connectivity Solution (x32 Version: 12.0.76.0)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6370)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10008)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Safari (x32 Version: 5.34.57.2)
Skype™ 6.6 (x32 Version: 6.6.106)
Subm (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.1 (x32 Version: 2.0.1)
WEB.DE Desktop Icons (x32 Version: 3.0.3.0)
WEB.DE MailCheck für Internet Explorer (x32 Version: 2.3.0.2)
WEB.DE Softwareaktualisierung (x32 Version: 3.0.0.54)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
WinFlash (x32 Version: 2.31.1)
Wireless Console 3 (x32 Version: 3.0.21)
Wsys Control 1.0.0.2557 (x32 Version: 1.0.0.2557)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2)
بريد Windows Live (x32 Version: 15.4.3502.0922)
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (x32 Version: 15.4.5722.2)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)
==================== Restore Points =========================
11-07-2013 17:49:06 Windows Update
12-07-2013 10:34:24 Windows Update
15-07-2013 16:47:00 Windows Update
19-07-2013 19:19:03 Windows Update
23-07-2013 21:22:58 Windows Update
30-07-2013 18:26:19 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0A2C9622-2967-457B-A8F3-53A6E0ABD828} - System32\Tasks\{256FB39D-C251-4D6A-B10B-ED825BA971DD} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2012-02-24] (ASUSTek Computer Inc. All rights reserved.)
Task: {1050AD81-E528-4B53-AEA4-010C5C2313D4} - System32\Tasks\0 => c:\program files (x86)\internet explorer\iexplore.exe [2013-06-12] (Microsoft Corporation)
Task: {1A93CB1A-E1BD-4C13-9CE6-ED922A170C2D} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {26F970D9-4D44-4AFE-85E4-D8CE2E38317C} - System32\Tasks\{416E4BA4-122F-4F04-AC9B-8DC425C99D68} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2012-02-24] (ASUSTek Computer Inc. All rights reserved.)
Task: {2CB4D07E-1781-4293-B12E-F6E4844D15D2} - System32\Tasks\{EC8E078C-6E70-4F26-A581-C3D815E4A4D1} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2012-02-24] (ASUSTek Computer Inc. All rights reserved.)
Task: {2FCE27AE-DD5F-45B9-865D-C30401E4186B} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-05-28] (1&1 Mail & Media GmbH)
Task: {3146C871-7D0F-4862-95F1-157757C760FB} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {3AD4A51E-CA5E-4F21-B0E9-27D498D67BBA} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\Freemium\SystemStore\SoftwareUpdater.Ui.exe No File
Task: {4674F621-F03C-4E74-8C28-AC20B809681F} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {4F3DBD28-41E9-40E4-B53A-04F8AD275922} - System32\Tasks\User_Feed_Synchronization-{9CE161BE-C868-4170-8D65-42CBEDB67714} => C:\Windows\system32\msfeedssync.exe [2013-05-21] (Microsoft Corporation)
Task: {59E0D563-FCD2-4E9D-A571-1B3EF1C12EC2} - System32\Tasks\SBWUpdateTask_Logon_f82dc085-74DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe No File
Task: {648B735B-2980-44BB-A6CC-72BFDCA33E39} - System32\Tasks\SBWUpdateTask_Logon_f82dc085-72DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe No File
Task: {675F432B-70A4-4E9B-AD46-0EC548AD878C} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {69DF53D2-2F33-4258-A8DE-4324F3474211} - System32\Tasks\4790 => C:\Windows\System32\wscript.exe [2009-07-14] (Microsoft Corporation)
Task: {6F96ADF5-13C6-4F37-8E78-1ABBBB3A2A3A} - System32\Tasks\Software Updater => C:\Program Files (x86)\Freemium\SystemStore\SoftwareUpdater.Bootstrapper.exe No File
Task: {74EA2B2C-602C-4438-8B51-44013C7E3DE8} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {77CC950E-D0BC-45EF-984C-062BC44453E9} - System32\Tasks\SBWUpdateTask_Time_f82dc085-72DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe No File
Task: {83B19DC2-4BFD-465C-898D-73DBF9DDEAED} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001Core => C:\Users\Dennis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {88C93C42-6E5F-4A78-8B58-E5E84C28475B} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {8B9F31DD-3EA9-4A93-BFB4-2D793D5AD765} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {9FB4123A-75EA-4F5E-9C3F-F6537272089B} - System32\Tasks\SBWUpdateTask_Time_f82dc085-74DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe No File
Task: {A570762B-1CB4-477D-82A6-B887AD28FE0D} - System32\Tasks\{5E11B9D6-A813-45CB-894C-FD53CF3F993A} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2012-02-24] (ASUSTek Computer Inc. All rights reserved.)
Task: {AC06D0D1-5DEC-4177-926B-F9A24A30351E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {C0105737-D9D6-4D4A-BE1E-09A8A80611CC} - \AdobeFlashPlayerUpdate 2 No Task File
Task: {C765FB13-E859-4D13-8B04-400BC1FE2941} - \AdobeFlashPlayerUpdate No Task File
Task: {CAF1954D-2BDA-4EB4-919D-17C2A2C0A0AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CFF59FC2-5C13-45B8-A38C-656C9A6900DD} - System32\Tasks\LyricXeeker Update => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe [2013-07-25] (LyriXeeker Tech)
Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {D8984D72-2216-45C2-833A-3D07CE812542} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001UA => C:\Users\Dennis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {E3D2E2B1-3959-4BC5-91EB-37D6526E5694} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-06-01] (ASUS)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001Core.job => C:\Users\Dennis\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001UA.job => C:\Users\Dennis\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/30/2013 10:48:35 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (07/30/2013 09:27:00 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16635 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2fe0
Startzeit: 01ce8d582194a826
Endzeit: 62
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (07/30/2013 09:00:49 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (07/30/2013 02:16:36 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (07/29/2013 11:38:08 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: grabber.dll, Version: 1.1.5.0, Zeitstempel: 0x4ea9764b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001384e
ID des fehlerhaften Prozesses: 0x88c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (07/29/2013 08:19:48 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (07/29/2013 08:12:24 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (07/26/2013 07:03:09 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (07/26/2013 03:03:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: IEFRAME.dll, Version: 10.0.9200.16635, Zeitstempel: 0x51b7abdb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00209d07
ID des fehlerhaften Prozesses: 0x1c9c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (07/26/2013 02:56:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bfdf
ID des fehlerhaften Prozesses: 0x3e54
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
System errors:
=============
Error: (07/30/2013 11:15:43 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Wsys Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/30/2013 11:06:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.
Error: (07/30/2013 11:04:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2147024882
Error: (07/30/2013 11:02:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.
Error: (07/30/2013 10:38:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.
Error: (07/30/2013 10:37:01 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 30.07.2013 um 22:36:09 unerwartet heruntergefahren.
Error: (07/30/2013 10:36:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/30/2013 10:36:04 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AeLookupSvc erreicht.
Error: (07/30/2013 10:35:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iphlpsvc erreicht.
Error: (07/30/2013 10:34:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.
Microsoft Office Sessions:
=========================
Error: (07/30/2013 10:48:35 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (07/30/2013 09:27:00 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.166352fe001ce8d582194a82662C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (07/30/2013 09:00:49 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (07/30/2013 02:16:36 PM) (Source: Windows Backup)(User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (07/29/2013 11:38:08 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921grabber.dll1.1.5.04ea9764bc00000050001384e88c01ce8ca3419b236bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\grabber.dll28547264-f897-11e2-8f95-5404a6e0a73d
Error: (07/29/2013 08:19:48 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (07/29/2013 08:12:24 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (07/26/2013 07:03:09 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (07/26/2013 03:03:49 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921IEFRAME.dll10.0.9200.1663551b7abdbc000000500209d071c9c01ce8a005d740bf2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\IEFRAME.dllcfe4c947-f5f3-11e2-a755-5404a6e0a73d
Error: (07/26/2013 02:56:21 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.177254ec4aa8ec0000005000000000002bfdf3e5401ce89ff2b922004C:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dllc4e75546-f5f2-11e2-a755-5404a6e0a73d
CodeIntegrity Errors:
===================================
Date: 2013-07-24 14:27:47.763
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-24 14:27:47.747
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-24 14:27:47.747
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-24 14:27:47.732
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-24 14:27:47.732
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-24 14:27:47.716
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-14 14:51:12.678
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-14 14:51:12.676
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-14 14:51:12.673
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-14 14:51:12.649
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 4004.97 MB
Available physical RAM: 1927.63 MB
Total Pagefile: 8008.13 MB
Available Pagefile: 5416.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:300.41 GB) (Free:23.8 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:373.22 GB) (Free:120.21 GB) NTFS (Disk=0 Partition=3)
Drive e: (KRD10) (CDROM) (Total:0.23 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: AE14F3C6)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=373 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Dennis (administrator) on 30-07-2013 23:39:57
Running from C:\Users\Dennis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2213992 2011-05-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-30] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
HKCU\...\Run: [Facebook Update] - C:\Users\Dennis\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Syncables] - C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {7bb70e58-71e1-11e1-9bd0-5404a6e0a73d} - F:\NokiaPCIA_Autorun.exe
MountPoints2: {8506d0cc-5eea-11e1-a99b-5404a6e0a73d} - F:\NokiaPCIA_Autorun.exe
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [USBChargerPlusTray] - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [496560 2011-04-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-03-04] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1519680 2013-07-01] (1und1 Mail und Media GmbH)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-04-28] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [193128 2011-04-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: (No Name) - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {D8ABEA3F-1283-4DA7-BE65-E40597C4948C} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {1F4D59AD-0B58-4A7F-8954-0DCE61660B4B} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {8E354526-36E3-46CF-8F74-BC804D385922} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C1F821C0-7823-4701-BB8D-3886288006DD} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C2798CF1-011A-4461-AD6B-DB704AB54A9D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
SearchScopes: HKCU - {D8ABEA3F-1283-4DA7-BE65-E40597C4948C} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: LyricXeeker - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files (x86)\LyriXeeker\125.dll (LyriXeeker Tech)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Game Master 2.2 Toolbar - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Game Master 2.2 Toolbar - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - No Name - {D8215D9C-81ED-4E53-B420-BFCDBAC4734D} - No File
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ypoje2mk.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: m2k - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\profiles\extensions\m2k@m2kdownloader.com.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi
FF Extension: No Name - C:\Program Files (x86)\LyriXeeker\125.xpi
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-03-04] (Kaspersky Lab ZAO)
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [376896 2013-07-26] (Wsys Co., Ltd.)
