Trojaner-Board - 50€-Blockade

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - 50€-Blockade (https://www.trojaner-board.de/108106-50-blockade.html)

Guten Tag Trojaner-Board,
ich bin ein Neuling im Forum und auch im Bereich Virenbekämpfung. Ich habe seit heute ein Problem und hoffe ihr könnt mir helfen. Nun zur Beschreibung des Problems.(Ich habe durch Google ähnliche Probleme in diesem Forum hier gefunden, habe allerdings gelesen ich soll die Lösungsvorschläge nicht übernehmen)

Als ich heute morgen auf meinen Laptop geguckt habe,habe ich eine Anzeige gelesen, ich solle 50€ überweisen, da ich ein Virenproblem habe und dieses gelöst werden müsse. Die Anzeige steht im Vordergrund, ich kann auf nichts mehr zugreifen und das System ist sogesagt blockiert. Ich habe probiert etwas über den Task-Manager zu ändern,dieser öffnet sich leider aber im Hintergrund. Nun schreibe ich im Abgesicherten-Modus + Netzwerktreiber. Hier habe ich das Problem nicht. Ich habe von hier aus auch Spybot und Ad-Aware durchlaufen lassen, hat aber auch nicht geholfen.

Leider komm ich an dieser Stelle nichtmehr weiter, ich hoffe also ihr könnt mir helfen. Ich danke schonmal im vorraus und warte gespannt auf Antworten.

Apfelsaft

hi,
gerät neustarten, f8 drücken abgesicherter modus mit netzwerk wählen, mit dem infiziertem konto anmelden.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

explorer.exe

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\*.dll /lockedfiles

%USERPROFILE%\*.*

%USERPROFILE%\Local Settings\Temp\*.exe

%USERPROFILE%\Local Settings\Temp\*.dll

%USERPROFILE%\Application Data\*.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

hallo markusg,
ich weiß nicht ob ich das nun korrekt gemacht habe,da ich nur eine datei nach dem scan habe und zwar OTL.Txt, Extra.Txt fehlt.

Code:

OTL logfile created on: 15.01.2012 17:11:41 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 78,17% Memory free

6,19 Gb Paging File | 5,78 Gb Available in Paging File | 93,38% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 224,04 Gb Total Space | 54,56 Gb Free Space | 24,35% Space Free | Partition Type: NTFS

Drive D: | 232,88 Gb Total Space | 193,90 Gb Free Space | 83,26% Space Free | Partition Type: NTFS

Drive E: | 8,84 Gb Total Space | 1,63 Gb Free Space | 18,45% Space Free | Partition Type: NTFS

 

Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.01.15 15:06:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\OTL.exe

PRC - [2011.03.28 14:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2011.03.28 14:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.06.13 18:42:38 | 000,090,592 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll

MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll

MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.01.05 18:38:48 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.12.13 17:35:24 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2011.06.28 14:54:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.06.13 18:42:08 | 001,036,104 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011.04.27 13:31:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.03.28 14:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2009.07.21 21:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)

SRV - [2009.02.27 17:07:58 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)

SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008.03.26 14:26:56 | 000,341,328 | ---- | M] () [Auto | Stopped] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008.02.12 21:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\AEstSrv.exe -- (AESTFilters)

SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.06.28 14:54:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.28 14:54:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.04.12 14:55:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009.10.14 17:50:34 | 000,145,920 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rdwm1079.sys -- (RDID1079)

DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2009.09.05 15:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.07.21 21:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.04.23 16:40:48 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.05.09 02:01:42 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008.04.28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

DRV - [2008.04.11 18:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008.01.24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007.04.13 15:13:16 | 001,307,136 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM106.sys -- (CM1063264)

DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)

DRV - [2005.08.17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2005.08.17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2005.08.17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.9\dealioToolbarIE.dll (Spigot, Inc.)

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1111031348\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.order.1: "Web Search"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/"

FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7

FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lukas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lukas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.03 21:07:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.13 12:35:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.08.16 21:29:24 | 000,000,000 | ---D | M]

 

[2011.10.05 22:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions

[2012.01.09 05:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions

[2009.07.02 10:03:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.01.05 03:12:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.01.09 05:38:52 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2011.10.05 22:56:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2010.09.11 22:19:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.03.17 01:55:22 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

[2011.08.16 21:25:36 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2011.05.06 21:56:19 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\engine@conduit.com

[2011.11.19 00:17:33 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\support@predictad.com

[2011.01.14 13:16:53 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\toolbar@ask.com

[2012.01.10 07:25:21 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-1.xml

[2011.12.26 12:45:23 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-2.xml

[2011.06.23 22:01:36 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-3.xml

[2011.01.05 00:42:35 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-4.xml

[2011.08.19 20:03:05 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-5.xml

[2011.09.01 10:59:47 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-6.xml

[2011.09.12 00:53:15 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-7.xml

[2011.10.03 17:07:11 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-8.xml

[2011.10.07 11:42:25 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-9.xml

[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin.xml

[2011.12.30 15:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.01.03 21:07:28 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM

[2011.12.26 13:50:57 | 000,000,000 | ---D | M] (Dealio Toolbar) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF

[2011.12.30 15:08:27 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF

[2012.01.03 21:07:26 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.03 17:06:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.03.23 21:07:16 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[2011.10.05 22:56:11 | 000,002,503 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

[2011.11.09 14:25:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: ICQ Search (Enabled)

CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome

CHR - default_search_provider: suggest_url = 

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lukas\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Lukas\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lukas\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Lukas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = D:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Angry Birds = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: AutocompletePro plugin for chrome = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.0_0\

CHR - Extension: DealPly = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_1\

CHR - Extension: preisspion.de = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\3.0.2_0\

 

O1 HOSTS File: ([2012.01.15 12:36:27 | 000,302,817 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 10437 more lines...

O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.9\dealioToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)

O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.9\dealioToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1111031348\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd File not found

O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe" File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)

O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found

O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKCU..\Run: [Firefox helper] C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\firefox.exe ()

O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4 File not found

O4 - HKCU..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found

O4 - HKCU..\Run: [RocketDock] D:\Program Files\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [Steam] d:\program files\steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [WindowsUpdateManager] C:\Users\Public\winsvcn.exe File not found

O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk = C:\Programme\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18A3BD8A-31C8-4CC1-A77A-718C3971F1B9}: NameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A911BB44-CA78-46D9-A46A-AFE29B05C8AA}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) -C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) -C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{ba789175-6a91-11df-8d1b-001eecf9c413}\Shell\AutoRun\command - "" = I:\df.exe

O33 - MountPoints2\{ba789175-6a91-11df-8d1b-001eecf9c413}\Shell\open\Command - "" = I:\df.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

 

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.15 15:06:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\OTL.exe

[2012.01.07 04:54:32 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\schule

[2012.01.03 03:49:11 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Neuer Ordner\Multimedia\Documents\Meine empfangenen Dateien

[2011.12.30 15:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar

[2011.12.26 13:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar

[2011.12.25 17:27:12 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Neuer Ordner\Multimedia\Documents\Native Instruments

[2011.12.25 17:27:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D2C12600-1639-405E-BBA9-ED45C0EA0333}

[2011.12.25 17:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign

[2011.12.25 17:26:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

[2011.12.25 17:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments

[2011.12.25 17:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments

[2011.12.25 01:39:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0503F8F4-705A-448A-B340-94B42D7504BD}

[2011.12.25 01:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments

[2011.12.25 01:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments

[2011.12.25 01:39:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Skanner

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.15 15:06:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\OTL.exe

[2012.01.15 14:34:36 | 000,000,552 | ---- | M] () -- C:\Users\Lukas\AppData\Local\d3d8caps.dat

[2012.01.15 14:34:34 | 000,000,680 | ---- | M] () -- C:\Users\Lukas\AppData\Local\d3d9caps.dat

[2012.01.15 14:09:15 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.01.15 14:09:15 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.15 14:09:15 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.01.15 14:09:15 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.01.15 14:04:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.15 13:55:09 | 000,000,340 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2012.01.15 13:53:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.15 13:53:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.15 12:36:27 | 000,302,817 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012.01.15 11:57:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.01.15 11:10:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1867228988-2245487347-2304786991-1000UA.job

[2012.01.14 21:50:26 | 000,860,831 | ---- | M] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\sdgbtfdrzhrdf.jpg

[2012.01.14 21:50:26 | 000,122,545 | ---- | M] () -- C:\Users\Lukas\.recently-used.xbel

[2012.01.14 16:52:11 | 014,719,510 | ---- | M] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\flottes ding.mp3

[2012.01.14 16:44:22 | 000,265,413 | ---- | M] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\flottes ding.wav.asd

[2012.01.14 16:41:57 | 064,901,168 | ---- | M] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\flottes ding.wav

[2012.01.14 12:39:33 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1867228988-2245487347-2304786991-1000Core.job

[2012.01.09 19:42:02 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2012.01.03 04:04:08 | 000,018,869 | ---- | M] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\sfdghjj.odt

[2012.01.02 20:27:13 | 000,111,224 | ---- | M] () -- C:\Windows\System32\KRASS.jpg

[2012.01.01 22:05:53 | 000,346,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.19 15:45:10 | 000,340,851 | ---- | M] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\1c2762643fbb1621014ab47fa42df5220a51e072cff5b5f5e377312219d0c10d.pdf

 
 ========== Files Created - No Company Name ==========

 