==================== Drivers (Whitelisted) ====================
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-03-04] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-03-04] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-26] (Kaspersky Lab ZAO)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-30 23:39 - 2013-07-30 23:39 - 01781589 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2013-07-30 23:39 - 2013-07-30 23:39 - 00000000 ____D C:\FRST
2013-07-30 23:11 - 2013-07-30 23:11 - 00003114 _____ C:\Windows\System32\Tasks\{4825769C-57C4-460C-A7FF-AB316724BF5A}
2013-07-30 23:10 - 2013-07-30 23:10 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 23:09 - 2013-07-30 23:10 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Dennis\Desktop\JRT.exe
2013-07-30 23:05 - 2013-07-30 23:06 - 00001307 _____ C:\Users\Dennis\Desktop\AdwCleaner[S3].txt
2013-07-30 23:03 - 2013-07-30 23:04 - 00001307 _____ C:\AdwCleaner[S3].txt
2013-07-30 23:03 - 2013-07-30 23:03 - 00027377 _____ C:\Users\Dennis\Desktop\AdwCleaner[S2].txt
2013-07-30 22:59 - 2013-07-30 23:04 - 00000216 _____ C:\Windows\DeleteOnReboot.bat
2013-07-30 22:59 - 2013-07-30 22:59 - 00027377 _____ C:\AdwCleaner[S2].txt
2013-07-30 22:58 - 2013-07-30 22:58 - 00000413 _____ C:\AdwCleaner[S1].txt
2013-07-30 22:57 - 2013-07-30 22:58 - 00030157 _____ C:\AdwCleaner[R1].txt
2013-07-30 22:56 - 2013-07-30 22:57 - 00666633 _____ C:\Users\Dennis\Desktop\adwcleaner.exe
2013-07-30 22:51 - 2013-07-30 22:51 - 00070852 _____ C:\Users\Dennis\Desktop\Gmer.txt
2013-07-30 22:33 - 2013-07-30 22:33 - 00274544 _____ C:\Windows\Minidump\073013-23322-01.dmp
2013-07-30 21:30 - 2013-07-30 21:30 - 00082330 _____ C:\Users\Dennis\Desktop\Extras.Txt
2013-07-30 21:29 - 2013-07-30 21:29 - 00120542 _____ C:\Users\Dennis\Desktop\OTL.Txt
2013-07-30 21:20 - 2013-07-30 21:21 - 00602112 _____ (OldTimer Tools) C:\Users\Dennis\Desktop\OTL.exe
2013-07-30 21:16 - 2013-07-30 21:17 - 00000474 _____ C:\Users\Dennis\Desktop\defogger_disable.log
2013-07-30 21:16 - 2013-07-30 21:16 - 00000000 _____ C:\Users\Dennis\defogger_reenable
2013-07-26 18:08 - 2013-07-26 18:08 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-07-26 17:58 - 2013-07-26 18:03 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Mp3tag
2013-07-26 17:57 - 2013-07-26 17:57 - 00000985 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-07-26 17:57 - 2013-07-26 17:57 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-07-26 13:52 - 2013-07-30 23:11 - 00000000 ____D C:\ProgramData\eSafe
2013-07-26 13:51 - 2013-07-30 23:05 - 00000390 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-26 13:51 - 2013-07-26 13:51 - 00003040 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-26 13:51 - 2013-07-26 13:51 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-07-26 13:50 - 2013-07-26 13:50 - 00001087 _____ C:\Users\Dennis\Desktop\Continue Download Helper Installation.lnk
2013-07-15 18:48 - 2013-07-15 18:51 - 00000000 ____D C:\Windows\system32\MRT
2013-07-14 21:42 - 2013-07-14 21:42 - 00000000 ____D C:\Users\Dennis\AppData\Local\{FC85F24E-B059-4C37-8F7F-746C878660C3}
2013-07-13 13:16 - 2013-07-13 13:16 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-07-13 13:16 - 2013-07-13 13:16 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-07-12 12:42 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 12:42 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 12:42 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 12:42 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 12:42 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 12:42 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 12:42 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 12:42 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 12:42 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 12:42 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 12:42 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 12:42 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 12:42 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 12:42 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 12:42 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 12:42 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 12:41 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 12:41 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 12:41 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 12:41 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 12:41 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 12:41 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 12:41 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 12:41 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 12:41 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 12:41 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 12:41 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 12:41 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 12:41 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 12:41 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 12:41 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 20:29 - 2013-07-30 22:59 - 00001055 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-11 20:29 - 2013-07-11 20:29 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-11 20:29 - 2013-07-11 20:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-11 20:06 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 20:06 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 20:06 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 20:06 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 19:59 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 19:49 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 19:49 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 21:48 - 2013-07-03 21:48 - 00003876 _____ C:\Windows\System32\Tasks\Registration 1und1 Task
2013-07-03 20:45 - 2013-07-03 20:45 - 00000000 ____D C:\ProgramData\UUdb
2013-06-30 14:41 - 2013-06-30 14:41 - 00000000 ____D C:\Users\Dennis\AppData\Local\{C92EA9FA-C31B-4172-9B08-B72A53D49253}
==================== One Month Modified Files and Folders =======
2013-07-30 23:39 - 2013-07-30 23:39 - 01781589 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2013-07-30 23:39 - 2013-07-30 23:39 - 00000000 ____D C:\FRST
2013-07-30 23:39 - 2012-02-26 15:01 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Skype
2013-07-30 23:14 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 23:14 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 23:11 - 2013-07-30 23:11 - 00003114 _____ C:\Windows\System32\Tasks\{4825769C-57C4-460C-A7FF-AB316724BF5A}
2013-07-30 23:11 - 2013-07-26 13:52 - 00000000 ____D C:\ProgramData\eSafe
2013-07-30 23:10 - 2013-07-30 23:10 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 23:10 - 2013-07-30 23:09 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Dennis\Desktop\JRT.exe
2013-07-30 23:08 - 2012-03-07 16:25 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-30 23:06 - 2013-07-30 23:05 - 00001307 _____ C:\Users\Dennis\Desktop\AdwCleaner[S3].txt
2013-07-30 23:06 - 2011-12-07 00:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-30 23:05 - 2013-07-26 13:51 - 00000390 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-30 23:05 - 2012-10-14 15:21 - 00017991 _____ C:\Windows\setupact.log
2013-07-30 23:05 - 2012-02-08 12:37 - 00000000 ___HD C:\ASUS.DAT
2013-07-30 23:05 - 2011-12-07 00:59 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-07-30 23:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 23:04 - 2013-07-30 23:03 - 00001307 _____ C:\AdwCleaner[S3].txt
2013-07-30 23:04 - 2013-07-30 22:59 - 00000216 _____ C:\Windows\DeleteOnReboot.bat
2013-07-30 23:03 - 2013-07-30 23:03 - 00027377 _____ C:\Users\Dennis\Desktop\AdwCleaner[S2].txt
2013-07-30 23:00 - 2011-12-07 00:27 - 01398291 _____ C:\Windows\WindowsUpdate.log
2013-07-30 22:59 - 2013-07-30 22:59 - 00027377 _____ C:\AdwCleaner[S2].txt
2013-07-30 22:59 - 2013-07-11 20:29 - 00001055 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-30 22:59 - 2013-05-21 19:26 - 00001050 _____ C:\Users\Dennis\Desktop\WEB.DE.lnk
2013-07-30 22:59 - 2013-05-21 18:53 - 00001080 _____ C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk
2013-07-30 22:59 - 2012-12-17 19:19 - 00000969 _____ C:\Users\Public\Desktop\Opera.lnk
2013-07-30 22:59 - 2012-02-08 12:38 - 00000999 _____ C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-30 22:58 - 2013-07-30 22:58 - 00000413 _____ C:\AdwCleaner[S1].txt
2013-07-30 22:58 - 2013-07-30 22:57 - 00030157 _____ C:\AdwCleaner[R1].txt
2013-07-30 22:57 - 2013-07-30 22:56 - 00666633 _____ C:\Users\Dennis\Desktop\adwcleaner.exe
2013-07-30 22:51 - 2013-07-30 22:51 - 00070852 _____ C:\Users\Dennis\Desktop\Gmer.txt
2013-07-30 22:33 - 2013-07-30 22:33 - 00274544 _____ C:\Windows\Minidump\073013-23322-01.dmp
2013-07-30 22:33 - 2013-01-03 22:43 - 00000000 ____D C:\Windows\Minidump
2013-07-30 22:01 - 2012-02-19 23:21 - 00001142 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001UA.job
2013-07-30 21:35 - 2012-02-17 15:02 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\DVDVideoSoft
2013-07-30 21:30 - 2013-07-30 21:30 - 00082330 _____ C:\Users\Dennis\Desktop\Extras.Txt
2013-07-30 21:29 - 2013-07-30 21:29 - 00120542 _____ C:\Users\Dennis\Desktop\OTL.Txt
2013-07-30 21:29 - 2013-05-22 18:58 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9CE161BE-C868-4170-8D65-42CBEDB67714}
2013-07-30 21:21 - 2013-07-30 21:20 - 00602112 _____ (OldTimer Tools) C:\Users\Dennis\Desktop\OTL.exe
2013-07-30 21:17 - 2013-07-30 21:16 - 00000474 _____ C:\Users\Dennis\Desktop\defogger_disable.log
2013-07-30 21:16 - 2013-07-30 21:16 - 00000000 _____ C:\Users\Dennis\defogger_reenable
2013-07-30 21:16 - 2012-02-08 12:37 - 00000000 ____D C:\Users\Dennis
2013-07-30 20:33 - 2012-04-02 22:13 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\vlc
2013-07-30 20:16 - 2011-02-19 06:24 - 00682942 _____ C:\Windows\system32\perfh007.dat
2013-07-30 20:16 - 2011-02-19 06:24 - 00139568 _____ C:\Windows\system32\perfc007.dat
2013-07-30 20:16 - 2009-07-14 07:13 - 01559994 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 14:06 - 2012-02-19 23:21 - 00001120 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001Core.job
2013-07-27 14:13 - 2011-12-07 00:57 - 00001471 _____ C:\Windows\system32\ServiceFilter.ini
2013-07-27 14:12 - 2011-04-13 03:39 - 00350790 _____ C:\Windows\PFRO.log
2013-07-26 19:20 - 2012-02-08 15:12 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\SoftGrid Client
2013-07-26 18:08 - 2013-07-26 18:08 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-07-26 18:03 - 2013-07-26 17:58 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Mp3tag
2013-07-26 17:57 - 2013-07-26 17:57 - 00000985 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-07-26 17:57 - 2013-07-26 17:57 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-07-26 13:51 - 2013-07-26 13:51 - 00003040 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-26 13:51 - 2013-07-26 13:51 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-07-26 13:50 - 2013-07-26 13:50 - 00001087 _____ C:\Users\Dennis\Desktop\Continue Download Helper Installation.lnk
2013-07-22 18:26 - 2012-10-15 14:54 - 00000000 ____D C:\Users\Dennis\Documents\Erörterung Schuluniform
2013-07-15 18:51 - 2013-07-15 18:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-14 21:42 - 2013-07-14 21:42 - 00000000 ____D C:\Users\Dennis\AppData\Local\{FC85F24E-B059-4C37-8F7F-746C878660C3}
2013-07-14 14:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-13 13:16 - 2013-07-13 13:16 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-07-13 13:16 - 2013-07-13 13:16 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-07-13 13:14 - 2012-04-04 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-13 13:14 - 2009-07-14 06:45 - 00277584 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 13:13 - 2012-05-15 13:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 13:13 - 2012-05-15 13:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 13:12 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 13:12 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 13:12 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 20:35 - 2012-03-20 20:49 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Mozilla
2013-07-11 20:29 - 2013-07-11 20:29 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-11 20:29 - 2013-07-11 20:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-11 20:15 - 2013-05-30 18:25 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Apple Computer
2013-07-11 19:54 - 2012-02-26 15:01 - 00000000 ____D C:\ProgramData\Skype
2013-07-11 19:53 - 2013-02-14 22:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-03 21:48 - 2013-07-03 21:48 - 00003876 _____ C:\Windows\System32\Tasks\Registration 1und1 Task
2013-07-03 20:45 - 2013-07-03 20:45 - 00000000 ____D C:\ProgramData\UUdb
2013-07-03 20:45 - 2013-05-21 18:52 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2013-06-30 14:41 - 2013-06-30 14:41 - 00000000 ____D C:\Users\Dennis\AppData\Local\{C92EA9FA-C31B-4172-9B08-B72A53D49253}
2013-06-30 12:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-24 14:27
==================== End Of Log ============================
--- --- --- Die systemlok datei is zu groß und ich weiß nich wie ich die zip datei senden soll |
|
30.07.2013, 23:22
| #7 |
| | Virus drauf wird aber von Scanner nicht erkannt ich habs jetzt auf zweimal aufgeteilt ich hoffe du kannst damit was anfangen Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 23:43 on 30/07/2013 by Dennis
Administrator - Elevation successful
No Context: *SoftwareUpdater*
No Context: *WsysControl*
No Context: *WsysSvc*
No Context: *SweetIM*
No Context: *WiseConvert*
No Context: *Web Assistant*
No Context: *Babylon*
No Context: *Conduit*
No Context: *Ilivid*
No Context: *PutLockerDownloader*
No Context: *Movie2KDownloader*
No Context: *DataMngr*
No Context: *Softonic*
========== folderfind ==========
Searching for "*qvo6*"
No folders found.