[2012.01.15 14:34:36 | 000,000,552 | ---- | C] () -- C:\Users\Lukas\AppData\Local\d3d8caps.dat

[2012.01.14 21:50:26 | 000,860,831 | ---- | C] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\sdgbtfdrzhrdf.jpg

[2012.01.14 21:50:26 | 000,122,545 | ---- | C] () -- C:\Users\Lukas\.recently-used.xbel

[2012.01.14 16:51:59 | 014,719,510 | ---- | C] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\flottes ding.mp3

[2012.01.14 16:44:22 | 000,265,413 | ---- | C] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\flottes ding.wav.asd

[2012.01.14 16:41:57 | 064,901,168 | ---- | C] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\flottes ding.wav

[2012.01.03 04:04:06 | 000,018,869 | ---- | C] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\sfdghjj.odt

[2012.01.02 20:27:13 | 000,111,224 | ---- | C] () -- C:\Windows\System32\KRASS.jpg

[2011.12.19 15:45:10 | 000,340,851 | ---- | C] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\1c2762643fbb1621014ab47fa42df5220a51e072cff5b5f5e377312219d0c10d.pdf

[2011.11.30 14:47:38 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini

[2011.10.26 00:01:08 | 000,011,284 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\TheHunterSettings_live.bin

[2011.10.25 23:59:35 | 000,000,042 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\TheHunterSettings_live.cfg

[2011.10.05 22:56:09 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2011.06.25 11:46:06 | 000,000,524 | ---- | C] () -- C:\Windows\eReg.dat

[2011.05.20 13:56:37 | 000,013,312 | ---- | C] () -- C:\Windows\System32\RdCi1079.dll

[2011.05.20 13:56:37 | 000,004,088 | ---- | C] () -- C:\Windows\System32\RD3T1079.DAT

[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2010.03.16 13:48:48 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2009.12.28 09:46:24 | 000,000,680 | ---- | C] () -- C:\Users\Lukas\AppData\Local\d3d9caps.dat

[2009.10.20 23:59:06 | 000,001,028 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\WavCodec.wff

[2009.08.26 21:47:10 | 000,049,152 | ---- | C] () -- C:\Windows\System32\CM106rm.dll

[2009.08.26 21:47:04 | 000,002,113 | ---- | C] () -- C:\Windows\Cm106.ini.cfg

[2009.08.26 21:47:04 | 000,000,931 | ---- | C] () -- C:\Windows\Cm106.ini.imi

[2009.08.18 22:52:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.08.18 22:52:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.06.09 13:54:57 | 000,000,174 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\wklnhst.dat

[2009.04.23 20:02:39 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe

[2009.03.14 19:08:24 | 000,450,560 | R--- | C] () -- C:\Windows\System32\Cmeau106.exe

[2009.03.14 19:07:41 | 000,000,556 | ---- | C] () -- C:\Windows\Cm106.ini.cfl

[2009.03.14 19:05:13 | 000,065,536 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll

[2009.03.14 19:05:10 | 000,065,536 | R--- | C] () -- C:\Windows\VMix.dll

[2009.01.05 23:11:36 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[2009.01.05 20:55:31 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini

[2009.01.05 19:51:49 | 000,009,728 | ---- | C] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.01.05 19:25:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.11.27 14:42:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2008.11.27 14:11:49 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008.06.13 13:22:34 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.06.13 13:22:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.06.13 13:22:34 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.06.13 13:22:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2008.06.13 05:26:13 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat

[2008.06.13 03:37:30 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2008.05.08 23:14:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008.05.08 22:44:14 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008.03.06 11:40:54 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008.03.04 20:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2007.06.27 14:58:36 | 000,000,872 | R--- | C] () -- C:\Windows\cm106.ini

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,346,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

 
 ========== LOP Check ==========

 

[2011.10.17 02:58:22 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Ableton

[2011.04.15 11:39:06 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Audio Record Edit Toolbox Pro

[2010.04.09 17:54:04 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Audio Recorder for Free

[2011.05.20 14:22:01 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Cakewalk

[2010.04.12 15:01:41 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DAEMON Tools Lite

[2011.03.26 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.01.11 23:23:55 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FileZilla

[2010.11.08 20:44:51 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FOG Downloader

[2011.08.16 13:18:38 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Free Sound Editor

[2011.10.05 22:56:47 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FreeAudioPack

[2010.05.19 22:06:00 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FreeVideoConverter

[2012.01.14 21:50:26 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\gtk-2.0

[2012.01.15 17:08:24 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ICQ

[2011.01.05 00:47:41 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Miranda

[2010.09.13 23:24:06 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\NCH Swift Sound

[2010.06.01 13:48:01 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OpenOffice.org

[2011.11.16 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Origin

[2011.08.13 19:32:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PhotoFiltre

[2009.10.18 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Recordpad

[2009.03.24 20:22:24 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TeamViewer

[2009.06.09 13:54:59 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Template

[2010.02.21 13:26:34 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\The Creative Assembly

[2009.12.17 16:14:40 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Ubisoft

[2011.06.07 13:27:36 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\wargaming.net

[2012.01.09 19:42:02 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2012.01.15 11:57:09 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2009.01.05 09:16:16 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2011.08.16 13:13:34 | 000,000,000 | ---D | M] -- C:\AudioSuite

[2009.08.28 13:49:05 | 000,000,000 | -HSD | M] -- C:\boot

[2011.09.18 18:43:28 | 000,000,000 | ---D | M] -- C:\Cakewalk Projects

[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2009.01.05 08:59:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2009.08.26 21:46:40 | 000,000,000 | ---D | M] -- C:\download

[2011.06.07 13:06:29 | 000,000,000 | ---D | M] -- C:\Games

[2009.01.05 09:06:32 | 000,000,000 | -H-D | M] -- C:\HP

[2008.06.13 05:07:31 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.12.30 15:08:16 | 000,000,000 | R--D | M] -- C:\Program Files

[2011.12.25 17:27:00 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2009.01.05 08:59:03 | 000,000,000 | -HSD | M] -- C:\Programme

[2011.12.29 17:58:38 | 000,000,000 | ---D | M] -- C:\schriftarten

[2009.05.27 14:39:48 | 000,000,000 | ---D | M] -- C:\SWSETUP

[2012.01.15 06:47:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2009.01.05 09:05:01 | 000,000,000 | -H-D | M] -- C:\System.sav

[2009.01.05 09:02:57 | 000,000,000 | R--D | M] -- C:\Users

[2010.03.29 21:45:30 | 000,000,000 | ---D | M] -- C:\UT2004

[2012.01.15 12:02:09 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.06.13 13:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.06.13 13:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.06.13 13:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.01.12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: EXPLORER.EXE  >

[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 < %USERPROFILE%\*.* >

[2010.06.26 12:49:44 | 000,000,067 | ---- | M] () -- C:\Users\Lukas\.gtk-bookmarks

[2012.01.14 21:50:26 | 000,122,545 | ---- | M] () -- C:\Users\Lukas\.recently-used.xbel

[2012.01.15 17:11:39 | 009,437,184 | -HS- | M] () -- C:\Users\Lukas\ntuser.dat

[2012.01.15 17:11:39 | 000,262,144 | -H-- | M] () -- C:\Users\Lukas\ntuser.dat.LOG1

[2009.01.05 09:02:58 | 000,000,000 | -H-- | M] () -- C:\Users\Lukas\ntuser.dat.LOG2

[2012.01.15 13:52:47 | 000,065,536 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2012.01.15 13:52:47 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2009.01.05 09:02:58 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms

[2009.01.05 09:02:59 | 000,000,020 | -HS- | M] () -- C:\Users\Lukas\ntuser.ini

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 

< End of report >

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

:OTL

O4 - HKCU..\Run: [Firefox helper] C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\firefox.exe ()

 :Files

C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\firefox.exe

:Commands

[purity]

[EMPTYFLASH] 

[emptytemp]

[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

hey an dieser stelle schonmal vielen dank. das fenster öffnet sich nichtmehr. super. :) und nun eine frage. ich bin deinen anweisungen gefolgt und bin bis zum anzeigen aller dateien bei der anleitung angekommen und habe nun im ordner _OTL viele Dateien. soll ich alle hochladen?

hey sorry für den doppelpost, aber ist mein rechner nun wieder sauber+sicher? und soll ich nun alle dateien hochladen?

hi, du sollst, so wie es da steht, ein archiv erstellen und das hochladen.
falls du nen packprogramm benötigst, winrar
http://www.chip.de/downloads/WinRAR-..._12994655.html

Hey ich melde mich mal wieder zurück. Der Virus hat wieder zugeschlagen! Genau das gleiche Problem. Ich weiß nun nicht ob wir das alles wiederholen müssen oder wie wir da vorgehen. Würde mich freuen wieder etwas von euch zu hören. Ich denke mal ich werde das system nochmal entblocken um dateien zu sichern und ein referat vorzubereiten welches ich am mittwoch halten muss. dannach werde ich den rechner formatieren.

warte gespannt auf antworten!
apfelsaft :party:

oman, ist ja auch deine eigene schuld.
hatte hier schon irgendwer gesagt wir währen fertig, nein...
das kommt davon wenn mans besser wissen muss...
neue otl logs bitte.

ja tut mir auch wirklich leid,dass ihr nun wieder mehr arbeit habt. war einfach super froh darüber,dass der rechner wieder lief und hab dann weitere schritte vollkommen vergessen. nunja ich habe das mit otl gemacht,allerdings ist mein rechner irgendwann plötzlich abgestürzt(weiß nicht warum) allerdings ist die otl.txt datei da und am ende steht "end of report". hoffe also,dass alles vollständig ist. extra.txt hab ich nicht bekommen,hatte ich beim letzten mal aber auch nicht.

Code:

OTL logfile created on: 13.02.2012 15:50:55 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 83,99% Memory free

6,19 Gb Paging File | 5,91 Gb Available in Paging File | 95,39% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 224,04 Gb Total Space | 66,19 Gb Free Space | 29,54% Space Free | Partition Type: NTFS

Drive D: | 232,88 Gb Total Space | 193,60 Gb Free Space | 83,13% Space Free | Partition Type: NTFS

Drive E: | 8,84 Gb Total Space | 1,63 Gb Free Space | 18,45% Space Free | Partition Type: NTFS

 

Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.13 15:43:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\OTL.exe

PRC - [2011.03.28 14:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2011.03.28 14:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.06.13 18:42:38 | 000,090,592 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll

MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll

MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.01.05 18:38:48 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.12.13 17:35:24 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2011.06.28 14:54:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.06.13 18:42:08 | 001,036,104 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011.04.27 13:31:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.03.28 14:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2009.07.21 21:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)

SRV - [2009.02.27 17:07:58 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)

SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008.03.26 14:26:56 | 000,341,328 | ---- | M] () [Auto | Stopped] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008.02.12 21:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\AEstSrv.exe -- (AESTFilters)

SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.06.28 14:54:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.28 14:54:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.04.12 14:55:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009.10.14 17:50:34 | 000,145,920 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rdwm1079.sys -- (RDID1079)

DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2009.09.05 15:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.07.21 21:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.04.23 16:40:48 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.05.09 02:01:42 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008.04.28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

DRV - [2008.04.11 18:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008.01.24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007.04.13 15:13:16 | 001,307,136 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM106.sys -- (CM1063264)

DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)

DRV - [2005.08.17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2005.08.17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2005.08.17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.9\dealioToolbarIE.dll (Spigot, Inc.)

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1111031348\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.order.1: "Web Search"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/"

FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7

FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lukas\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lukas\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.13 14:36:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.13 12:35:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.08.16 21:29:24 | 000,000,000 | ---D | M]

 

[2011.10.05 22:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions

[2012.02.13 14:39:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions

[2012.01.05 03:12:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.01.09 05:38:52 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2011.10.05 22:56:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2010.09.11 22:19:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.03.17 01:55:22 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

[2011.08.16 21:25:36 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2011.05.06 21:56:19 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\engine@conduit.com

[2011.11.19 00:17:33 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\support@predictad.com

[2011.01.14 13:16:53 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\aek9sqw8.default\extensions\toolbar@ask.com

[2012.02.07 19:40:54 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-1.xml

[2011.12.26 12:45:23 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-2.xml

[2011.06.23 22:01:36 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-3.xml

[2011.01.05 00:42:35 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-4.xml

[2011.08.19 20:03:05 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-5.xml

[2011.09.01 10:59:47 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-6.xml

[2011.09.12 00:53:15 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-7.xml

[2011.10.03 17:07:11 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-8.xml

[2011.10.07 11:42:25 | 000,000,950 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin-9.xml

[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\searchplugins\icqplugin.xml

[2011.12.30 15:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.01.03 21:07:28 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM

[2011.12.26 13:50:57 | 000,000,000 | ---D | M] (Dealio Toolbar) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF

[2011.12.30 15:08:27 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF

[2012.02.13 14:36:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.13 14:36:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.03.23 21:07:16 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[2011.10.05 22:56:11 | 000,002,503 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

[2012.02.13 14:36:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: ICQ Search (Enabled)

CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome

CHR - default_search_provider: suggest_url = 

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lukas\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Lukas\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lukas\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Lukas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = D:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Angry Birds = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: AutocompletePro plugin for chrome = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.0_0\

CHR - Extension: DealPly = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_1\

CHR - Extension: preisspion.de = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\3.0.2_0\

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.9\dealioToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)

O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.9\dealioToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1111031348\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd File not found

O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe" File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)

O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found

O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)

O4 - HKCU..\Run: [EPSON S22 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [ffdwnd] C:\Users\Lukas\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)

O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4 File not found

O4 - HKCU..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found

O4 - HKCU..\Run: [RocketDock] D:\Program Files\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [Steam] d:\program files\steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [WindowsUpdateManager] C:\Users\Public\winsvcn.exe File not found

O4 - HKCU..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()

O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk = C:\Programme\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18A3BD8A-31C8-4CC1-A77A-718C3971F1B9}: NameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A911BB44-CA78-46D9-A46A-AFE29B05C8AA}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) -C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) -C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{ba789175-6a91-11df-8d1b-001eecf9c413}\Shell\AutoRun\command - "" = I:\df.exe

O33 - MountPoints2\{ba789175-6a91-11df-8d1b-001eecf9c413}\Shell\open\Command - "" = I:\df.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

 

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.13 15:43:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\OTL.exe

[2012.01.28 10:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.01.26 16:01:13 | 000,000,000 | ---D | C] -- C:\AMD

[2012.01.22 21:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON

[2012.01.22 21:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL

[2012.01.22 21:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software

[2012.01.22 21:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software

[2012.01.22 21:36:41 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\InstallShield

[2012.01.22 21:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson

[2012.01.22 21:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\Epson

[2012.01.22 21:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON

[2012.01.21 03:00:48 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur

[2012.01.15 18:07:07 | 000,000,000 | ---D | C] -- C:\_OTL

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.13 15:46:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.13 15:43:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\OTL.exe

[2012.02.13 14:50:44 | 000,000,680 | ---- | M] () -- C:\Users\Lukas\AppData\Local\d3d9caps.dat

[2012.02.13 14:22:56 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1867228988-2245487347-2304786991-1000UA.job

[2012.02.13 14:21:47 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1867228988-2245487347-2304786991-1000Core.job

[2012.02.13 02:39:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.13 02:39:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.07 01:22:50 | 000,115,954 | ---- | M] () -- C:\Users\Lukas\.recently-used.xbel

[2012.02.06 19:42:04 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2012.02.06 12:56:03 | 000,000,340 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2012.02.06 12:14:36 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.02.02 15:21:56 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.02.02 15:21:56 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.02.02 15:21:56 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.02.02 15:21:56 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.02.01 13:46:42 | 228,919,542 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.01.31 16:23:51 | 000,003,006 | ---- | M] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\sdf.rtf

[2012.01.28 13:15:11 | 000,023,031 | ---- | M] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\roxy bewerbung.odt

[2012.01.26 16:17:05 | 000,367,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.01.24 19:32:09 | 176,429,464 | ---- | M] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\Oliver_Schories-Live@Luft+Liebe_Festival_Berlin_(06-08-2011).mp3

[2012.01.22 21:39:16 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss

[2012.01.15 14:34:36 | 000,000,552 | ---- | M] () -- C:\Users\Lukas\AppData\Local\d3d8caps.dat

[2012.01.14 21:50:26 | 000,860,831 | ---- | M] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\sdgbtfdrzhrdf.jpg

 
 ========== Files Created - No Company Name ==========

 

[2012.02.07 01:22:50 | 000,115,954 | ---- | C] () -- C:\Users\Lukas\.recently-used.xbel

[2012.01.31 16:23:51 | 000,003,006 | ---- | C] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\sdf.rtf

[2012.01.27 21:35:50 | 000,023,031 | ---- | C] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\roxy bewerbung.odt

[2012.01.24 19:23:34 | 176,429,464 | ---- | C] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\Oliver_Schories-Live@Luft+Liebe_Festival_Berlin_(06-08-2011).mp3

[2012.01.22 21:39:06 | 000,000,306 | ---- | C] () -- C:\Windows\setup.iss

[2012.01.15 14:34:36 | 000,000,552 | ---- | C] () -- C:\Users\Lukas\AppData\Local\d3d8caps.dat

[2012.01.14 21:50:26 | 000,860,831 | ---- | C] () -- C:\Users\Lukas\Neuer Ordner\Multimedia\Desktop\sdgbtfdrzhrdf.jpg

[2011.11.30 14:47:38 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini

[2011.10.26 00:01:08 | 000,011,284 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\TheHunterSettings_live.bin

[2011.10.25 23:59:35 | 000,000,042 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\TheHunterSettings_live.cfg

[2011.10.05 22:56:09 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2011.06.25 11:46:06 | 000,000,524 | ---- | C] () -- C:\Windows\eReg.dat

[2011.05.20 13:56:37 | 000,013,312 | ---- | C] () -- C:\Windows\System32\RdCi1079.dll

[2011.05.20 13:56:37 | 000,004,088 | ---- | C] () -- C:\Windows\System32\RD3T1079.DAT

[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2010.03.16 13:48:48 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2009.12.28 09:46:24 | 000,000,680 | ---- | C] () -- C:\Users\Lukas\AppData\Local\d3d9caps.dat

[2009.10.20 23:59:06 | 000,001,028 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\WavCodec.wff

[2009.08.26 21:47:10 | 000,049,152 | ---- | C] () -- C:\Windows\System32\CM106rm.dll

[2009.08.26 21:47:04 | 000,002,113 | ---- | C] () -- C:\Windows\Cm106.ini.cfg

[2009.08.26 21:47:04 | 000,000,931 | ---- | C] () -- C:\Windows\Cm106.ini.imi

[2009.08.18 22:52:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.08.18 22:52:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.06.09 13:54:57 | 000,000,174 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\wklnhst.dat