Searching for "*MyStart Search*"
No folders found.
Searching for "*Speedbit*"
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\SpeedBit d------ [22:19 25/02/2012]
Searching for "*eSafe*"
C:\ProgramData\eSafe d------ [11:52 26/07/2013]
C:\Users\All Users\eSafe d------ [11:52 26/07/2013]
Searching for "*Conduit*"
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\Repository\conduit_CT3176986_CT3176986 d------ [13:21 22/04/2012]
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\Repository\conduit_CT3176986_en d------ [13:21 22/04/2012]
Searching for "*Freemium*"
No folders found.
Searching for "*SearchPredict*"
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\SpeedBit\SearchPredict d------ [22:19 25/02/2012]
Searching for "*SoftwareUpdater*"
No folders found.
Searching for "*WsysControl*"
No folders found.
Searching for "*WsysSvc*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_01fdf556 d----c- [21:07 30/07/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_0545c6c7 d----c- [21:02 30/07/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_0c05e85b d----c- [20:38 30/07/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_0c11fc0a d----c- [20:35 30/07/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_1149e8c8 d----c- [12:14 27/07/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_01fdf556 d----c- [21:07 30/07/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_0545c6c7 d----c- [21:02 30/07/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_0c05e85b d----c- [20:38 30/07/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_0c11fc0a d----c- [20:35 30/07/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_1149e8c8 d----c- [12:14 27/07/2013]
Searching for "*SweetIM*"
No folders found.
Searching for "*WiseConvert*"
No folders found.
Searching for "*Web Assistant*"
No folders found.
Searching for "*Babylon*"
No folders found.
Searching for "*Conduit*"
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\Repository\conduit_CT3176986_CT3176986 d------ [13:21 22/04/2012]
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\Repository\conduit_CT3176986_en d------ [13:21 22/04/2012]
Searching for "*Ilivid*"
No folders found.
Searching for "*PutLockerDownloader*"
No folders found.
Searching for "*Movie2KDownloader*"
No folders found.
Searching for "*DataMngr*"
No folders found.
Searching for "*Softonic*"
No folders found.
========== regfind ==========
Searching for "qvo6"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="qvo6.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command]
@=""C:\Program Files (x86)\Opera\Opera.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Safari.exe\shell\open\command]
@=""C:\Program Files (x86)\Safari\Safari.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Opera\shell\open\command]
@=""C:\Program Files (x86)\Opera\Opera.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Safari.exe\shell\open\command]
@=""C:\Program Files (x86)\Safari\Safari.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="qvo6.com"
Searching for "MyStart Search"
No data found.
Searching for "Speedbit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SBCONVERT\Toolbar]
"toolbar_name"="SpeedBit Video Downloader"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SpeedBit]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.bab
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\TBU54\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\SPEEDbitVideoConverter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\SPEEDbitVideoConverter\command]
@=""C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe" -convert=%1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\0\win32]
@="C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\grabber.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\HELPDIR]
@="C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\0\win32]
@="C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\grabber.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\HELPDIR]
@="C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\GRRemove.exe"="WINXPSP2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\0\win32]
@="C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\grabber.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\HELPDIR]
@="C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:1]
"0"="hxxp://home.speedbit.com/?pid=%s&aid=%s"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:1]
"1"="hxxp://home.speedbit.com/?pid=%s&aid=%s"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:2]
"0"="hxxp://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:2]
"1"="Speedbit"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:2]
"2"="Speedbit"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:2]
"3"="hxxp://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:2]
"4"="Speedbit"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\Video Converter]
"EXELOCATION"="C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\Video Downloader]
"EXELOCATION"="C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SBCONVERT\Toolbar]
"toolbar_name"="SpeedBit Video Downloader"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SpeedBit]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\TBU54\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\Converter.exe"="ELEVATECREATEPROCESS"
Searching for "eSafe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eSafeSecControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eSafeSecControl]
"pid"="eSafe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP13\environment]
"CreateSafeBankingShortcut"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl]
"UninstallString"="C:\ProgramData\eSafe\eGdpSvc.exe -unsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl]
"DisplayIcon"="C:\ProgramData\eSafe\eGdpSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WsysSvc]
"ImagePath"="C:\ProgramData\eSafe\eGdpSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WsysSvc]
"ImagePath"="C:\ProgramData\eSafe\eGdpSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WsysSvc]
"ImagePath"="C:\ProgramData\eSafe\eGdpSvc.exe"
Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.bab
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"URL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"FaviconURL"="hxxp://search.conduit.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186EE49B-1BF8-49F7-A35F-046C26B4AE41}]
"AppPath"="C:\Users\Dennis\AppData\Local\Conduit\CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1578829]
"Url"="hxxp://alerts.conduit-services.com/root/1584626/1578829/DE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1686465]
"Url"="hxxp://alerts.conduit-services.com/root/1694750/1686465/DE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="hxxp://alert.client.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="hxxp://alert.services.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="hxxp://alert.storage.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="hxxp://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="hxxp://alerts.conduit-services.com/translation/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"GroupingServerURL"="hxxp://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"UsageURL"="hxxp://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"PrivacyPageURL"="hxxp://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"DisplayTrusteSeal"="hxxp://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"ClientLogURL"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"UninstallURL"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"AppsDetectionUrlPattern"="hxxp://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppRegisterUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppsMetaData]
"ServiceUrl"="hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppsSettings]
"ServiceUrl"="hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppTrackingFirstTime]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppTrackingUsage]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppUninstallUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\BrowserToolbarsInfo]
"ServiceUrl"="hxxp://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ClientErrorLog]
"ServiceUrl"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\DynamicDialogs]
"ServiceUrl"="hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\GottenAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\HostingUsage]
"ServiceUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\LocationService]
"ServiceUrl"="hxxp://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\OtherAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\RecoveryService]
"ServiceUrl"="hxxp://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\SearchInNewTabBlank]
"ServiceUrl"="hxxp://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\SearchSettings]
"ServiceUrl"="hxxp://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\SharedAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarAppComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarAppUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarGrouping]
"ServiceUrl"="hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarHiddenLogin]
"ServiceUrl"="hxxp://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarHiddenSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarHiddenSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarLogin]
"ServiceUrl"="hxxp://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettingsForPublisher]
"ServiceUrl"="hxxp://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettingsPublisherForSB]
"ServiceUrl"="hxxp://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarTranslation]
"ServiceUrl"="hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarUninstall]
"ServiceUrl"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\UninstallDialog]
"ServiceUrl"="hxxp://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\UninstallDialogUsage]
"ServiceUrl"="hxxp://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986_CT3176986]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986_en]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\1184528413]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\1937116224]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\1949336188]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\216373863]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\2193882660]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\2557620898]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\2887160320]
"dbname"="conduit_CT3176986_en"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\3232681265]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\3408848799]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\458075172]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176986&SearchSource=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\BackHandStorage\http___facebook_conduitapps_com_component_html_mode=2]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\BackHandStorage\http___storage_conduit_com_PS_ShoppingApp_V1_pgcb1_2_html_ctid=CT3176986]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="hxxp://search.conduit.com?SearchSource=10&ctid=CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\MyStuff]
"AddStuffLink"="hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\RadioPlayer]
"ServerUrl"="hxxp://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Update]
"ModuleURL"="hxxp://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Upgrade]
"ModuleURL"="hxxp://ieupgrade.conduit-download.com/IEUpgrade/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Weather]
"SearchServerUrl"="hxxp://search.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>GMXX0027</LOCATION_ID><DAYS><DAY1><DATE>20120621</DATE><DAY>Thursday</DAY><F_MIN>55</F_MIN><F_MAX>76</F_MAX><C_MIN>12</C_MIN><C_MAX>24</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>7</UV_INDEX><SUNSET>9:54 pm</SUNSET><SUNRISE>5:16 am</SUNRISE><MOONRISE>7:11 am</MOONRISE><MOONSET>10:50 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Thunderstorm</CONDITION_DESCRIPTION><CONDITION_ICON>hxxp://weather.conduit.com/images/weather/Default/thunderstorm_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120622</DATE><DAY>Friday</DAY><F_MIN>57</F_MIN><F_MAX>68</F_MAX><C_MIN>13</C_MIN><C_MAX>20</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>7</UV_INDEX><SUNSET>9:54 pm</SUNSET><SUNRISE>5:16 am</SUNRISE><MOONRISE>8:19 am</MOONRISE><MOONSET>11:17 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>S
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"GroupingServerURL"="hxxp://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"UsageURL"="hxxp://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"PrivacyPageURL"="hxxp://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"DisplayTrusteSeal"="hxxp://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"ClientLogURL"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"UninstallURL"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"AppsDetectionUrlPattern"="hxxp://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ABTestUsage]
"ServiceUrl"="hxxp://tb-test.conduit-data.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppRegisterUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppsMetaData]
"ServiceUrl"="hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppsSettings]
"ServiceUrl"="hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppTrackingFirstTime]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppTrackingUsage]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppUninstallUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\BrowserToolbarsInfo]
"ServiceUrl"="hxxp://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ClientErrorLog]
"ServiceUrl"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\DynamicDialogs]
"ServiceUrl"="hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\GottenAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\HostingUsage]
"ServiceUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\LocationService]
"ServiceUrl"="hxxp://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\OtherAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\RecoveryService]
"ServiceUrl"="hxxp://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\SearchInNewTabBlank]
"ServiceUrl"="hxxp://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\SearchSettings]
"ServiceUrl"="hxxp://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\SharedAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarAppComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarAppUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarGrouping]
"ServiceUrl"="hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarHiddenLogin]
"ServiceUrl"="hxxp://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarHiddenSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarHiddenSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarLogin]
"ServiceUrl"="hxxp://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettingsForPublisher]
"ServiceUrl"="hxxp://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettingsPublisherForSB]
"ServiceUrl"="hxxp://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarTranslation]
"ServiceUrl"="hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarUninstall]
"ServiceUrl"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\UninstallDialog]
"ServiceUrl"="hxxp://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\UninstallDialogUsage]
"ServiceUrl"="hxxp://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337_CT3242337]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337_de]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\1479446183]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\1505242532]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\176242965]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2198161339]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2358789027]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2385328035]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2405949718]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\3381618689]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\4022910144]
"dbname"="conduit_CT3242337_de"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\408928033]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\531889087]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\848826655]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3242337&SearchSource=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\BackHandStorage\http___storage_conduit_com_PS_ShoppingApp_V1_pgcb1_2_html_ctid=CT3242337]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="hxxp://search.conduit.com?SearchSource=10&ctid=CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\MyStuff]
"AddStuffLink"="hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\RadioPlayer]
"ServerUrl"="hxxp://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Update]
"ModuleURL"="hxxp://ieupdate.conduit.com/ver6.9.0.16/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Upgrade]
"ModuleURL"="hxxp://ieupgrade.conduit-download.com/IEUpgrade/ver6.9.0.16/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Weather]
"SearchServerUrl"="hxxp://search.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Weather\de]
"Forecast"="<FORECAST><LOCATION_ID>GMXX0128</LOCATION_ID><DAYS><DAY1><DATE>20120816</DATE><DAY>Donnerstag</DAY><F_MIN>58</F_MIN><F_MAX>77</F_MAX><C_MIN>14</C_MIN><C_MAX>25</C_MAX><UV_DESCRIPTION>Hoch</UV_DESCRIPTION><UV_INDEX>7</UV_INDEX><SUNSET>8:36 pm</SUNSET><SUNRISE>6:18 am</SUNRISE><MOONRISE>4:59 am</MOONRISE><MOONSET>7:34 pm</MOONSET><MOON_PHASE>Abnehmender Halbmond</MOON_PHASE><CONDITION_DESCRIPTION>Meistens sonnig</CONDITION_DESCRIPTION><CONDITION_ICON>hxxp://weather.conduit.com/images/weather/Default/sunny_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120817</DATE><DAY>Freitag</DAY><F_MIN>60</F_MIN><F_MAX>84</F_MAX><C_MIN>15</C_MIN><C_MAX>28</C_MAX><UV_DESCRIPTION>Hoch</UV_DESCRIPTION><UV_INDEX>6</UV_INDEX><SUNSET>8:34 pm</SUNSET><SUNRISE>6:19 am</SUNRISE><MOONRISE>6:09 am</MOONRISE><MOONSET>8:01 pm</MOONSET><MOON_PHASE>Neu</MOON_PHASE><CONDITION_DESCRIPTION>Sonnig</CON