[2009.04.23 20:02:39 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe

[2009.03.14 19:08:24 | 000,450,560 | R--- | C] () -- C:\Windows\System32\Cmeau106.exe

[2009.03.14 19:07:41 | 000,000,556 | ---- | C] () -- C:\Windows\Cm106.ini.cfl

[2009.03.14 19:05:13 | 000,065,536 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll

[2009.03.14 19:05:10 | 000,065,536 | R--- | C] () -- C:\Windows\VMix.dll

[2009.01.05 23:11:36 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[2009.01.05 20:55:31 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini

[2009.01.05 19:51:49 | 000,009,728 | ---- | C] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.01.05 19:25:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.11.27 14:42:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2008.11.27 14:11:49 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008.06.13 13:22:34 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.06.13 13:22:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.06.13 13:22:34 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.06.13 13:22:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2008.06.13 05:26:13 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat

[2008.06.13 03:37:30 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2008.05.08 23:14:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008.05.08 22:44:14 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008.03.06 11:40:54 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008.03.04 20:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2007.06.27 14:58:36 | 000,000,872 | R--- | C] () -- C:\Windows\cm106.ini

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,367,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

 
 ========== LOP Check ==========

 

[2011.10.17 02:58:22 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Ableton

[2011.04.15 11:39:06 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Audio Record Edit Toolbox Pro

[2010.04.09 17:54:04 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Audio Recorder for Free

[2011.05.20 14:22:01 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Cakewalk

[2010.04.12 15:01:41 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DAEMON Tools Lite

[2011.03.26 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.01.30 21:46:14 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FileZilla

[2010.11.08 20:44:51 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FOG Downloader

[2011.08.16 13:18:38 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Free Sound Editor

[2011.10.05 22:56:47 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FreeAudioPack

[2010.05.19 22:06:00 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FreeVideoConverter

[2012.02.07 01:22:50 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\gtk-2.0

[2012.02.10 23:17:43 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ICQ

[2011.01.05 00:47:41 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Miranda

[2010.09.13 23:24:06 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\NCH Swift Sound

[2010.06.01 13:48:01 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OpenOffice.org

[2012.01.26 17:20:44 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Origin

[2011.08.13 19:32:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PhotoFiltre

[2009.10.18 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Recordpad

[2009.03.24 20:22:24 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TeamViewer

[2009.06.09 13:54:59 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Template

[2010.02.21 13:26:34 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\The Creative Assembly

[2009.12.17 16:14:40 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Ubisoft

[2011.06.07 13:27:36 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\wargaming.net

[2012.02.06 19:42:04 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2012.02.06 12:14:40 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2009.01.05 09:16:16 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2012.01.26 16:01:13 | 000,000,000 | ---D | M] -- C:\AMD

[2011.08.16 13:13:34 | 000,000,000 | ---D | M] -- C:\AudioSuite

[2009.08.28 13:49:05 | 000,000,000 | -HSD | M] -- C:\boot

[2011.09.18 18:43:28 | 000,000,000 | ---D | M] -- C:\Cakewalk Projects

[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2009.01.05 08:59:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2009.08.26 21:46:40 | 000,000,000 | ---D | M] -- C:\download

[2011.06.07 13:06:29 | 000,000,000 | ---D | M] -- C:\Games

[2009.01.05 09:06:32 | 000,000,000 | -H-D | M] -- C:\HP

[2008.06.13 05:07:31 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.01.22 21:39:15 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.01.22 21:41:08 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2009.01.05 08:59:03 | 000,000,000 | -HSD | M] -- C:\Programme

[2012.01.26 12:37:43 | 000,000,000 | ---D | M] -- C:\schriftarten

[2009.05.27 14:39:48 | 000,000,000 | ---D | M] -- C:\SWSETUP

[2012.02.12 09:11:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2009.01.05 09:05:01 | 000,000,000 | -H-D | M] -- C:\System.sav

[2009.01.05 09:02:57 | 000,000,000 | R--D | M] -- C:\Users

[2010.03.29 21:45:30 | 000,000,000 | ---D | M] -- C:\UT2004

[2012.02.13 14:34:16 | 000,000,000 | ---D | M] -- C:\Windows

[2012.01.15 18:15:50 | 000,000,000 | ---D | M] -- C:\_OTL

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.06.13 13:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.06.13 13:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.06.13 13:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.01.12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: EXPLORER.EXE  >

[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 < %USERPROFILE%\*.* >

[2010.06.26 12:49:44 | 000,000,067 | ---- | M] () -- C:\Users\Lukas\.gtk-bookmarks

[2012.02.07 01:22:50 | 000,115,954 | ---- | M] () -- C:\Users\Lukas\.recently-used.xbel

[2012.02.13 16:00:55 | 006,553,600 | -HS- | M] () -- C:\Users\Lukas\ntuser.dat

[2012.02.13 16:00:54 | 000,262,144 | -H-- | M] () -- C:\Users\Lukas\ntuser.dat.LOG1

[2009.01.05 09:02:58 | 000,000,000 | -H-- | M] () -- C:\Users\Lukas\ntuser.dat.LOG2

[2012.02.13 15:45:03 | 000,065,536 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2012.02.13 15:45:03 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2009.01.05 09:02:58 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms

[2009.01.05 09:02:59 | 000,000,020 | -HS- | M] () -- C:\Users\Lukas\ntuser.ini

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 

< End of report >

Code:

:OTL

O4 - HKCU..\Run: [ffdwnd] C:\Users\Lukas\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)

 :Files

C:\Users\Lukas\AppData\Local\Mozilla\Firefox\firefox.exe

:Commands

[purity]

[EMPTYFLASH] 

[emptytemp]

[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

also die datei ist beim uploadchannel hochgeladen und hier das Textdokument:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ffdwnd deleted successfully.

C:\Users\Lukas\AppData\Local\Mozilla\Firefox\firefox.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Lukas

->Flash cache emptied: 5672927 bytes

 

User: Public

 

Total Flash Files Cleaned = 5,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Lukas

->Temp folder emptied: 1672598946 bytes

->Temporary Internet Files folder emptied: 27082699 bytes

->Java cache emptied: 454105 bytes

->FireFox cache emptied: 6379992 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3056673 bytes

RecycleBin emptied: 147458059 bytes

 

Total Files Cleaned = 1.771,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 02132012_170427
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Code:

ComboFix 12-02-13.01 - Lukas 13.02.2012  19:43:45.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1754 [GMT 1:00]

ausgeführt von:: c:\users\Lukas\Neuer Ordner\Multimedia\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\AutocompletePro

c:\program files\AutocompletePro\AutocompletePro.dll

c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx

c:\program files\AutocompletePro\FireFoxExtension.exe

c:\program files\AutocompletePro\InstTracker.exe

c:\program files\AutocompletePro\support@predictad.com\chrome.manifest

c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul

c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js

c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul

c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js

c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js

c:\program files\AutocompletePro\support@predictad.com\install.rdf

c:\program files\AutocompletePro\unins000.dat

c:\program files\AutocompletePro\unins000.exe

c:\program files\Dealio Toolbar

c:\program files\Dealio Toolbar\FF\chrome.manifest

c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js

c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul

c:\program files\Dealio Toolbar\FF\chrome\content\JSWidget.js

c:\program files\Dealio Toolbar\FF\chrome\content\login.js

c:\program files\Dealio Toolbar\FF\chrome\content\login.xul

c:\program files\Dealio Toolbar\FF\chrome\content\parser.js

c:\program files\Dealio Toolbar\FF\chrome\content\RadioWidget.js

c:\program files\Dealio Toolbar\FF\chrome\content\RadioWidget.xul

c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js

c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js

c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul

c:\program files\Dealio Toolbar\FF\chrome\content\utils.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul

c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js

c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd

c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd

c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties

c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\facebook.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\googleplus.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\radio-close.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\radio-minimize.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\radiobeta.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-wmrk-baidu.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-wmrk-yahoo.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-wmrk-yandex.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_baidu.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_yandex.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css

c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\twitter.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css

c:\program files\Dealio Toolbar\FF\install.rdf

c:\program files\Dealio Toolbar\IE\4.9\config.ini

c:\program files\Dealio Toolbar\IE\4.9\dealioToolbarIE.dll

c:\program files\Dealio Toolbar\Res\amazon.gif

c:\program files\Dealio Toolbar\Res\apple.gif

c:\program files\Dealio Toolbar\Res\barnes.gif

c:\program files\Dealio Toolbar\Res\bestbuy.gif

c:\program files\Dealio Toolbar\Res\dealio_logo.gif

c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif

c:\program files\Dealio Toolbar\Res\ebay.gif

c:\program files\Dealio Toolbar\Res\facebook.gif

c:\program files\Dealio Toolbar\Res\googleplus.gif

c:\program files\Dealio Toolbar\Res\icon_settings.gif

c:\program files\Dealio Toolbar\Res\Lang\res1031.ini

c:\program files\Dealio Toolbar\Res\Lang\res1033.ini

c:\program files\Dealio Toolbar\Res\Lang\res1034.ini

c:\program files\Dealio Toolbar\Res\Lang\res1036.ini

c:\program files\Dealio Toolbar\Res\Lang\res1040.ini

c:\program files\Dealio Toolbar\Res\macys.gif

c:\program files\Dealio Toolbar\Res\newegg.gif

c:\program files\Dealio Toolbar\Res\overstock.gif

c:\program files\Dealio Toolbar\Res\radio-close.gif

c:\program files\Dealio Toolbar\Res\radio-minimize.gif

c:\program files\Dealio Toolbar\Res\radiobeta.gif

c:\program files\Dealio Toolbar\Res\search-button-hover.gif

c:\program files\Dealio Toolbar\Res\search-button.gif

c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif

c:\program files\Dealio Toolbar\Res\search-chevron.gif

c:\program files\Dealio Toolbar\Res\search_amazon.gif

c:\program files\Dealio Toolbar\Res\search_baidu.gif

c:\program files\Dealio Toolbar\Res\search_dealio.gif

c:\program files\Dealio Toolbar\Res\search_ebay.gif

c:\program files\Dealio Toolbar\Res\search_yahoo.gif

c:\program files\Dealio Toolbar\Res\search_yandex.gif

c:\program files\Dealio Toolbar\Res\target.gif

c:\program files\Dealio Toolbar\Res\twitter.gif

c:\program files\Dealio Toolbar\Res\walmart.gif

c:\program files\Dealio Toolbar\Res\widgets.xml

c:\program files\Dealio Toolbar\WidgiHelper.exe

c:\program files\Search Settings

c:\program files\Windows Searchqu Toolbar

c:\program files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll

c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll

c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe

c:\program files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf

c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.alt

c:\program files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\.project

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\border-radius.htc

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\ie7style.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\IE7Styles.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\poweredby-couponwinner.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.jsw

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe

c:\program files\Windows Searchqu Toolbar\uninstall.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-13 bis 2012-02-13  ))))))))))))))))))))))))))))))

.

.

2012-02-13 18:57 . 2012-02-13 18:57        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-13 18:36 . 2012-02-13 18:36        --------        d-----w-        c:\users\Lukas\Adlsoft Uncompressor

2012-02-11 13:43 . 2012-02-11 13:43        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{34C43312-353F-43E9-B388-FF46B6D502B7}\offreg.dll

2012-02-10 12:41 . 2012-01-06 04:19        6557240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{34C43312-353F-43E9-B388-FF46B6D502B7}\mpengine.dll

2012-01-26 15:01 . 2012-01-26 15:01        --------        d-----w-        C:\AMD

2012-01-22 20:48 . 2012-01-22 20:48        --------        d-----w-        c:\program files\Common Files\EPSON

2012-01-22 20:41 . 2012-01-22 20:41        --------        d-----w-        c:\programdata\UDL

2012-01-22 20:39 . 2012-01-22 20:39        --------        d-----w-        c:\program files\Epson Software

2012-01-22 20:36 . 2012-01-22 20:36        --------        d-----w-        c:\users\Lukas\AppData\Roaming\InstallShield

2012-01-22 20:36 . 2012-01-22 20:36        --------        d-----w-        c:\program files\Epson

2012-01-22 20:35 . 2007-04-10 01:06        8192        ----a-w-        c:\windows\system32\E_DCINST.DLL

2012-01-22 20:35 . 2008-11-12 03:00        93696        ----a-w-        c:\windows\system32\E_FLBGEE.DLL

2012-01-22 20:35 . 2009-10-01 03:01        63488        ----a-w-        c:\windows\system32\E_FD4BGEE.DLL

2012-01-22 20:35 . 2012-01-22 20:48        --------        d-----w-        c:\programdata\EPSON

2012-01-21 02:00 . 2012-01-21 02:00        --------        d-----w-        c:\windows\CheckSur

2012-01-19 13:08 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\system32\winhttp.dll

2012-01-19 13:08 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\system32\schannel.dll

2012-01-19 13:08 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll

2012-01-19 13:08 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe

2012-01-19 13:08 . 2011-11-17 06:48        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-01-19 13:08 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll

2012-01-15 17:07 . 2012-02-13 16:12        --------        d-----w-        C:\_OTL

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-26 23:21 . 2009-10-03 08:05        237072        ------w-        c:\windows\system32\MpSigStub.exe

2011-11-25 15:59 . 2012-01-11 17:08        376320        ----a-w-        c:\windows\system32\winsrv.dll

2011-11-23 19:31 . 2011-08-28 08:08        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:37 . 2011-12-15 14:36        2043904        ----a-w-        c:\windows\system32\win32k.sys

2011-11-18 20:23 . 2012-01-11 17:08        1205064        ----a-w-        c:\windows\system32\ntdll.dll

2011-11-18 17:47 . 2012-01-11 17:08        66560        ----a-w-        c:\windows\system32\packager.dll

2009-01-27 01:34 . 2009-01-27 01:34        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll

2009-01-27 01:34 . 2009-01-27 01:34        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll

2012-02-13 13:36 . 2011-05-05 21:03        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]

2011-06-22 03:02        252832        ----a-w-        c:\program files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-06-16 16:22        1144712        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="d:\program files\steam\steam.exe" [2011-08-05 1242448]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]

"EADM"="c:\program files\Origin\Origin.exe" [2012-01-11 28201096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-06-13 528832]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-18 281768]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]

"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-08-14 800768]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-13 669936]

.

c:\users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

Privoxy.lnk - c:\program files\Privoxy\privoxy.exe [2010-2-20 352256]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\WI9130~1\Datamngr\datamngr.dll c:\progra~1\WI9130~1\Datamngr\IEBHO.dll 

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe [2008-02-12 73728]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-02-26 13:06        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:42]

.

2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1867228988-2245487347-2304786991-1000Core.job

- c:\users\Lukas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 01:52]

.

2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1867228988-2245487347-2304786991-1000UA.job

- c:\users\Lukas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 01:52]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube to Mp3 Converter - c:\users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{18A3BD8A-31C8-4CC1-A77A-718C3971F1B9}: NameServer = 192.168.178.1

FF - ProfilePath - c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\aek9sqw8.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://de-de.facebook.com/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=

FF - user.js: yahoo.homepage.dontask - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-10 - (no file)

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

HKCU-Run-RGSC - d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

HKCU-Run-ICQ - c:\program files\ICQ7.4\ICQ.exe

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

HKLM-Run-CM106Sound - CM106.cpl

HKLM-Run-UnlockerAssistant - d:\program files\Unlocker\UnlockerAssistant.exe

HKLM-Run-DATAMNGR - c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE

AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe

AddRemove-Searchqu 0 MediaBar - c:\program files\Windows Searchqu Toolbar\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-02-13 19:57

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net

Windows 6.0.6002 Disk: WDC_WD2500BEVT-60ZCT1 rev.13.01A13 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!! 

sectors 488397166 (+0): user != kernel

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1867228988-2245487347-2304786991-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:f5,18,7e,9d,be,b0,de,b1,ca,5e,e0,f5,8a,3d,43,f2,fe,d9,7e,ac,47,57,78,

   2a,05,c3,1e,07,b9,49,b8,78,ab,30,cb,49,3c,93,2c,2b,46,97,c2,50,0a,42,fc,ac,\

"??"=hex:d5,12,2b,5f,79,77,4a,5f,a5,ae,b6,28,66,5d,0d,2f

.

[HKEY_USERS\S-1-5-21-1867228988-2245487347-2304786991-1000\Software\SecuROM\License information*]

"datasecu"=hex:6c,f2,7a,e5,76,b2,e0,75,7e,0a,b4,3a,0e,2e,90,ca,6a,99,c8,e6,b3,

   2c,e2,64,ac,f3,4b,cd,f2,d0,df,37,81,ce,85,02,0e,a1,e1,57,dc,5c,3f,11,d3,23,\

"rkeysecu"=hex:08,99,16,81,47,d3,c4,a6,91,0d,0f,1a,71,f7,f5,b8

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2012-02-13  20:02:18

ComboFix-quarantined-files.txt  2012-02-13 19:01

.

Vor Suchlauf: 14 Verzeichnis(se), 69.530.456.064 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 69.468.651.520 Bytes frei

.

- - End Of File - - C0B518B489BBC528A6443A8993A110C9

download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Hey,
hier sind die Logs. :)

wieso otl? tdss killer steht doch da.