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"URL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"FaviconURL"="hxxp://search.conduit.com/favicon.ico"
Searching for "Freemium"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c4e103af_0]
@="{0.0.0.00000000}.{bcd4b308-07c4-4c5c-b6c5-e7fe6a9a61b2}|\Device\HarddiskVolume2\Program Files (x86)\Freemium\TubeBox\TubeBox.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Freemium\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Freemium\SystemStore\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Freemium]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freemium_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freemium_RASMANCS]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c4e103af_0]
@="{0.0.0.00000000}.{bcd4b308-07c4-4c5c-b6c5-e7fe6a9a61b2}|\Device\HarddiskVolume2\Program Files (x86)\Freemium\TubeBox\TubeBox.exe%b{00000000-0000-0000-0000-000000000000}"
Searching for "SearchPredict"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SpeedBit\SearchPredict]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SearchPredict]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SpeedBit\SearchPredict]
Searching for "SoftwareUpdater"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\Nokia\Nokia Suite\plugins]
"SoftwareUpdater.dll"="40704 0 Windows msvc release full-config 2012-12-21T17:57:02"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\Nokia\Nokia Suite\plugins]
"SoftwareUpdater.dll"="40704 0 Windows msvc release full-config 2012-12-21T17:57:02"
Searching for "WsysControl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl]
Searching for "WsysSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\WsysSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WsysSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\WsysSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WsysSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WsysSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WsysSvc]
Searching for "SweetIM"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SweetIM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\update\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\contentdb\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4]
"4340C4778499EED41AE496DC3D613EC6"="C?\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C]
"4340C4778499EED41AE496DC3D613EC6"="C?\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6\InstallProperties]
"Contact"="SweetIM Technical Support Department"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6\InstallProperties]
"HelpLink"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6\InstallProperties]
"Publisher"="SweetIM Technologies Ltd."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6\InstallProperties]
"URLInfoAbout"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6\InstallProperties]
"URLUpdateInfo"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\sweetimsetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\sweetimsetup_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16B9E514-4DE9-4E52-941E-8917DBD2307E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5A5A1C10-D408-4DC4-A2DF-8E9688D04CB2}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16B9E514-4DE9-4E52-941E-8917DBD2307E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5A5A1C10-D408-4DC4-A2DF-8E9688D04CB2}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16B9E514-4DE9-4E52-941E-8917DBD2307E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5A5A1C10-D408-4DC4-A2DF-8E9688D04CB2}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SweetIM]
|
|
30.07.2013, 23:23
| #8 |
| | Virus drauf wird aber von Scanner nicht erkanntCode:
ATTFilter Searching for "WiseConvert"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"DisplayName"="WiseConvert 1.3 Customized Web Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert 1.3 Toolbar]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1686465]
"Title"="WiseConvert 1.3 Notifications"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"WebServerUrl"="hxxp://WiseConvert13.OurToolbar.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"DisplayName"="WiseConvert 1.3"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"BrowserOpenUrl"="hxxp://WiseConvert13.OurToolbar.com/SetupFinish"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"HomePageUrl"="hxxp://www.wiseconvert.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"RadioHelpUrl"="hxxp://WiseConvert13.OurToolbar.com/help/#2_5"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\BackHandStorage\http___wiseconvert_com_like_special_html]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"DisplayName"="WiseConvert 1.3 Customized Web Search"
Searching for "Web Assistant"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"product_name"="Web Assistant"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"="C:\Program Files\Web Assistant\Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"="C:\Program Files\Web Assistant\Firefox"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Web Assistant]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"product_name"="Web Assistant"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Web Assistant]
Searching for "Babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.bab
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q"
Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.bab
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"URL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"FaviconURL"="hxxp://search.conduit.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186EE49B-1BF8-49F7-A35F-046C26B4AE41}]
"AppPath"="C:\Users\Dennis\AppData\Local\Conduit\CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1578829]
"Url"="hxxp://alerts.conduit-services.com/root/1584626/1578829/DE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1686465]
"Url"="hxxp://alerts.conduit-services.com/root/1694750/1686465/DE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="hxxp://alert.client.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="hxxp://alert.services.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="hxxp://alert.storage.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="hxxp://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="hxxp://alerts.conduit-services.com/translation/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"GroupingServerURL"="hxxp://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"UsageURL"="hxxp://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"PrivacyPageURL"="hxxp://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"DisplayTrusteSeal"="hxxp://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"ClientLogURL"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"UninstallURL"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"AppsDetectionUrlPattern"="hxxp://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppRegisterUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppsMetaData]
"ServiceUrl"="hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppsSettings]
"ServiceUrl"="hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppTrackingFirstTime]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppTrackingUsage]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppUninstallUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\BrowserToolbarsInfo]
"ServiceUrl"="hxxp://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ClientErrorLog]
"ServiceUrl"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\DynamicDialogs]
"ServiceUrl"="hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\GottenAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\HostingUsage]
"ServiceUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\LocationService]
"ServiceUrl"="hxxp://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\OtherAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\RecoveryService]
"ServiceUrl"="hxxp://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\SearchInNewTabBlank]
"ServiceUrl"="hxxp://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\SearchSettings]
"ServiceUrl"="hxxp://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\SharedAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarAppComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarAppUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarGrouping]
"ServiceUrl"="hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarHiddenLogin]
"ServiceUrl"="hxxp://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarHiddenSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarHiddenSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarLogin]
"ServiceUrl"="hxxp://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettingsForPublisher]
"ServiceUrl"="hxxp://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettingsPublisherForSB]
"ServiceUrl"="hxxp://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarTranslation]
"ServiceUrl"="hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarUninstall]
"ServiceUrl"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\UninstallDialog]
"ServiceUrl"="hxxp://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\UninstallDialogUsage]
"ServiceUrl"="hxxp://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986_CT3176986]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986_en]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\1184528413]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\1937116224]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\1949336188]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\216373863]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\2193882660]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\2557620898]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\2887160320]
"dbname"="conduit_CT3176986_en"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\3232681265]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\3408848799]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\458075172]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176986&SearchSource=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\BackHandStorage\http___facebook_conduitapps_com_component_html_mode=2]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\BackHandStorage\http___storage_conduit_com_PS_ShoppingApp_V1_pgcb1_2_html_ctid=CT3176986]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="hxxp://search.conduit.com?SearchSource=10&ctid=CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\MyStuff]
"AddStuffLink"="hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\RadioPlayer]
"ServerUrl"="hxxp://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Update]
"ModuleURL"="hxxp://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Upgrade]
"ModuleURL"="hxxp://ieupgrade.conduit-download.com/IEUpgrade/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Weather]
"SearchServerUrl"="hxxp://search.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>GMXX0027</LOCATION_ID><DAYS><DAY1><DATE>20120621</DATE><DAY>Thursday</DAY><F_MIN>55</F_MIN><F_MAX>76</F_MAX><C_MIN>12</C_MIN><C_MAX>24</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>7</UV_INDEX><SUNSET>9:54 pm</SUNSET><SUNRISE>5:16 am</SUNRISE><MOONRISE>7:11 am</MOONRISE><MOONSET>10:50 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Thunderstorm</CONDITION_DESCRIPTION><CONDITION_ICON>hxxp://weather.conduit.com/images/weather/Default/thunderstorm_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120622</DATE><DAY>Friday</DAY><F_MIN>57</F_MIN><F_MAX>68</F_MAX><C_MIN>13</C_MIN><C_MAX>20</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>7</UV_INDEX><SUNSET>9:54 pm</SUNSET><SUNRISE>5:16 am</SUNRISE><MOONRISE>8:19 am</MOONRISE><MOONSET>11:17 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>S
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"GroupingServerURL"="hxxp://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"UsageURL"="hxxp://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"PrivacyPageURL"="hxxp://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"DisplayTrusteSeal"="hxxp://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"ClientLogURL"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"UninstallURL"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"AppsDetectionUrlPattern"="hxxp://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ABTestUsage]
"ServiceUrl"="hxxp://tb-test.conduit-data.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppRegisterUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppsMetaData]
"ServiceUrl"="hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppsSettings]
"ServiceUrl"="hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppTrackingFirstTime]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppTrackingUsage]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppUninstallUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\BrowserToolbarsInfo]
"ServiceUrl"="hxxp://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ClientErrorLog]
"ServiceUrl"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\DynamicDialogs]
"ServiceUrl"="hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\GottenAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\HostingUsage]
"ServiceUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\LocationService]
"ServiceUrl"="hxxp://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\OtherAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\RecoveryService]
"ServiceUrl"="hxxp://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\SearchInNewTabBlank]
"ServiceUrl"="hxxp://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\SearchSettings]
"ServiceUrl"="hxxp://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\SharedAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarAppComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarAppUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarGrouping]
"ServiceUrl"="hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarHiddenLogin]
"ServiceUrl"="hxxp://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarHiddenSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarHiddenSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarLogin]
"ServiceUrl"="hxxp://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettingsForPublisher]
"ServiceUrl"="hxxp://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettingsPublisherForSB]
"ServiceUrl"="hxxp://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarTranslation]
"ServiceUrl"="hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarUninstall]
"ServiceUrl"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\UninstallDialog]
"ServiceUrl"="hxxp://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\UninstallDialogUsage]
"ServiceUrl"="hxxp://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337_CT3242337]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337_de]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\1479446183]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\1505242532]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\176242965]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2198161339]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2358789027]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2385328035]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2405949718]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\3381618689]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\4022910144]
"dbname"="conduit_CT3242337_de"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\408928033]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\531889087]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\848826655]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3242337&SearchSource=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\BackHandStorage\http___storage_conduit_com_PS_ShoppingApp_V1_pgcb1_2_html_ctid=CT3242337]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="hxxp://search.conduit.com?SearchSource=10&ctid=CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\MyStuff]
"AddStuffLink"="hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\RadioPlayer]
"ServerUrl"="hxxp://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Update]
"ModuleURL"="hxxp://ieupdate.conduit.com/ver6.9.0.16/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Upgrade]
"ModuleURL"="hxxp://ieupgrade.conduit-download.com/IEUpgrade/ver6.9.0.16/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Weather]
"SearchServerUrl"="hxxp://search.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Weather\de]
"Forecast"="<FORECAST><LOCATION_ID>GMXX0128</LOCATION_ID><DAYS><DAY1><DATE>20120816</DATE><DAY>Donnerstag</DAY><F_MIN>58</F_MIN><F_MAX>77</F_MAX><C_MIN>14</C_MIN><C_MAX>25</C_MAX><UV_DESCRIPTION>Hoch</UV_DESCRIPTION><UV_INDEX>7</UV_INDEX><SUNSET>8:36 pm</SUNSET><SUNRISE>6:18 am</SUNRISE><MOONRISE>4:59 am</MOONRISE><MOONSET>7:34 pm</MOONSET><MOON_PHASE>Abnehmender Halbmond</MOON_PHASE><CONDITION_DESCRIPTION>Meistens sonnig</CONDITION_DESCRIPTION><CONDITION_ICON>hxxp://weather.conduit.com/images/weather/Default/sunny_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120817</DATE><DAY>Freitag</DAY><F_MIN>60</F_MIN><F_MAX>84</F_MAX><C_MIN>15</C_MIN><C_MAX>28</C_MAX><UV_DESCRIPTION>Hoch</UV_DESCRIPTION><UV_INDEX>6</UV_INDEX><SUNSET>8:34 pm</SUNSET><SUNRISE>6:19 am</SUNRISE><MOONRISE>6:09 am</MOONRISE><MOONSET>8:01 pm</MOONSET><MOON_PHASE>Neu</MOON_PHASE><CONDITION_DESCRIPTION>Sonnig</CON
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"URL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"FaviconURL"="hxxp://search.conduit.com/favicon.ico"
Searching for "Ilivid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e73434e_0]
@="{0.0.0.00000000}.{bcd4b308-07c4-4c5c-b6c5-e7fe6a9a61b2}|\Device\HarddiskVolume2\Program Files (x86)\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e73434e_0]
@="{0.0.0.00000000}.{bcd4b308-07c4-4c5c-b6c5-e7fe6a9a61b2}|\Device\HarddiskVolume2\Program Files (x86)\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
Searching for "PutLockerDownloader"
No data found.
Searching for "Movie2KDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn]
"path"="C:\Program Files (x86)\Movie2KDownloader.com\m2kDownloader10.crx"
Searching for "DataMngr"
No data found.
Searching for "Softonic"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.bab
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_blackList"="form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic-tbsbox-en-us|src=tlbvw|sap=tr|src=1|/toolbar|SearchSource=1|SearchSource=44|qsrc=2871|babsrc=TB_def|||8641375132985905"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASMANCS]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_blackList"="form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic-tbsbox-en-us|src=tlbvw|sap=tr|src=1|/toolbar|SearchSource=1|SearchSource=44|qsrc=2871|babsrc=TB_def|||8641375132985905"
-= EOF =-
|
|
31.07.2013, 07:29
| #9 |
| /// TB-Ausbilder | Virus drauf wird aber von Scanner nicht erkannt Servus, du hast SystemLook nur zum Teil richtig ausgeführt... den Paramenter ":filefind" hast du vergessen... daher gleich nochmal:
|
|
31.07.2013, 11:05
| #10 |
| | Virus drauf wird aber von Scanner nicht erkannt Tut mir leid hier die neue datei  Code:
ATTFilter ystemLook 30.07.11 by jpshortstuff
Log created at 11:58 on 31/07/2013 by Dennis
Administrator - Elevation successful
========== filefind ==========
Searching for "*qvo6*"
C:\Users\Dennis\AppData\Local\Temp\is1326335552\cor_ar_201374152420_qvo6.exe ------- 200272 bytes [13:47 09/07/2013] [13:47 09/07/2013] 7B38A382E58F264F4F8A00FD9407BF49
C:\Windows\Prefetch\COR_AR_201374152420_QVO6.EXE-554ED458.pf --a---- 44342 bytes [11:51 26/07/2013] [11:51 26/07/2013] A6158BE766B4DE695EF5803F79700BA3
Searching for "*MyStart Search*"
No files found.
Searching for "*Speedbit*"
No files found.
Searching for "*eSafe*"
No files found.
Searching for "*Conduit*"
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633439688630900000_gif.gif --a---- 764 bytes [13:21 22/04/2012] [13:21 22/04/2012] A481760D615EDD4D14F9AE8CA44F77C4
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590750635300000_gif.gif --a---- 230 bytes [13:21 22/04/2012] [13:21 22/04/2012] 13485B11123192C02E94DCDB99EE273D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590751044362500_gif.gif --a---- 308 bytes [13:21 22/04/2012] [13:21 22/04/2012] 2E545DAC1D7D0AA651B763530C1024E1
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590751926237500_gif.gif --a---- 171 bytes [13:21 22/04/2012] [13:21 22/04/2012] 311E103C22854F5DD8AA1767E248BD39
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590752453893750_gif.gif --a---- 240 bytes [13:21 22/04/2012] [13:21 22/04/2012] C1645838163893576AABC3B474F4807A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590753577643750_gif.gif --a---- 613 bytes [13:21 22/04/2012] [13:21 22/04/2012] 58F91A9328FDCE8949CAC0CB71B635E4
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633629754211018750_gif.gif --a---- 352 bytes [13:21 22/04/2012] [13:21 22/04/2012] ADC9632CBA729C91BF14DA372F26E507
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633889540708075000_gif.gif --a---- 1122 bytes [13:21 22/04/2012] [13:21 22/04/2012] C6D150929F00B762229BF8FE378A7DA5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633940019404743750_png.png --a---- 693 bytes [13:21 22/04/2012] [13:21 22/04/2012] 0B632114E30C64B28367B78D1EB0C186
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_634425471234496358_png.png --a---- 1733 bytes [13:21 22/04/2012] [13:21 22/04/2012] F0E3DF8472F4144ECB2C3318D34B031D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928514396812500_gif.gif --a---- 807 bytes [13:21 22/04/2012] [13:21 22/04/2012] 82837713BF494C7030545B0A9206BF3A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928514651500000_gif.gif --a---- 795 bytes [13:21 22/04/2012] [13:21 22/04/2012] 38AA2E910A6BC85D2D21B4275C7C7CC6
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928515153218750_gif.gif --a---- 780 bytes [13:21 22/04/2012] [13:21 22/04/2012] 212EA9AD68D504270D130EACF557FBBB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928515625406250_gif.gif --a---- 746 bytes [13:21 22/04/2012] [13:21 22/04/2012] 650C29E78EA53718ED47CAAED90ECCC0
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928516582593750_gif.gif --a---- 703 bytes [13:21 22/04/2012] [13:21 22/04/2012] 0EB95A4739F70FFC36D3BFCD11A5A4C3
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928517792437500_gif.gif --a---- 804 bytes [13:21 22/04/2012] [13:21 22/04/2012] 5D0E297171A7362DF2B89F3C86D2E89F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928518508687500_gif.gif --a---- 756 bytes [13:21 22/04/2012] [13:21 22/04/2012] 4D710CFBB1EFE9760AF366753EAF56BE
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928520437437500_gif.gif --a---- 750 bytes [13:21 22/04/2012] [13:21 22/04/2012] 0A4E9074159FD3098E62FA2346AB53EE
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928521568375000_gif.gif --a---- 781 bytes [13:21 22/04/2012] [13:21 22/04/2012] E83A19C7E45275220F3CCFD66058F419
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928522106812500_gif.gif --a---- 754 bytes [13:21 22/04/2012] [13:21 22/04/2012] AA80531D6249F69D48CF43D8A9C5A078
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928522657437500_gif.gif --a---- 804 bytes [13:21 22/04/2012] [13:21 22/04/2012] 5D0E297171A7362DF2B89F3C86D2E89F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928523558687500_gif.gif --a---- 781 bytes [13:21 22/04/2012] [13:21 22/04/2012] EFDFD8BB6F9A24268A035A1B36D71961
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928523986031250_gif.gif --a---- 743 bytes [13:21 22/04/2012] [13:21 22/04/2012] 6505C99500D9AADFA23F45DA90103397
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928524691187500_gif.gif --a---- 764 bytes [13:21 22/04/2012] [13:21 22/04/2012] 602FAD643C070969C5B989BC7D329ECF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928525741656250_gif.gif --a---- 800 bytes [13:21 22/04/2012] [13:21 22/04/2012] 57F91F3C9DE5F89FCBED6790DF226B28
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928526163843750_gif.gif --a---- 796 bytes [13:21 22/04/2012] [13:21 22/04/2012] FA2075914BBC941171265A83E381FE03
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928526609937500_gif.gif --a---- 771 bytes [13:21 22/04/2012] [13:21 22/04/2012] 540AEC6BA0C1EEB6A9111148C3057573
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928531073531250_gif.gif --a---- 730 bytes [13:21 22/04/2012] [13:21 22/04/2012] F91219C95A53E0208B25CD41B53B582F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928531494625000_gif.gif --a---- 754 bytes [13:21 22/04/2012] [13:21 22/04/2012] 88DE6F294EA416C3B52379A57B5D5C0C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928531853843750_gif.gif --a---- 731 bytes [13:21 22/04/2012] [13:21 22/04/2012] F1A46381C305FF8F17D9DE2A57674D74
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928532370093750_gif.gif --a---- 782 bytes [13:21 22/04/2012] [13:21 22/04/2012] F0991E1AE70DE174C24F165D2F5F2CF9
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928532905562500_gif.gif --a---- 767 bytes [13:21 22/04/2012] [13:21 22/04/2012] 42969F683E94B68E06DB6A6CD1327ACB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928533326812500_gif.gif --a---- 737 bytes [13:21 22/04/2012] [13:21 22/04/2012] 8C113A57427FD75D9B7DAFD43119711A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928533725250000_gif.gif --a---- 745 bytes [13:21 22/04/2012] [13:21 22/04/2012] 6E814BBA6757B0E547F4ABD57C89D078
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928534187437500_gif.gif --a---- 811 bytes [13:21 22/04/2012] [13:21 22/04/2012] 47627CEF7D8FAB79DE8682D7B2716514
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928535258062500_gif.gif --a---- 796 bytes [13:21 22/04/2012] [13:21 22/04/2012] FA2075914BBC941171265A83E381FE03
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928535826187500_gif.gif --a---- 754 bytes [13:21 22/04/2012] [13:21 22/04/2012] FA08AB532579396BB154DBA07E4A7757
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928536360093750_gif.gif --a---- 745 bytes [13:21 22/04/2012] [13:21 22/04/2012] 82931D9B612FDDC353637CDAB3BFB836
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928537044781250_gif.gif --a---- 735 bytes [13:21 22/04/2012] [13:21 22/04/2012] F29DF0726B8DBFEC190F8AD2F6443EB0
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928537532125000_gif.gif --a---- 808 bytes [13:21 22/04/2012] [13:21 22/04/2012] FF9D253F1D7708888E71D587AF2D4979
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928537915250000_gif.gif --a---- 772 bytes [13:21 22/04/2012] [13:21 22/04/2012] DFFA6482B88D1C98A037A89D3C558D6A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928538389312500_gif.gif --a---- 750 bytes [13:21 22/04/2012] [13:21 22/04/2012] 7F4485390674139B37CC337BE37EA3B7
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928538806656250_gif.gif --a---- 774 bytes [13:21 22/04/2012] [13:21 22/04/2012] EE2C479443CC660882815CC231637519
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_SearchActivationButton-go_but01_gif-General-633629754908675000_gif.gif --a---- 117 bytes [13:21 22/04/2012] [13:21 22/04/2012] D98754949232C20B38E52EC493111E9F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif --a---- 159 bytes [13:22 22/04/2012] [13:22 22/04/2012] FF164EABA285C2E614EBFD967FEF9732
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_calculator_gif.gif --a---- 317 bytes [13:22 22/04/2012] [13:22 22/04/2012] E7ACB20C8E56B1EFAD7DED3DC4DE35F5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_excel_gif.gif --a---- 111 bytes [13:22 22/04/2012] [13:22 22/04/2012] 68D5FB9046516B872BEB1AADF30EA86B
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_MsAccess_gif.gif --a---- 95 bytes [13:22 22/04/2012] [13:22 22/04/2012] 095BEB6B08F7F24F33F56C56096BFD12
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_msnmessenger_gif.gif --a---- 305 bytes [13:22 22/04/2012] [13:22 22/04/2012] A3E464E993C0C45AF0D94BD84AE3C5F8
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_notepad_gif.gif --a---- 405 bytes [13:22 22/04/2012] [13:22 22/04/2012] 077089FFB4BF6554C885B0F49A4BE6C5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_office_gif.gif --a---- 155 bytes [13:22 22/04/2012] [13:22 22/04/2012] 9882F9A7CFAD12AC3CCBA0B17D4EE1DF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_OutlookExpress_gif.gif --a---- 411 bytes [13:22 22/04/2012] [13:22 22/04/2012] 4F7BC53CDB2B21F96C251C1F1AC19BAF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_Outlook_gif.gif --a---- 127 bytes [13:22 22/04/2012] [13:22 22/04/2012] 6ECB8335D7BDE23A66A49235DEEA9BF5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_paint_gif.gif --a---- 420 bytes [13:22 22/04/2012] [13:22 22/04/2012] 42EBAF2F8410D0967D65522B561FED25
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_powerpoint_gif.gif --a---- 127 bytes [13:22 22/04/2012] [13:22 22/04/2012] 268465ED967348C69F50412768DE13C6
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_RegistryEditor_gif.gif --a---- 142 bytes [13:22 22/04/2012] [13:22 22/04/2012] D8F68ED8F0AF6D52089C29343EB66A6C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_winword_gif.gif --a---- 125 bytes [13:22 22/04/2012] [13:22 22/04/2012] CD58F4779A272B7C41D0830BA80B772C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_WMPlayer_gif.gif --a---- 433 bytes [13:22 22/04/2012] [13:22 22/04/2012] 0E1907FEDB863CE6BB19A4580DC6B418
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [13:21 22/04/2012] [13:21 22/04/2012] 99D5F75C338F2A877CBF891E0F18746E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [13:21 22/04/2012] [13:21 22/04/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [13:21 22/04/2012] [13:21 22/04/2012] A847C5F6CE2C700048749892DD2E0619
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [13:21 22/04/2012] [13:21 22/04/2012] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [13:21 22/04/2012] [13:21 22/04/2012] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [13:21 22/04/2012] [13:21 22/04/2012] 943ADFD9E0DF1507F7BC419802BF4303
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [13:21 22/04/2012] [13:21 22/04/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [13:21 22/04/2012] [13:21 22/04/2012] 275C9DA2D536F18F528C80E050C3D705
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [13:21 22/04/2012] [13:21 22/04/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [13:21 22/04/2012] [13:21 22/04/2012] 650731EEF807C292E699779B12CBE552
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [13:21 22/04/2012] [13:21 22/04/2012] 9B4D914888BCFFCBAE6757A0E450551C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_BankImages_Csilkset_plugin_gif.gif --a---- 377 bytes [20:04 20/05/2012] [20:04 20/05/2012] 7FD3FCE2E0A1969EB3C7B704D66F4EC4
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_BankImages_Facebook_Facebook_png.png --a---- 772 bytes [13:22 22/04/2012] [13:22 22/04/2012] 1805E8470C0EE167396751BA3E9B0AAA
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif --a---- 419 bytes [13:21 22/04/2012] [13:21 22/04/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_Images_ClientResources_mini_browser_gif.gif --a---- 950 bytes [13:22 22/04/2012] [13:22 22/04/2012] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [13:21 22/04/2012] [13:21 22/04/2012] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [13:21 22/04/2012] [13:21 22/04/2012] A9E001CBC00B06B121DFBC80707F5298
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [13:21 22/04/2012] [13:21 22/04/2012] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [13:21 22/04/2012] [13:21 22/04/2012] 995595D4C685D659E8F03CD0A287EDDF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif --a---- 405 bytes [13:21 22/04/2012] [13:21 22/04/2012] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [13:21 22/04/2012] [13:21 22/04/2012] 464E244E7E2F27FB85E0C3AB69D72104
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [13:21 22/04/2012] [13:21 22/04/2012] 6427565C7105DC497287866100F260BB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [13:21 22/04/2012] [13:21 22/04/2012] AE7C9F67594A84B096D225601ACB0B2A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [13:21 22/04/2012] [13:21 22/04/2012] C3EBA0237D68F665AF6D663906221092
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [13:21 22/04/2012] [13:21 22/04/2012] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_dictionary_search_gif.gif --a---- 986 bytes [13:21 22/04/2012] [13:21 22/04/2012] E69C08AFA2BE65DEDC462A2B5AD24DAE
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_ebay_search_gif.gif --a---- 216 bytes [13:21 22/04/2012] [13:21 22/04/2012] 44A5718F3E1C5785F969C82B2C1D0904
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_encyc_search_gif.gif --a---- 395 bytes [13:21 22/04/2012] [13:21 22/04/2012] 64134CF20CCCE87340B53E9C73AF105E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [13:21 22/04/2012] [13:21 22/04/2012] 66018EAE0906C9831A821CAE5D1089BB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif --a---- 371 bytes [13:21 22/04/2012] [13:21 22/04/2012] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif --a---- 322 bytes [13:21 22/04/2012] [13:21 22/04/2012] 948781E4B6478290050ECA4423B89B1E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_shopping_search_gif.gif --a---- 381 bytes [13:21 22/04/2012] [13:21 22/04/2012] 9AC6288F268598A1A29B2295CEBC7C3D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_weather_icon_gif.gif --a---- 165 bytes [13:21 22/04/2012] [13:21 22/04/2012] 04E3A42E439747474D80EC47A083B76D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif --a---- 351 bytes [16:19 06/05/2012] [16:19 06/05/2012] 703A98E0FBFB8C9B617E732C9E62DB04
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif --a---- 173 bytes [13:22 22/04/2012] [13:22 22/04/2012] E509575F473727B14C87367068C42353
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif --a---- 212 bytes [20:04 20/05/2012] [20:04 20/05/2012] 88CD5B8D6F007347115A8A602E5D158B
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml --a---- 7049 bytes [13:21 22/04/2012] [18:12 21/06/2012] C0D6A8932427F7498C22D3F5B329B4E8
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml --a---- 5527 bytes [13:21 22/04/2012] [18:12 21/06/2012] 57791EFA882DE1E8E7D2C075C4F4779F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml --a---- 6581 bytes [13:21 22/04/2012] [18:12 21/06/2012] 93DBA7DBB3A402F930076666BD7C539C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml --a---- 5526 bytes [13:21 22/04/2012] [18:12 21/06/2012] F7346F284ADD31BF2124EABCE5FB7956
Searching for "*Freemium*"
No files found.
Searching for "*SearchPredict*"
No files found.
Searching for "*SoftwareUpdater*"
No files found.
Searching for "*WsysControl*"
No files found.
Searching for "*WsysSvc*"
No files found.
Searching for "*SweetIM*"
No files found.
Searching for "*WiseConvert*"
No files found.
Searching for "*Web Assistant*"
No files found.
Searching for "*Babylon*"
C:\Users\Dennis\AppData\Local\Temp\7929228B-BAB0-7891-918E-CBACB342CCF0\MyBabylonTB.exe --a---- 1953504 bytes [12:56 08/04/2013] [12:56 08/04/2013] 8579A1F1CA46DAAD932A147F7AFCED5C
C:\Users\Dennis\Videos\Aktion\Babylon A.D..flv --a---- 367082590 bytes [12:49 26/07/2012] [13:04 26/07/2012] 9DA92BE87E07702E34E4EC75D2DA2D87
Searching for "*Conduit*"
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633439688630900000_gif.gif --a---- 764 bytes [13:21 22/04/2012] [13:21 22/04/2012] A481760D615EDD4D14F9AE8CA44F77C4
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590750635300000_gif.gif --a---- 230 bytes [13:21 22/04/2012] [13:21 22/04/2012] 13485B11123192C02E94DCDB99EE273D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590751044362500_gif.gif --a---- 308 bytes [13:21 22/04/2012] [13:21 22/04/2012] 2E545DAC1D7D0AA651B763530C1024E1
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590751926237500_gif.gif --a---- 171 bytes [13:21 22/04/2012] [13:21 22/04/2012] 311E103C22854F5DD8AA1767E248BD39
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590752453893750_gif.gif --a---- 240 bytes [13:21 22/04/2012] [13:21 22/04/2012] C1645838163893576AABC3B474F4807A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590753577643750_gif.gif --a---- 613 bytes [13:21 22/04/2012] [13:21 22/04/2012] 58F91A9328FDCE8949CAC0CB71B635E4
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633629754211018750_gif.gif --a---- 352 bytes [13:21 22/04/2012] [13:21 22/04/2012] ADC9632CBA729C91BF14DA372F26E507
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633889540708075000_gif.gif --a---- 1122 bytes [13:21 22/04/2012] [13:21 22/04/2012] C6D150929F00B762229BF8FE378A7DA5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633940019404743750_png.png --a---- 693 bytes [13:21 22/04/2012] [13:21 22/04/2012] 0B632114E30C64B28367B78D1EB0C186
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_634425471234496358_png.png --a---- 1733 bytes [13:21 22/04/2012] [13:21 22/04/2012] F0E3DF8472F4144ECB2C3318D34B031D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928514396812500_gif.gif --a---- 807 bytes [13:21 22/04/2012] [13:21 22/04/2012] 82837713BF494C7030545B0A9206BF3A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928514651500000_gif.gif --a---- 795 bytes [13:21 22/04/2012] [13:21 22/04/2012] 38AA2E910A6BC85D2D21B4275C7C7CC6
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928515153218750_gif.gif --a---- 780 bytes [13:21 22/04/2012] [13:21 22/04/2012] 212EA9AD68D504270D130EACF557FBBB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928515625406250_gif.gif --a---- 746 bytes [13:21 22/04/2012] [13:21 22/04/2012] 650C29E78EA53718ED47CAAED90ECCC0
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928516582593750_gif.gif --a---- 703 bytes [13:21 22/04/2012] [13:21 22/04/2012] 0EB95A4739F70FFC36D3BFCD11A5A4C3
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928517792437500_gif.gif --a---- 804 bytes [13:21 22/04/2012] [13:21 22/04/2012] 5D0E297171A7362DF2B89F3C86D2E89F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928518508687500_gif.gif --a---- 756 bytes [13:21 22/04/2012] [13:21 22/04/2012] 4D710CFBB1EFE9760AF366753EAF56BE
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928520437437500_gif.gif --a---- 750 bytes [13:21 22/04/2012] [13:21 22/04/2012] 0A4E9074159FD3098E62FA2346AB53EE
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928521568375000_gif.gif --a---- 781 bytes [13:21 22/04/2012] [13:21 22/04/2012] E83A19C7E45275220F3CCFD66058F419
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928522106812500_gif.gif --a---- 754 bytes [13:21 22/04/2012] [13:21 22/04/2012] AA80531D6249F69D48CF43D8A9C5A078
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928522657437500_gif.gif --a---- 804 bytes [13:21 22/04/2012] [13:21 22/04/2012] 5D0E297171A7362DF2B89F3C86D2E89F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928523558687500_gif.gif --a---- 781 bytes [13:21 22/04/2012] [13:21 22/04/2012] EFDFD8BB6F9A24268A035A1B36D71961
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928523986031250_gif.gif --a---- 743 bytes [13:21 22/04/2012] [13:21 22/04/2012] 6505C99500D9AADFA23F45DA90103397
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928524691187500_gif.gif --a---- 764 bytes [13:21 22/04/2012] [13:21 22/04/2012] 602FAD643C070969C5B989BC7D329ECF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928525741656250_gif.gif --a---- 800 bytes [13:21 22/04/2012] [13:21 22/04/2012] 57F91F3C9DE5F89FCBED6790DF226B28
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928526163843750_gif.gif --a---- 796 bytes [13:21 22/04/2012] [13:21 22/04/2012] FA2075914BBC941171265A83E381FE03
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928526609937500_gif.gif --a---- 771 bytes [13:21 22/04/2012] [13:21 22/04/2012] 540AEC6BA0C1EEB6A9111148C3057573
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928531073531250_gif.gif --a---- 730 bytes [13:21 22/04/2012] [13:21 22/04/2012] F91219C95A53E0208B25CD41B53B582F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928531494625000_gif.gif --a---- 754 bytes [13:21 22/04/2012] [13:21 22/04/2012] 88DE6F294EA416C3B52379A57B5D5C0C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928531853843750_gif.gif --a---- 731 bytes [13:21 22/04/2012] [13:21 22/04/2012] F1A46381C305FF8F17D9DE2A57674D74
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928532370093750_gif.gif --a---- 782 bytes [13:21 22/04/2012] [13:21 22/04/2012] F0991E1AE70DE174C24F165D2F5F2CF9
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928532905562500_gif.gif --a---- 767 bytes [13:21 22/04/2012] [13:21 22/04/2012] 42969F683E94B68E06DB6A6CD1327ACB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928533326812500_gif.gif --a---- 737 bytes [13:21 22/04/2012] [13:21 22/04/2012] 8C113A57427FD75D9B7DAFD43119711A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928533725250000_gif.gif --a---- 745 bytes [13:21 22/04/2012] [13:21 22/04/2012] 6E814BBA6757B0E547F4ABD57C89D078
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928534187437500_gif.gif --a---- 811 bytes [13:21 22/04/2012] [13:21 22/04/2012] 47627CEF7D8FAB79DE8682D7B2716514
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928535258062500_gif.gif --a---- 796 bytes [13:21 22/04/2012] [13:21 22/04/2012] FA2075914BBC941171265A83E381FE03
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928535826187500_gif.gif --a---- 754 bytes [13:21 22/04/2012] [13:21 22/04/2012] FA08AB532579396BB154DBA07E4A7757
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928536360093750_gif.gif --a---- 745 bytes [13:21 22/04/2012] [13:21 22/04/2012] 82931D9B612FDDC353637CDAB3BFB836
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928537044781250_gif.gif --a---- 735 bytes [13:21 22/04/2012] [13:21 22/04/2012] F29DF0726B8DBFEC190F8AD2F6443EB0
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928537532125000_gif.gif --a---- 808 bytes [13:21 22/04/2012] [13:21 22/04/2012] FF9D253F1D7708888E71D587AF2D4979
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928537915250000_gif.gif --a---- 772 bytes [13:21 22/04/2012] [13:21 22/04/2012] DFFA6482B88D1C98A037A89D3C558D6A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928538389312500_gif.gif --a---- 750 bytes [13:21 22/04/2012] [13:21 22/04/2012] 7F4485390674139B37CC337BE37EA3B7
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928538806656250_gif.gif --a---- 774 bytes [13:21 22/04/2012] [13:21 22/04/2012] EE2C479443CC660882815CC231637519
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_SearchActivationButton-go_but01_gif-General-633629754908675000_gif.gif --a---- 117 bytes [13:21 22/04/2012] [13:21 22/04/2012] D98754949232C20B38E52EC493111E9F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif --a---- 159 bytes [13:22 22/04/2012] [13:22 22/04/2012] FF164EABA285C2E614EBFD967FEF9732
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_calculator_gif.gif --a---- 317 bytes [13:22 22/04/2012] [13:22 22/04/2012] E7ACB20C8E56B1EFAD7DED3DC4DE35F5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_excel_gif.gif --a---- 111 bytes [13:22 22/04/2012] [13:22 22/04/2012] 68D5FB9046516B872BEB1AADF30EA86B
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_MsAccess_gif.gif --a---- 95 bytes [13:22 22/04/2012] [13:22 22/04/2012] 095BEB6B08F7F24F33F56C56096BFD12
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_msnmessenger_gif.gif --a---- 305 bytes [13:22 22/04/2012] [13:22 22/04/2012] A3E464E993C0C45AF0D94BD84AE3C5F8
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_notepad_gif.gif --a---- 405 bytes [13:22 22/04/2012] [13:22 22/04/2012] 077089FFB4BF6554C885B0F49A4BE6C5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_office_gif.gif --a---- 155 bytes [13:22 22/04/2012] [13:22 22/04/2012] 9882F9A7CFAD12AC3CCBA0B17D4EE1DF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_OutlookExpress_gif.gif --a---- 411 bytes [13:22 22/04/2012] [13:22 22/04/2012] 4F7BC53CDB2B21F96C251C1F1AC19BAF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_Outlook_gif.gif --a---- 127 bytes [13:22 22/04/2012] [13:22 22/04/2012] 6ECB8335D7BDE23A66A49235DEEA9BF5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_paint_gif.gif --a---- 420 bytes [13:22 22/04/2012] [13:22 22/04/2012] 42EBAF2F8410D0967D65522B561FED25
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_powerpoint_gif.gif --a---- 127 bytes [13:22 22/04/2012] [13:22 22/04/2012] 268465ED967348C69F50412768DE13C6
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_RegistryEditor_gif.gif --a---- 142 bytes [13:22 22/04/2012] [13:22 22/04/2012] D8F68ED8F0AF6D52089C29343EB66A6C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_winword_gif.gif --a---- 125 bytes [13:22 22/04/2012] [13:22 22/04/2012] CD58F4779A272B7C41D0830BA80B772C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_WMPlayer_gif.gif --a---- 433 bytes [13:22 22/04/2012] [13:22 22/04/2012] 0E1907FEDB863CE6BB19A4580DC6B418
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [13:21 22/04/2012] [13:21 22/04/2012] 99D5F75C338F2A877CBF891E0F18746E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [13:21 22/04/2012] [13:21 22/04/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [13:21 22/04/2012] [13:21 22/04/2012] A847C5F6CE2C700048749892DD2E0619
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [13:21 22/04/2012] [13:21 22/04/2012] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [13:21 22/04/2012] [13:21 22/04/2012] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [13:21 22/04/2012] [13:21 22/04/2012] 943ADFD9E0DF1507F7BC419802BF4303
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [13:21 22/04/2012] [13:21 22/04/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [13:21 22/04/2012] [13:21 22/04/2012] 275C9DA2D536F18F528C80E050C3D705
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [13:21 22/04/2012] [13:21 22/04/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [13:21 22/04/2012] [13:21 22/04/2012] 650731EEF807C292E699779B12CBE552
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [13:21 22/04/2012] [13:21 22/04/2012] 9B4D914888BCFFCBAE6757A0E450551C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_BankImages_Csilkset_plugin_gif.gif --a---- 377 bytes [20:04 20/05/2012] [20:04 20/05/2012] 7FD3FCE2E0A1969EB3C7B704D66F4EC4
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_BankImages_Facebook_Facebook_png.png --a---- 772 bytes [13:22 22/04/2012] [13:22 22/04/2012] 1805E8470C0EE167396751BA3E9B0AAA
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif --a---- 419 bytes [13:21 22/04/2012] [13:21 22/04/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_Images_ClientResources_mini_browser_gif.gif --a---- 950 bytes [13:22 22/04/2012] [13:22 22/04/2012] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [13:21 22/04/2012] [13:21 22/04/2012] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [13:21 22/04/2012] [13:21 22/04/2012] A9E001CBC00B06B121DFBC80707F5298
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [13:21 22/04/2012] [13:21 22/04/2012] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [13:21 22/04/2012] [13:21 22/04/2012] 995595D4C685D659E8F03CD0A287EDDF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif --a---- 405 bytes [13:21 22/04/2012] [13:21 22/04/2012] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [13:21 22/04/2012] [13:21 22/04/2012] 464E244E7E2F27FB85E0C3AB69D72104
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [13:21 22/04/2012] [13:21 22/04/2012] 6427565C7105DC497287866100F260BB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [13:21 22/04/2012] [13:21 22/04/2012] AE7C9F67594A84B096D225601ACB0B2A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [13:21 22/04/2012] [13:21 22/04/2012] C3EBA0237D68F665AF6D663906221092
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [13:21 22/04/2012] [13:21 22/04/2012] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_dictionary_search_gif.gif --a---- 986 bytes [13:21 22/04/2012] [13:21 22/04/2012] E69C08AFA2BE65DEDC462A2B5AD24DAE
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_ebay_search_gif.gif --a---- 216 bytes [13:21 22/04/2012] [13:21 22/04/2012] 44A5718F3E1C5785F969C82B2C1D0904
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_encyc_search_gif.gif --a---- 395 bytes [13:21 22/04/2012] [13:21 22/04/2012] 64134CF20CCCE87340B53E9C73AF105E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [13:21 22/04/2012] [13:21 22/04/2012] 66018EAE0906C9831A821CAE5D1089BB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif --a---- 371 bytes [13:21 22/04/2012] [13:21 22/04/2012] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif --a---- 322 bytes [13:21 22/04/2012] [13:21 22/04/2012] 948781E4B6478290050ECA4423B89B1E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_shopping_search_gif.gif --a---- 381 bytes [13:21 22/04/2012] [13:21 22/04/2012] 9AC6288F268598A1A29B2295CEBC7C3D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_weather_icon_gif.gif --a---- 165 bytes [13:21 22/04/2012] [13:21 22/04/2012] 04E3A42E439747474D80EC47A083B76D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif --a---- 351 bytes [16:19 06/05/2012] [16:19 06/05/2012] 703A98E0FBFB8C9B617E732C9E62DB04
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif --a---- 173 bytes [13:22 22/04/2012] [13:22 22/04/2012] E509575F473727B14C87367068C42353
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif --a---- 212 bytes [20:04 20/05/2012] [20:04 20/05/2012] 88CD5B8D6F007347115A8A602E5D158B
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml --a---- 7049 bytes [13:21 22/04/2012] [18:12 21/06/2012] C0D6A8932427F7498C22D3F5B329B4E8
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml --a---- 5527 bytes [13:21 22/04/2012] [18:12 21/06/2012] 57791EFA882DE1E8E7D2C075C4F4779F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml --a---- 6581 bytes [13:21 22/04/2012] [18:12 21/06/2012] 93DBA7DBB3A402F930076666BD7C539C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml --a---- 5526 bytes [13:21 22/04/2012] [18:12 21/06/2012] F7346F284ADD31BF2124EABCE5FB7956
Searching for "*Ilivid*"
No files found.
Searching for "*PutLockerDownloader*"
No files found.
Searching for "*Movie2KDownloader*"
No files found.
Searching for "*DataMngr*"
No files found.
Searching for "*Softonic*"
C:\Users\Dennis\Downloads\SoftonicDownloader_fuer_meboy.exe --a---- 313928 bytes [13:07 12/03/2012] [13:07 12/03/2012] 2D20F8BD571E0D415DC6FF4DF867E20D
Searching for " "
No files found.
-= EOF =-
|
|
31.07.2013, 14:59
| #11 |
| /// TB-Ausbilder | Virus drauf wird aber von Scanner nicht erkannt Servus, wir entfernen die letzten Reste und kontrollieren nochmal alles: Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
SearchScopes: HKCU - {C2798CF1-011A-4461-AD6B-DB704AB54A9D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
BHO-x32: LyricXeeker - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files (x86)\LyriXeeker\125.dll (LyriXeeker Tech)
C:\Program Files (x86)\LyriXeeker
BHO-x32: Game Master 2.2 Toolbar - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.)
C:\Program Files (x86)\Game_Master_2.2
Toolbar: HKLM-x32 - Game Master 2.2 Toolbar - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {D8215D9C-81ED-4E53-B420-BFCDBAC4734D} - No File
FF Extension: m2k - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\profiles\extensions\m2k@m2kdownloader.com.xpi
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
C:\Program Files\Web Assistant
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi
FF Extension: No Name - C:\Program Files (x86)\LyriXeeker\125.xpi
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [376896 2013-07-26] (Wsys Co., Ltd.)
C:\ProgramData\eSafe
Task: {3AD4A51E-CA5E-4F21-B0E9-27D498D67BBA} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\Freemium\SystemStore\SoftwareUpdater.Ui.exe
Task: {59E0D563-FCD2-4E9D-A571-1B3EF1C12EC2} - System32\Tasks\SBWUpdateTask_Logon_f82dc085-74DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe
Task: {648B735B-2980-44BB-A6CC-72BFDCA33E39} - System32\Tasks\SBWUpdateTask_Logon_f82dc085-72DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe
Task: {69DF53D2-2F33-4258-A8DE-4324F3474211} - System32\Tasks\4790
Task: {6F96ADF5-13C6-4F37-8E78-1ABBBB3A2A3A} - System32\Tasks\Software Updater => C:\Program Files (x86)\Freemium\SystemStore\SoftwareUpdater.Bootstrapper.exe
Task: {77CC950E-D0BC-45EF-984C-062BC44453E9} - System32\Tasks\SBWUpdateTask_Time_f82dc085-72DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe
Task: {9FB4123A-75EA-4F5E-9C3F-F6537272089B} - System32\Tasks\SBWUpdateTask_Time_f82dc085-74DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe
Task: {CFF59FC2-5C13-45B8-A38C-656C9A6900DD} - System32\Tasks\LyricXeeker Update => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe
Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2
C:\Users\Dennis\Downloads\SoftonicDownloader_fuer_meboy.exe
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SBCONVERT" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SpeedBit" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\SPEEDbitVideoConverter" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eSafeSecControl" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186EE49B-1BF8-49F7-A35F-046C26B4AE41}" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Freemium" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freemium_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freemium_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\WsysSvc" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WsysSvc" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SweetIM" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\sweetimsetup_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\sweetimsetup_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert 1.3 Toolbar" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASMANCS" /f
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
Geändert von M-K-D-B (31.07.2013 um 15:12 Uhr) |
|
31.07.2013, 18:24
| #12 |
| | Virus drauf wird aber von Scanner nicht erkannt Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by Dennis at 2013-07-31 16:18:12 Run:1
Running from C:\Users\Dennis\Desktop
Boot Mode: Normal
==============================================
HKLM\Software\Classes\CLSID\{750fdf10-2a26-11d1-a3ea-080036587f03}\InprocServer32\\Default => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D} => Key deleted successfully.
HKCR\CLSID\{C2798CF1-011A-4461-AD6B-DB704AB54A9D} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E58097-6CA5-448B-830F-2A19678248FB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{17E58097-6CA5-448B-830F-2A19678248FB} => Key deleted successfully.
C:\Program Files (x86)\LyriXeeker => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8215d9c-81ed-4e53-b420-bfcdbac4734d} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d8215d9c-81ed-4e53-b420-bfcdbac4734d} => Key deleted successfully.
C:\Program Files (x86)\Game_Master_2.2 => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{d8215d9c-81ed-4e53-b420-bfcdbac4734d} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{d8215d9c-81ed-4e53-b420-bfcdbac4734d} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D8215D9C-81ED-4E53-B420-BFCDBAC4734D} => Value deleted successfully.
HKCR\CLSID\{D8215D9C-81ED-4E53-B420-BFCDBAC4734D} => Key not found.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\profiles\extensions\m2k@m2kdownloader.com.xpi => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => Value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => Value deleted successfully.
"C:\Program Files\Web Assistant" => File/Directory not found.
HKCU\Software\Mozilla\Firefox\Extensions\\lyrix@lyrixeeker.co => Value deleted successfully.
C:\Program Files (x86)\LyriXeeker\125.xpi not found.
WsysSvc => Service deleted successfully.
C:\ProgramData\eSafe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3AD4A51E-CA5E-4F21-B0E9-27D498D67BBA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AD4A51E-CA5E-4F21-B0E9-27D498D67BBA} => Key not found.
C:\Windows\System32\Tasks\Software Updater Ui => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Ui => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59E0D563-FCD2-4E9D-A571-1B3EF1C12EC2} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59E0D563-FCD2-4E9D-A571-1B3EF1C12EC2} => Key not found.
C:\Windows\System32\Tasks\SBWUpdateTask_Logon_f82dc085-74DE2BF09AD1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Logon_f82dc085-74DE2BF09AD1 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{648B735B-2980-44BB-A6CC-72BFDCA33E39} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{648B735B-2980-44BB-A6CC-72BFDCA33E39} => Key not found.
C:\Windows\System32\Tasks\SBWUpdateTask_Logon_f82dc085-72DE2BF09AD1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Logon_f82dc085-72DE2BF09AD1 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69DF53D2-2F33-4258-A8DE-4324F3474211} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69DF53D2-2F33-4258-A8DE-4324F3474211} => Key not found.
C:\Windows\System32\Tasks\4790 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4790 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F96ADF5-13C6-4F37-8E78-1ABBBB3A2A3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F96ADF5-13C6-4F37-8E78-1ABBBB3A2A3A} => Key not found.
C:\Windows\System32\Tasks\Software Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77CC950E-D0BC-45EF-984C-062BC44453E9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77CC950E-D0BC-45EF-984C-062BC44453E9} => Key not found.
C:\Windows\System32\Tasks\SBWUpdateTask_Time_f82dc085-72DE2BF09AD1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Time_f82dc085-72DE2BF09AD1 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FB4123A-75EA-4F5E-9C3F-F6537272089B} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FB4123A-75EA-4F5E-9C3F-F6537272089B} => Key not found.
C:\Windows\System32\Tasks\SBWUpdateTask_Time_f82dc085-74DE2BF09AD1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Time_f82dc085-74DE2BF09AD1 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CFF59FC2-5C13-45B8-A38C-656C9A6900DD} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFF59FC2-5C13-45B8-A38C-656C9A6900DD} => Key not found.
C:\Windows\System32\Tasks\LyricXeeker Update => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricXeeker Update => Key not found.
C:\Windows\Tasks\LyricXeeker Update.job => Moved successfully.
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2 => Moved successfully.
C:\Users\Dennis\Downloads\SoftonicDownloader_fuer_meboy.exe => Moved successfully.
========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SBCONVERT" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SpeedBit" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\SPEEDbitVideoConverter" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}" /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eSafeSecControl" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186EE49B-1BF8-49F7-A35F-046C26B4AE41}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Freemium" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freemium_RASAPI32" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freemium_RASMANCS" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\WsysSvc" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WsysSvc" /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SweetIM" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\sweetimsetup_RASAPI32" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\sweetimsetup_RASMANCS" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASAPI32" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASMANCS" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert 1.3 Toolbar" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant" /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASAPI32" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASMANCS" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASAPI32" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASMANCS" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
==== End of Fixlog ====
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.31.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Dennis :: DENNIS-PC [Administrator] Schutz: Aktiviert 31.07.2013 16:23:12 mbam-log-2013-07-31 (16-23-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 237569 Laufzeit: 3 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\ProgramData\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dennis\AppData\Local\Temp\75B3.tmp (PUP.Browser.Defender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dennis\AppData\Local\Temp\ICReinstall_setup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dennis\AppData\Local\Temp\is1326335552\426239888_Setup.EXE (PUP.Optional.AddLyrics) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dennis\AppData\Local\Temp\is1326335552\cor_ar_201374152420_qvo6.exe (PUP.Optional.Elex) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\41b7b78.msi (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Der Eset scan läuft seit 45min und ist erst bei 33% kann also noch eine Weile dauern Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a3f2041721fcc84ebd103bb49d650bdf
# engine=14602
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-31 05:01:38
# local_time=2013-07-31 07:01:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 99 5528 30056420 0 0
# compatibility_mode=5893 16776573 100 94 70959 126919948 0 0
# scanned=137460
# found=5
# cleaned=0
# scan_time=3589
sh=A6C90300B0C5D148766FA2247944CB5FE7E9580C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\ProgramData\ADDICT-THING\background.html"
sh=704E5C89979080D0043F3D8B8FC7706201A2BF79 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\ProgramData\ADDICT-THING\bjoffdcclipgdeidjnnlgciddhajlfni.crx"
sh=A6C90300B0C5D148766FA2247944CB5FE7E9580C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\All Users\ADDICT-THING\background.html"
sh=704E5C89979080D0043F3D8B8FC7706201A2BF79 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\All Users\ADDICT-THING\bjoffdcclipgdeidjnnlgciddhajlfni.crx"
sh=130A7A0878304F8F4FFF433096F4D0E399193D16 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-0507.CU trojan" ac=I fn="C:\Users\Dennis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1d7715f7-4e4aa16b"
Code:
ATTFilter Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 35 Java version out of Date! Adobe Flash Player 11.3.300.262 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (22.0) Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
31.07.2013, 18:32
| #13 |
| /// TB-Ausbilder | Virus drauf wird aber von Scanner nicht erkannt Servus, Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
C:\ProgramData\ADDICT-THING
C:\Users\All Users\ADDICT-THING
C:\ProgramData\OptimizerPro1
C:\Users\Dennis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deine Version von Adobe Flash Player ist veraltet. Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
Schritt 3 Die Reihenfolge ist hier entscheidend.
Schritt 4 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von Registry Cleanern. Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link: Miekemoes Blogspot ( MVP ) Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
31.07.2013, 18:59
| #14 |
| | Virus drauf wird aber von Scanner nicht erkannt Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by Dennis at 2013-07-31 19:34:54 Run:2
Running from C:\Users\Dennis\Desktop
Boot Mode: Normal
==============================================
C:\ProgramData\ADDICT-THING => Moved successfully.
"C:\Users\All Users\ADDICT-THING" => File/Directory not found.
C:\ProgramData\OptimizerPro1 => Moved successfully.
C:\Users\Dennis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 => Moved successfully.
==== End of Fixlog ====
ich hab defogger verwendet finde aber die exe datei nicht mehr nur noch die text datei. Habe defogger aber zu 100% auf dem desktop geschpeichert |
|
31.07.2013, 19:04
| #15 | |
| /// TB-Ausbilder | Virus drauf wird aber von Scanner nicht erkannt Servus, Zitat:
Sollte DeFogger noch vorhanden sein, wird es von DelFix in der Regel gelöscht.  |
|
| Themen zu Virus drauf wird aber von Scanner nicht erkannt |
| 20€, 7-zip, adobe reader xi, anwendungen, continue, dateien, defender, ebanking, erkannt, explorer, filescout.exe, firefox, install.exe, internet, internet explorer, kaspersky, kaspersky internet security 2013, langsamer, lyricxeeker, meldung, microsoft office starter 2010, msiexec.exe, neue, neuen, nicht erkannt, ntdll.dll, nvpciflt.sys, origin, plug-in, problem, scan, scanner, seite, seiten, sweetpacks, texte, version, virus, werbung, windows, wscript.exe, wörter |
Linear-Darstellung