Oh Entschuldigung, als ich nach dem Scan keine Textdateien auf'm Desktop fand,dachte ich an Otl. Also der findet folgendes:

Service: sptd
Suspicious object, medium risk

das ganze log bitte, liegt auf c:
tdss-killer-datum.txt

Jetzt aber :D

Code:

14:32:14.0892 3608        TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52

14:32:15.0193 3608        ============================================================

14:32:15.0193 3608        Current date / time: 2012/02/14 14:32:15.0193

14:32:15.0193 3608        SystemInfo:

14:32:15.0194 3608        

14:32:15.0194 3608        OS Version: 6.0.6002 ServicePack: 2.0

14:32:15.0194 3608        Product type: Workstation

14:32:15.0194 3608        ComputerName: LUKAS-PC

14:32:15.0194 3608        UserName: Lukas

14:32:15.0194 3608        Windows directory: C:\Windows

14:32:15.0194 3608        System windows directory: C:\Windows

14:32:15.0194 3608        Processor architecture: Intel x86

14:32:15.0194 3608        Number of processors: 2

14:32:15.0194 3608        Page size: 0x1000

14:32:15.0194 3608        Boot type: Normal boot

14:32:15.0194 3608        ============================================================

14:32:16.0296 3608        Drive \Device\Harddisk2\DR2 - Size: 0x3D080000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058

14:32:16.0359 3608        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:32:16.0385 3608        Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:32:16.0391 3608        Drive \Device\Harddisk2\DR2 - Size: 0x3D080000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

14:32:16.0392 3608        \Device\Harddisk2\DR2:

14:32:16.0392 3608        MBR used

14:32:16.0392 3608        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x1E830B

14:32:16.0392 3608        \Device\Harddisk0\DR0:

14:32:16.0393 3608        MBR used

14:32:16.0393 3608        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542

14:32:16.0393 3608        \Device\Harddisk1\DR1:

14:32:16.0393 3608        MBR used

14:32:16.0393 3608        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C0137C1

14:32:16.0394 3608        \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1C013800, BlocksNum 0x11B0800

14:32:16.0394 3608        \Device\Harddisk2\DR2:

14:32:16.0394 3608        MBR used

14:32:16.0394 3608        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x1E830B

14:32:16.0487 3608        Initialize success

14:32:16.0488 3608        ============================================================

14:32:21.0876 5120        ============================================================

14:32:21.0876 5120        Scan started

14:32:21.0876 5120        Mode: Manual; SigCheck; TDLFS; 

14:32:21.0876 5120        ============================================================

14:32:22.0977 5120        Accelerometer   (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys

14:32:23.0154 5120        Accelerometer - ok

14:32:23.0221 5120        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

14:32:23.0246 5120        ACPI - ok

14:32:23.0307 5120        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

14:32:23.0354 5120        adp94xx - ok

14:32:23.0374 5120        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

14:32:23.0411 5120        adpahci - ok

14:32:23.0448 5120        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

14:32:23.0466 5120        adpu160m - ok

14:32:23.0521 5120        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

14:32:23.0539 5120        adpu320 - ok

14:32:23.0715 5120        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

14:32:23.0817 5120        AFD - ok

14:32:23.0883 5120        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

14:32:23.0934 5120        agp440 - ok

14:32:24.0001 5120        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

14:32:24.0019 5120        aic78xx - ok

14:32:24.0043 5120        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

14:32:24.0057 5120        aliide - ok

14:32:24.0099 5120        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

14:32:24.0112 5120        amdagp - ok

14:32:24.0127 5120        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

14:32:24.0141 5120        amdide - ok

14:32:24.0183 5120        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

14:32:24.0364 5120        AmdK7 - ok

14:32:24.0396 5120        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

14:32:24.0471 5120        AmdK8 - ok

14:32:24.0695 5120        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

14:32:24.0711 5120        arc - ok

14:32:24.0751 5120        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

14:32:24.0766 5120        arcsas - ok

14:32:24.0834 5120        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

14:32:24.0916 5120        AsyncMac - ok

14:32:25.0040 5120        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

14:32:25.0053 5120        atapi - ok

14:32:25.0233 5120        athr            (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys

14:32:25.0435 5120        athr - ok

14:32:25.0676 5120        atikmdag        (2dc63afb58a1b166cf1d1b5a9f144135) C:\Windows\system32\DRIVERS\atikmdag.sys

14:32:25.0933 5120        atikmdag - ok

14:32:25.0989 5120        AtiPcie         (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys

14:32:26.0023 5120        AtiPcie - ok

14:32:26.0124 5120        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

14:32:26.0135 5120        avgio - ok

14:32:26.0184 5120        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

14:32:26.0213 5120        avgntflt - ok

14:32:26.0256 5120        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

14:32:26.0272 5120        avipbb - ok

14:32:26.0361 5120        BCM43XV         (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys

14:32:26.0671 5120        BCM43XV - ok

14:32:26.0773 5120        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

14:32:26.0829 5120        Beep - ok

14:32:26.0911 5120        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

14:32:26.0963 5120        blbdrive - ok

14:32:27.0064 5120        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

14:32:27.0158 5120        bowser - ok

14:32:27.0216 5120        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

14:32:27.0323 5120        BrFiltLo - ok

14:32:27.0375 5120        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

14:32:27.0422 5120        BrFiltUp - ok

14:32:27.0469 5120        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

14:32:27.0538 5120        Brserid - ok

14:32:27.0568 5120        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

14:32:27.0639 5120        BrSerWdm - ok

14:32:27.0675 5120        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

14:32:27.0747 5120        BrUsbMdm - ok

14:32:27.0784 5120        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

14:32:27.0844 5120        BrUsbSer - ok

14:32:27.0897 5120        BthEnum         (cce53afc28347cc18ea139972e5b5e5a) C:\Windows\system32\DRIVERS\BthEnum.sys

14:32:27.0969 5120        BthEnum - ok

14:32:28.0020 5120        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

14:32:28.0082 5120        BTHMODEM - ok

14:32:28.0137 5120        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

14:32:28.0194 5120        BthPan - ok

14:32:28.0265 5120        BTHPORT         (ac8a1689d5efc4d214201155a78d8f4b) C:\Windows\system32\Drivers\BTHport.sys

14:32:28.0332 5120        BTHPORT - ok

14:32:28.0379 5120        BTHUSB          (288c1f74e3e2eed6c7b54eb3aac70856) C:\Windows\system32\Drivers\BTHUSB.sys

14:32:28.0413 5120        BTHUSB - ok

14:32:28.0516 5120        catchme - ok

14:32:28.0621 5120        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

14:32:28.0670 5120        cdfs - ok

14:32:28.0746 5120        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

14:32:28.0793 5120        cdrom - ok

14:32:28.0835 5120        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

14:32:28.0885 5120        circlass - ok

14:32:28.0948 5120        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

14:32:28.0971 5120        CLFS - ok

14:32:29.0085 5120        CM1063264       (c3061bac1ce30dcfdef826e09df56d68) C:\Windows\system32\drivers\CM106.sys

14:32:29.0217 5120        CM1063264 - ok

14:32:29.0267 5120        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

14:32:29.0323 5120        CmBatt - ok

14:32:29.0363 5120        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

14:32:29.0376 5120        cmdide - ok

14:32:29.0426 5120        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

14:32:29.0441 5120        Compbatt - ok

14:32:29.0466 5120        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

14:32:29.0479 5120        crcdisk - ok

14:32:29.0523 5120        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

14:32:29.0576 5120        Crusoe - ok

14:32:29.0668 5120        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

14:32:29.0732 5120        DfsC - ok

14:32:29.0838 5120        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

14:32:29.0852 5120        disk - ok

14:32:29.0931 5120        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

14:32:29.0973 5120        drmkaud - ok

14:32:30.0025 5120        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

14:32:30.0071 5120        DXGKrnl - ok

14:32:30.0104 5120        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

14:32:30.0154 5120        E1G60 - ok

14:32:30.0383 5120        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

14:32:30.0401 5120        Ecache - ok

14:32:30.0457 5120        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

14:32:30.0510 5120        elxstor - ok

14:32:30.0581 5120        enecir          (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys

14:32:30.0635 5120        enecir - ok

14:32:30.0681 5120        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

14:32:30.0735 5120        ErrDev - ok

14:32:30.0823 5120        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

14:32:30.0877 5120        exfat - ok

14:32:30.0949 5120        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

14:32:30.0978 5120        fastfat - ok

14:32:31.0032 5120        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

14:32:31.0082 5120        fdc - ok

14:32:31.0128 5120        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

14:32:31.0144 5120        FileInfo - ok

14:32:31.0174 5120        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

14:32:31.0227 5120        Filetrace - ok

14:32:31.0256 5120        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

14:32:31.0299 5120        flpydisk - ok

14:32:31.0364 5120        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

14:32:31.0383 5120        FltMgr - ok

14:32:31.0459 5120        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

14:32:31.0499 5120        Fs_Rec - ok

14:32:31.0528 5120        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

14:32:31.0543 5120        gagp30kx - ok

14:32:31.0587 5120        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:32:31.0599 5120        GEARAspiWDM - ok

14:32:31.0669 5120        hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys

14:32:31.0682 5120        hamachi - ok

14:32:31.0762 5120        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

14:32:31.0809 5120        HdAudAddService - ok

14:32:31.0853 5120        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:32:31.0936 5120        HDAudBus - ok

14:32:31.0977 5120        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

14:32:32.0057 5120        HidBth - ok

14:32:32.0089 5120        HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

14:32:32.0115 5120        HidIr - ok

14:32:32.0200 5120        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

14:32:32.0274 5120        HidUsb - ok

14:32:32.0343 5120        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

14:32:32.0357 5120        HpCISSs - ok

14:32:32.0415 5120        hpdskflt        (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys

14:32:32.0426 5120        hpdskflt - ok

14:32:32.0481 5120        HpqKbFiltr      (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

14:32:32.0527 5120        HpqKbFiltr - ok

14:32:32.0597 5120        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

14:32:32.0635 5120        HSFHWAZL - ok

14:32:32.0695 5120        HSF_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

14:32:32.0824 5120        HSF_DPV - ok

14:32:32.0905 5120        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

14:32:33.0010 5120        HTTP - ok

14:32:33.0051 5120        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

14:32:33.0071 5120        i2omp - ok

14:32:33.0192 5120        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

14:32:33.0259 5120        i8042prt - ok

14:32:33.0302 5120        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

14:32:33.0324 5120        iaStorV - ok

14:32:33.0363 5120        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

14:32:33.0378 5120        iirsp - ok

14:32:33.0412 5120        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

14:32:33.0428 5120        intelide - ok

14:32:33.0471 5120        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

14:32:33.0520 5120        intelppm - ok

14:32:33.0576 5120        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:32:33.0633 5120        IpFilterDriver - ok

14:32:33.0653 5120        IpInIp - ok

14:32:33.0692 5120        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

14:32:33.0740 5120        IPMIDRV - ok

14:32:33.0766 5120        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

14:32:33.0839 5120        IPNAT - ok

14:32:33.0890 5120        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

14:32:33.0941 5120        IRENUM - ok

14:32:33.0987 5120        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

14:32:34.0012 5120        isapnp - ok

14:32:34.0101 5120        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

14:32:34.0121 5120        iScsiPrt - ok

14:32:34.0149 5120        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

14:32:34.0162 5120        iteatapi - ok

14:32:34.0187 5120        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

14:32:34.0202 5120        iteraid - ok

14:32:34.0230 5120        JMCR            (dedb6cc1b166928a8f3f68def1766db0) C:\Windows\system32\DRIVERS\jmcr.sys

14:32:34.0293 5120        JMCR - ok

14:32:34.0324 5120        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:32:34.0338 5120        kbdclass - ok

14:32:34.0387 5120        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

14:32:34.0428 5120        kbdhid - ok

14:32:34.0496 5120        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

14:32:34.0554 5120        KSecDD - ok

14:32:34.0627 5120        Lbd             (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys

14:32:34.0653 5120        Lbd - ok

14:32:34.0703 5120        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

14:32:34.0761 5120        lltdio - ok

14:32:34.0818 5120        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

14:32:34.0835 5120        LSI_FC - ok

14:32:34.0853 5120        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

14:32:34.0871 5120        LSI_SAS - ok

14:32:34.0887 5120        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

14:32:34.0904 5120        LSI_SCSI - ok

14:32:34.0932 5120        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

14:32:34.0987 5120        luafv - ok

14:32:35.0027 5120        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

14:32:35.0042 5120        megasas - ok

14:32:35.0089 5120        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

14:32:35.0119 5120        MegaSR - ok

14:32:35.0158 5120        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

14:32:35.0212 5120        Modem - ok

14:32:35.0247 5120        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

14:32:35.0299 5120        monitor - ok

14:32:35.0328 5120        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

14:32:35.0343 5120        mouclass - ok

14:32:35.0483 5120        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

14:32:35.0543 5120        mouhid - ok

14:32:35.0571 5120        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

14:32:35.0588 5120        MountMgr - ok

14:32:35.0626 5120        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

14:32:35.0652 5120        mpio - ok

14:32:35.0689 5120        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

14:32:35.0760 5120        mpsdrv - ok

14:32:35.0812 5120        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

14:32:35.0828 5120        Mraid35x - ok

14:32:35.0901 5120        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

14:32:36.0019 5120        MRxDAV - ok

14:32:36.0068 5120        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:32:36.0108 5120        mrxsmb - ok

14:32:36.0163 5120        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:32:36.0206 5120        mrxsmb10 - ok

14:32:36.0240 5120        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:32:36.0267 5120        mrxsmb20 - ok

14:32:36.0336 5120        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

14:32:36.0351 5120        msahci - ok

14:32:36.0383 5120        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

14:32:36.0399 5120        msdsm - ok

14:32:36.0460 5120        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

14:32:36.0518 5120        Msfs - ok

14:32:36.0618 5120        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

14:32:36.0639 5120        msisadrv - ok

14:32:36.0683 5120        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

14:32:36.0735 5120        MSKSSRV - ok

14:32:36.0775 5120        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

14:32:36.0841 5120        MSPCLOCK - ok

14:32:36.0866 5120        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

14:32:36.0940 5120        MSPQM - ok

14:32:37.0005 5120        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

14:32:37.0027 5120        MsRPC - ok

14:32:37.0058 5120        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

14:32:37.0081 5120        mssmbios - ok

14:32:37.0109 5120        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

14:32:37.0194 5120        MSTEE - ok

14:32:37.0234 5120        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

14:32:37.0255 5120        Mup - ok

14:32:37.0352 5120        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

14:32:37.0420 5120        NativeWifiP - ok

14:32:37.0517 5120        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

14:32:37.0568 5120        NDIS - ok

14:32:37.0631 5120        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

14:32:37.0699 5120        NdisTapi - ok

14:32:37.0735 5120        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

14:32:37.0777 5120        Ndisuio - ok

14:32:37.0838 5120        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

14:32:37.0871 5120        NdisWan - ok

14:32:37.0908 5120        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

14:32:37.0972 5120        NDProxy - ok

14:32:38.0012 5120        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

14:32:38.0073 5120        NetBIOS - ok

14:32:38.0128 5120        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

14:32:38.0193 5120        netbt - ok

14:32:38.0261 5120        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

14:32:38.0289 5120        nfrd960 - ok

14:32:38.0359 5120        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

14:32:38.0428 5120        Npfs - ok

14:32:38.0468 5120        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

14:32:38.0529 5120        nsiproxy - ok

14:32:38.0618 5120        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

14:32:38.0721 5120        Ntfs - ok

14:32:38.0751 5120        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

14:32:38.0847 5120        ntrigdigi - ok

14:32:38.0878 5120        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

14:32:38.0944 5120        Null - ok

14:32:39.0018 5120        NVENETFD        (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys

14:32:39.0138 5120        NVENETFD - ok

14:32:39.0174 5120        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

14:32:39.0210 5120        nvraid - ok

14:32:39.0235 5120        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

14:32:39.0257 5120        nvstor - ok

14:32:39.0291 5120        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

14:32:39.0321 5120        nv_agp - ok

14:32:39.0341 5120        NwlnkFlt - ok

14:32:39.0360 5120        NwlnkFwd - ok

14:32:39.0425 5120        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

14:32:39.0476 5120        ohci1394 - ok

14:32:39.0534 5120        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

14:32:39.0680 5120        Parport - ok

14:32:39.0897 5120        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

14:32:39.0914 5120        partmgr - ok

14:32:39.0953 5120        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

14:32:40.0019 5120        Parvdm - ok

14:32:40.0074 5120        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

14:32:40.0097 5120        pci - ok

14:32:40.0136 5120        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

14:32:40.0153 5120        pciide - ok

14:32:40.0187 5120        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

14:32:40.0221 5120        pcmcia - ok

14:32:40.0296 5120        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

14:32:40.0467 5120        PEAUTH - ok

14:32:40.0552 5120        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

14:32:40.0605 5120        PptpMiniport - ok

14:32:40.0645 5120        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys

14:32:40.0689 5120        Processor - ok

14:32:40.0748 5120        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

14:32:40.0801 5120        PSched - ok

14:32:40.0866 5120        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

14:32:40.0981 5120        ql2300 - ok

14:32:41.0019 5120        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

14:32:41.0037 5120        ql40xx - ok

14:32:41.0071 5120        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

14:32:41.0163 5120        QWAVEdrv - ok

14:32:41.0191 5120        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

14:32:41.0291 5120        RasAcd - ok

14:32:41.0332 5120        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:32:41.0401 5120        Rasl2tp - ok

14:32:41.0467 5120        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

14:32:41.0666 5120        RasPppoe - ok

14:32:41.0802 5120        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

14:32:41.0891 5120        RasSstp - ok

14:32:41.0972 5120        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

14:32:42.0100 5120        rdbss - ok

14:32:42.0206 5120        RDID1079        (4dcee40b4154150ea030f96849d5aa01) C:\Windows\system32\Drivers\rdwm1079.sys

14:32:42.0318 5120        RDID1079 - ok

14:32:42.0403 5120        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:32:42.0501 5120        RDPCDD - ok

14:32:42.0545 5120        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

14:32:42.0624 5120        rdpdr - ok

14:32:42.0671 5120        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

14:32:42.0759 5120        RDPENCDD - ok

14:32:42.0823 5120        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

14:32:42.0913 5120        RDPWD - ok

14:32:42.0979 5120        RFCOMM          (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys

14:32:43.0074 5120        RFCOMM - ok

14:32:43.0142 5120        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

14:32:43.0240 5120        rspndr - ok

14:32:43.0300 5120        RTL8169         (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys

14:32:43.0391 5120        RTL8169 - ok

14:32:43.0465 5120        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

14:32:43.0482 5120        sbp2port - ok

14:32:43.0581 5120        sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

14:32:43.0698 5120        sdbus - ok

14:32:43.0727 5120        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:32:43.0832 5120        secdrv - ok

14:32:43.0871 5120        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

14:32:43.0981 5120        Serenum - ok

14:32:44.0028 5120        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

14:32:44.0184 5120        Serial - ok

14:32:44.0253 5120        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

14:32:44.0343 5120        sermouse - ok

14:32:44.0422 5120        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

14:32:44.0494 5120        sffdisk - ok

14:32:44.0527 5120        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

14:32:44.0626 5120        sffp_mmc - ok

14:32:44.0662 5120        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

14:32:44.0751 5120        sffp_sd - ok

14:32:44.0811 5120        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

14:32:44.0933 5120        sfloppy - ok

14:32:44.0979 5120        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

14:32:44.0994 5120        sisagp - ok

14:32:45.0018 5120        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

14:32:45.0033 5120        SiSRaid2 - ok

14:32:45.0059 5120        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

14:32:45.0074 5120        SiSRaid4 - ok

14:32:45.0137 5120        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

14:32:45.0222 5120        Smb - ok

14:32:45.0261 5120        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

14:32:45.0283 5120        spldr - ok

14:32:45.0359 5120        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

14:32:45.0360 5120        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

14:32:45.0363 5120        sptd ( LockedFile.Multi.Generic ) - warning

14:32:45.0363 5120        sptd - detected LockedFile.Multi.Generic (1)

14:32:45.0407 5120        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

14:32:45.0524 5120        srv - ok

14:32:45.0580 5120        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

14:32:45.0644 5120        srv2 - ok

14:32:45.0688 5120        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

14:32:45.0768 5120        srvnet - ok

14:32:45.0836 5120        sscdbus         (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys

14:32:45.0934 5120        sscdbus - ok

14:32:45.0964 5120        sscdmdfl        (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys

14:32:46.0056 5120        sscdmdfl - ok

14:32:46.0112 5120        sscdmdm         (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys

14:32:46.0202 5120        sscdmdm - ok

14:32:46.0269 5120        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

14:32:47.0248 5120        ssmdrv - ok

14:32:47.0650 5120        STHDA           (e69a606872650b46de54ec15dcc93529) C:\Windows\system32\DRIVERS\stwrt.sys

14:32:47.0850 5120        STHDA - ok

14:32:47.0914 5120        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

14:32:47.0928 5120        swenum - ok

14:32:47.0989 5120        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

14:32:48.0004 5120        Symc8xx - ok

14:32:48.0038 5120        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

14:32:48.0053 5120        Sym_hi - ok

14:32:48.0074 5120        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

14:32:48.0089 5120        Sym_u3 - ok

14:32:48.0148 5120        SynTP           (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys

14:32:48.0167 5120        SynTP - ok

14:32:48.0272 5120        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

14:32:48.0363 5120        Tcpip - ok

14:32:48.0410 5120        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

14:32:48.0476 5120        Tcpip6 - ok

14:32:48.0523 5120        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

14:32:48.0656 5120        tcpipreg - ok

14:32:48.0693 5120        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

14:32:48.0787 5120        TDPIPE - ok

14:32:48.0866 5120        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

14:32:48.0937 5120        TDTCP - ok

14:32:48.0995 5120        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

14:32:49.0068 5120        tdx - ok

14:32:49.0140 5120        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

14:32:49.0155 5120        TermDD - ok

14:32:49.0224 5120        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:32:49.0315 5120        tssecsrv - ok

14:32:49.0336 5120        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

14:32:49.0419 5120        tunmp - ok

14:32:49.0460 5120        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

14:32:49.0545 5120        tunnel - ok

14:32:49.0582 5120        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

14:32:49.0597 5120        uagp35 - ok

14:32:49.0665 5120        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

14:32:49.0709 5120        udfs - ok

14:32:49.0759 5120        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

14:32:49.0774 5120        uliagpkx - ok

14:32:49.0845 5120        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

14:32:49.0874 5120        uliahci - ok

14:32:49.0911 5120        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

14:32:49.0926 5120        UlSata - ok

14:32:49.0944 5120        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

14:32:49.0961 5120        ulsata2 - ok

14:32:49.0990 5120        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

14:32:50.0057 5120        umbus - ok

14:32:50.0118 5120        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

14:32:50.0203 5120        USBAAPL - ok

14:32:50.0263 5120        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

14:32:50.0346 5120        usbaudio - ok

14:32:50.0401 5120        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

14:32:50.0493 5120        usbccgp - ok

14:32:50.0532 5120        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

14:32:50.0675 5120        usbcir - ok

14:32:50.0733 5120        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

14:32:50.0834 5120        usbehci - ok

14:32:50.0879 5120        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

14:32:50.0979 5120        usbhub - ok

14:32:51.0033 5120        usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

14:32:51.0110 5120        usbohci - ok

14:32:51.0159 5120        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

14:32:51.0233 5120        usbprint - ok

14:32:51.0281 5120        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:32:51.0376 5120        USBSTOR - ok

14:32:51.0411 5120        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

14:32:51.0478 5120        usbuhci - ok

14:32:51.0534 5120        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

14:32:51.0638 5120        usbvideo - ok

14:32:51.0685 5120        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

14:32:51.0792 5120        vga - ok

14:32:51.0831 5120        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

14:32:51.0911 5120        VgaSave - ok

14:32:51.0940 5120        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

14:32:51.0955 5120        viaagp - ok

14:32:52.0024 5120        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

14:32:52.0143 5120        ViaC7 - ok

14:32:52.0180 5120        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

14:32:52.0195 5120        viaide - ok

14:32:52.0227 5120        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

14:32:52.0243 5120        volmgr - ok

14:32:52.0301 5120        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

14:32:52.0325 5120        volmgrx - ok

14:32:52.0358 5120        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

14:32:52.0392 5120        volsnap - ok

14:32:52.0422 5120        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

14:32:52.0439 5120        vsmraid - ok

14:32:52.0480 5120        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

14:32:52.0645 5120        WacomPen - ok

14:32:52.0690 5120        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:32:52.0779 5120        Wanarp - ok

14:32:52.0827 5120        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:32:52.0869 5120        Wanarpv6 - ok

14:32:52.0928 5120        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

14:32:52.0944 5120        Wd - ok

14:32:52.0978 5120        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

14:32:53.0012 5120        Wdf01000 - ok

14:32:53.0102 5120        winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

14:32:53.0239 5120        winachsf - ok

14:32:53.0333 5120        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:32:53.0417 5120        WmiAcpi - ok

14:32:53.0507 5120        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

14:32:54.0196 5120        WpdUsb - ok

14:32:54.0278 5120        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

14:32:54.0376 5120        ws2ifsl - ok

14:32:54.0444 5120        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:32:54.0548 5120        WUDFRd - ok

14:32:54.0575 5120        MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2

14:32:54.0646 5120        \Device\Harddisk2\DR2 - ok

14:32:54.0667 5120        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

14:32:54.0806 5120        \Device\Harddisk0\DR0 - ok

14:32:54.0854 5120        MBR (0x1B8)     (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk1\DR1

14:32:55.0045 5120        \Device\Harddisk1\DR1 - ok

14:32:55.0054 5120        MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2

14:32:55.0123 5120        \Device\Harddisk2\DR2 - ok

14:32:55.0136 5120        Boot (0x1200)   (48603b944fcecd0ccee7a6138dfebdbc) \Device\Harddisk2\DR2\Partition0

14:32:55.0136 5120        \Device\Harddisk2\DR2\Partition0 - ok

14:32:55.0144 5120        Boot (0x1200)   (a7ffa2e0ef9ef8b79ec7646afa07e3d0) \Device\Harddisk0\DR0\Partition0

14:32:55.0146 5120        \Device\Harddisk0\DR0\Partition0 - ok

14:32:55.0155 5120        Boot (0x1200)   (15f3dec2549da5343b6990cc46aaa51a) \Device\Harddisk1\DR1\Partition0

14:32:55.0157 5120        \Device\Harddisk1\DR1\Partition0 - ok

14:32:55.0163 5120        Boot (0x1200)   (705c03da1f03fcf029b141df41257c56) \Device\Harddisk1\DR1\Partition1

14:32:55.0165 5120        \Device\Harddisk1\DR1\Partition1 - ok

14:32:55.0171 5120        Boot (0x1200)   (48603b944fcecd0ccee7a6138dfebdbc) \Device\Harddisk2\DR2\Partition0

14:32:55.0172 5120        \Device\Harddisk2\DR2\Partition0 - ok

14:32:55.0174 5120        ============================================================

14:32:55.0174 5120        Scan finished

14:32:55.0174 5120        ============================================================

14:32:55.0195 4384        Detected object count: 1

14:32:55.0195 4384        Actual detected object count: 1

14:37:43.0283 4384        sptd ( LockedFile.Multi.Generic ) - skipped by user

14:37:43.0284 4384        sptd ( LockedFile.Multi.Generic ) - User select action: Skip 

14:46:17.0033 2176        Deinitialize success

ok,
lade den CCleaner standard:
CCleaner Download - CCleaner 3.15.1643
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Hey markusg,
ich wollte gerade die Liste fertig machen, da hat er wieder zugeschlagen. Wie gehen wir vor?

surfst du zwischendurch auf anderen seiten?

Ja allerdings nur auf gängigen Seiten wie Facebook,Youtube und Google für mein Referat, einen anderen Weg habe ich leider nicht mich zu informieren. Wenn das damit zu tun hat, dann tut mir das unglaubich leid. :stirn:

ich hab gesagt auf keinen seiten. ich werd dir jetzt noch ein einziges mal helfen, wir sind doch hier nicht bei der unendlichen geschichte....
scanne mit malwarebytes nach update und poste das log.

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.14.05
 

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 7.0.6002.18005

Lukas :: LUKAS-PC [Administrator]
 

Schutz: Deaktiviert
 

14.02.2012 21:42:54

mbam-log-2012-02-14 (21-42-54).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 189049

Laufzeit: 4 Minute(n), 56 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 1

HKLM\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio.TB) -> Daten: 2 -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Program Files\Application Updater\ApplicationUpdater.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Lukas\AppData\Local\Temp\77123072.Uninstall\Uninstall.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Lukas\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

starte nun den rechner neu.

pc absichern
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html
sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
https://www.google.com/chrome?hl=de
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung

Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
http://filepony.de/download-sandboxie/
anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
Run updateChecker
when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
Windows 7 Systemabbild erstellen (Backup)
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser