Mystart.incredibar entfernen

maeusuruh · 07.07.2012, 15:31

Hallo Leute!

Leider hab ich mir, wie anscheinend mehrere, dieses blöde incredibar runtergeladen und weiß nicht wie ichs losbekomme!
Ich kenn mich leider auch nicht soooo gut mit Computern aus. Also das übliche schon, aber was drüber hinausgeht, .... ähäm!!!
Aber ich geb mein Bestes!!

Habe den Malwarebytes runtergeladen und durchgeführt und kopiert:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.07.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Frank :: ADMIN-PC [Administrator]

Schutz: Aktiviert

07.07.2012 16:07:12
mbam-log-2012-07-07 (16-07-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212098
Laufzeit: 2 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\UBC5AB1IDP (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Frank\AppData\Roaming\7910.org\Ticker (Trojan.DDOS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 6
C:\Users\Frank\Downloads\SoftonicDownloader_fuer_inkscape.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Frank\Downloads\SoftonicDownloader_fuer_nw-docx-converter(1).exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Frank\Downloads\SoftonicDownloader_fuer_nw-docx-converter.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Frank\AppData\Roaming\7910.org\Ticker\an1cHrs0cr60002MDAwODk1b3wwMDAwNTU0ZGF8QmFsZCBmYWhyZW4gd2lyISEhISBOb2No.gif (Trojan.DDOS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Frank\AppData\Roaming\7910.org\Ticker\an1cHrsVM1P0002MDAwMTUwbHwwMDAwNTU0ZGF8QmFsZCBmYWhyZW4gd2lyISEhISBOb2No.gif (Trojan.DDOS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Habe auch den defogger gemacht, er hat sich neu gestartet, war aber nix da zum kopieren!??

Dann hab ich OTL ausgeführt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.07.2012 16:44:55 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Frank\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,13 Gb Available Physical Memory | 76,69% Memory free
16,05 Gb Paging File | 14,00 Gb Available in Paging File | 87,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 488,81 Gb Free Space | 52,48% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.07 16:43:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Downloads\OTL.exe
PRC - [2012.06.13 12:25:11 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.08 22:15:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 22:14:59 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:14:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.01.05 21:35:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009.03.23 13:12:44 | 000,327,680 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\Pac7302\PACTray.exe
PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\Pac7302\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2007.10.19 05:10:30 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.06.23 19:29:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.20 17:18:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 22:15:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:14:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.01.05 21:35:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.12.26 13:23:34 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Frank\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 22:15:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:15:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2010.12.02 15:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010.12.02 15:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.12.02 15:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.12.02 15:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.12.02 13:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.12.02 13:36:40 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010.06.25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.12.02 18:57:48 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009.06.10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.04.11 07:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.04.11 07:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2008.11.19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008.11.10 13:17:40 | 000,531,968 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PAC7302.SYS -- (PAC7302)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.03.20 02:44:34 | 000,467,456 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2007.12.06 09:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007.02.08 09:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dsiarhwprog_x64.sys -- (usbio)
DRV:64bit: - [2006.10.31 17:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006.09.19 14:43:54 | 000,018,224 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008.01.18 14:21:38 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008.01.18 14:21:36 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4&hl={language}&src=chrm
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2582601
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb165?a=6R8vQpBcfa&i=26
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{08F95AC0-1D40-443E-ADA3-9A0EAD1745C8}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D64706726733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{5033262E-1290-45AD-8B2C-CB2FD2E65299}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{5CFDB435-86A1-48E5-ADE8-7F43EB9EAA8F}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{6FE52790-D24A-4B46-B535-7A88C2D86152}: "URL" = [String data over 1000 bytes]
IE - HKCU\..\SearchScopes\{9148E46A-4B18-4B31-8B70-A8114CF989BD}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432353832363031&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{B357C1CA-69CF-4B2E-A69A-9BDC10F2F8AC}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8vQpBcfa&i=26
IE - HKCU\..\SearchScopes\{D7ABBE17-5AC2-4E34-8B5F-7FAFB01B9751}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com.anonymize-me.de/?anonymto=687474703A2F2F706C61736D6F6F2E636F6D2F726573756C742E68746D3F713D7B7365617263685465726D737D265365617263684D617368696E653D74727565&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "pc gear de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2582601&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://Mystart.incredibar.com/mb124"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {2ea04d33-5259-40b9-b79b-cb037d4824e7}:3.3.3.2
FF - prefs.js..extensions.enabledItems: codiprog@fbplus.plugin:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: engine@plasmoo.com:1.0.0.32
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8vQpBcfa&&i=26&search="
FF - prefs.js..network.proxy.http: "190.66.17.53"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Frank\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.13 07:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.05.31 22:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.13 12:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.13 12:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 17:18:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 12:26:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.16 10:24:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.05.31 22:55:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 17:18:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 12:26:04 | 000,000,000 | ---D | M]
 
[2010.09.15 12:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions
[2010.09.15 12:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.11 12:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.04 21:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions
[2010.04.28 06:15:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.20 19:59:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.14 22:27:01 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\fb_add_on@avm.de
[2012.06.13 07:33:53 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\ffxtlbr@incredibar.com
[2012.06.01 23:34:29 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\ffxtlbra@softonic.com
[2012.05.18 13:38:38 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\ich@maltegoetz.de
[2011.12.26 13:23:36 | 000,002,820 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\askcom.xml
[2011.12.26 13:23:36 | 000,001,129 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\conduit.xml
[2011.12.26 13:23:36 | 000,001,091 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\icqplugin.xml
[2012.06.13 07:33:25 | 000,002,203 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\MyStart Search.xml
[2011.12.26 13:23:37 | 000,002,188 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{254DA591-C16D-4FB6-9062-4C050FA0B1BD}.xml
[2011.12.26 13:23:37 | 000,001,870 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{6332F0FF-685E-4193-9E72-D96AEE055E73}.xml
[2011.12.26 13:23:37 | 000,002,077 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{7D01AA1A-5AB3-4D3E-ACAE-79CACC0E28AC}.xml
[2012.03.22 12:00:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.06.23 21:00:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.13 23:06:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.06 22:18:50 | 000,061,219 | ---- | M] () (No name found) -- C:\USERS\FRANK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GHEJRB4.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012.07.04 21:38:52 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\FRANK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GHEJRB4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.20 17:18:50 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009.09.08 16:02:46 | 000,188,416 | ---- | M] (The cURL library, hxxp://curl.haxx.se/) -- C:\Program Files (x86)\mozilla firefox\plugins\libcurl.dll
[2012.03.08 13:25:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.10.29 16:57:40 | 001,359,872 | ---- | M] (Fraunhofer IIS) -- C:\Program Files (x86)\mozilla firefox\plugins\npmmtaplayer.dll
[2012.06.13 12:25:21 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.06.20 17:18:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.20 17:18:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.20 17:18:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.26 13:23:36 | 000,001,611 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchDpg.xml
[2012.06.20 17:18:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 17:18:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 17:18:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Frank\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [PACTray] C:\Windows\Pixart\Pac7302\PACTray.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [UpdateUSB] C:\Windows\inf\UpdateUSB.exe (AsusTek Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\PartyGaming\PartyPoker\RunApp.exe ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EF2AE26-FF8E-4427-A3DD-D1BE409D82E6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{841DA7EE-789D-4B01-B5BF-E1D0CF08E86C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B94D2724-8C73-4AE6-A359-2099ABA3E767}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\bw+0 - No CLSID value found
O18:64bit: - Protocol\Handler\bw+0s - No CLSID value found
O18:64bit: - Protocol\Handler\bw-0 - No CLSID value found
O18:64bit: - Protocol\Handler\bw00 - No CLSID value found
O18:64bit: - Protocol\Handler\bw00s - No CLSID value found
O18:64bit: - Protocol\Handler\bw-0s - No CLSID value found
O18:64bit: - Protocol\Handler\bw10 - No CLSID value found
O18:64bit: - Protocol\Handler\bw10s - No CLSID value found
O18:64bit: - Protocol\Handler\bw20 - No CLSID value found
O18:64bit: - Protocol\Handler\bw20s - No CLSID value found
O18:64bit: - Protocol\Handler\bw30 - No CLSID value found
O18:64bit: - Protocol\Handler\bw30s - No CLSID value found
O18:64bit: - Protocol\Handler\bw40 - No CLSID value found
O18:64bit: - Protocol\Handler\bw40s - No CLSID value found
O18:64bit: - Protocol\Handler\bw50 - No CLSID value found
O18:64bit: - Protocol\Handler\bw50s - No CLSID value found
O18:64bit: - Protocol\Handler\bw60 - No CLSID value found
O18:64bit: - Protocol\Handler\bw60s - No CLSID value found
O18:64bit: - Protocol\Handler\bw70 - No CLSID value found
O18:64bit: - Protocol\Handler\bw70s - No CLSID value found
O18:64bit: - Protocol\Handler\bw80 - No CLSID value found
O18:64bit: - Protocol\Handler\bw80s - No CLSID value found
O18:64bit: - Protocol\Handler\bw90 - No CLSID value found
O18:64bit: - Protocol\Handler\bw90s - No CLSID value found
O18:64bit: - Protocol\Handler\bwa0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwa0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwb0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwb0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwc0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwc0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwd0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwd0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwe0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwe0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwf0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwf0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwfile-8876480 - No CLSID value found
O18:64bit: - Protocol\Handler\bwg0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwg0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwh0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwh0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwi0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwi0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwj0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwj0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwk0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwk0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwl0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwl0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwm0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwm0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwn0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwn0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwo0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwo0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwp0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwp0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwq0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwq0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwr0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwr0s - No CLSID value found
O18:64bit: - Protocol\Handler\bws0 - No CLSID value found
O18:64bit: - Protocol\Handler\bws0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwt0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwt0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwu0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwu0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwv0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwv0s - No CLSID value found
O18:64bit: - Protocol\Handler\bww0 - No CLSID value found
O18:64bit: - Protocol\Handler\bww0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwx0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwx0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwy0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwy0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwz0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwz0s - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\offline-8876480 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\bw+0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw+0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {3FDB282B-B33E-4500-B6C2-484BBA806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Frank\Pictures\2010-09-06 Urlaub Sep.2010, Kroatien Premantura\Urlaub Sep.2010, Kroatien Premantura 012.JPG
O24 - Desktop BackupWallPaper: C:\Users\Frank\Pictures\2010-09-06 Urlaub Sep.2010, Kroatien Premantura\Urlaub Sep.2010, Kroatien Premantura 012.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ae806f2-a2a0-11df-9537-0022156014a3}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae806f2-a2a0-11df-9537-0022156014a3}\Shell\AutoRun\command - "" = J:\LGAutoRun.exe
O33 - MountPoints2\{86f40ed1-a9b5-11df-8350-0022156014a3}\Shell - "" = AutoRun
O33 - MountPoints2\{86f40ed1-a9b5-11df-8350-0022156014a3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Start.hta
O33 - MountPoints2\{de9b2b23-df64-11de-b799-0022156014a3}\Shell - "" = AutoRun
O33 - MountPoints2\{de9b2b23-df64-11de-b799-0022156014a3}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{f7e9ea89-702b-11e1-a539-0022156014a3}\Shell - "" = AutoRun
O33 - MountPoints2\{f7e9ea89-702b-11e1-a539-0022156014a3}\Shell\AutoRun\command - "" = J:\NokiaPCIA_Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.07 16:06:26 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Malwarebytes
[2012.07.07 16:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.07 16:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.07 16:06:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.07 16:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.14 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Macromedia
[2012.06.13 12:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.06.13 12:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012.06.13 07:52:10 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\NwDocx
[2012.06.13 07:50:40 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Docx2Rtf
[2012.06.13 07:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.06.09 11:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC-Internetzugang
[2012.06.09 11:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.07 16:39:52 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.07 16:39:52 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.07 16:39:52 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.07 16:39:52 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.07 16:39:52 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.07 16:33:29 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.07 16:33:29 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.07 16:33:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.07 16:30:09 | 000,000,020 | ---- | M] () -- C:\Users\Frank\defogger_reenable
[2012.07.07 16:29:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.07 16:06:12 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.06 22:16:53 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.06 22:16:53 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.06 22:16:29 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.07.05 11:31:16 | 000,001,950 | ---- | M] () -- C:\Users\Frank\Desktop\Windows Photo Gallery.lnk
[2012.07.05 11:24:27 | 000,000,218 | ---- | M] () -- C:\Users\Frank\.recently-used.xbel
[2012.06.15 21:33:45 | 000,271,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.14 23:20:55 | 000,182,784 | ---- | M] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.13 12:26:00 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.06.13 12:25:18 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.06.13 07:33:54 | 000,000,614 | ---- | M] () -- C:\user.js
[2012.06.09 11:03:35 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC-Internetzugang.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.07 16:30:09 | 000,000,020 | ---- | C] () -- C:\Users\Frank\defogger_reenable
[2012.07.07 16:06:12 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.05 11:31:16 | 000,001,950 | ---- | C] () -- C:\Users\Frank\Desktop\Windows Photo Gallery.lnk
[2012.07.05 11:24:27 | 000,000,218 | ---- | C] () -- C:\Users\Frank\.recently-used.xbel
[2012.06.13 12:26:00 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.06.09 11:03:35 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC-Internetzugang.lnk
[2011.12.26 13:23:35 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.11.06 01:09:44 | 011,980,353 | ---- | C] () -- C:\Windows\SysWow64\meinfotoalbum_meinfotoalbum_uninstaller.exe
[2011.10.28 19:57:38 | 000,001,356 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.01 17:29:47 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.09.17 14:55:57 | 001,418,240 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfserv.dll
[2011.09.17 14:55:57 | 001,099,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfusb1.dll
[2011.09.17 14:55:57 | 000,568,832 | ---- | C] () -- C:\Windows\SysWow64\lxbfutil.dll
[2011.09.17 14:55:57 | 000,488,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbflmpm.dll
[2011.09.17 14:55:57 | 000,410,112 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpmui.dll
[2011.09.17 14:55:57 | 000,305,664 | ---- | C] ( ) -- C:\Windows\SysWow64\LXBFhcp.dll
[2011.09.17 14:55:57 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfinpa.dll
[2011.09.17 14:55:57 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfiesc.dll
[2011.09.17 14:55:57 | 000,194,048 | ---- | C] () -- C:\Windows\SysWow64\LXBFinst.dll
[2011.09.17 14:55:57 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfprox.dll
[2011.09.17 14:55:57 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpplc.dll
[2011.09.17 14:55:56 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomc.dll
[2011.09.17 14:55:56 | 000,660,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfhbn3.dll
[2011.09.17 14:55:56 | 000,566,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcoms.exe
[2011.09.17 14:55:56 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomm.dll
[2011.09.17 14:55:56 | 000,236,464 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcfg.exe
[2011.09.17 14:55:56 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfih.exe
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.25 22:35:11 | 000,000,862 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI
[2011.03.28 20:54:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.27 17:11:17 | 000,097,344 | ---- | C] () -- C:\Users\Frank\slowenien.htm
[2010.07.29 11:50:19 | 000,000,000 | ---- | C] () -- C:\Users\Frank\jagex__preferences3.dat
[2010.07.29 11:45:26 | 000,000,099 | ---- | C] () -- C:\Users\Frank\jagex_runescape_preferences2.dat
[2010.07.29 11:44:24 | 000,000,046 | ---- | C] () -- C:\Users\Frank\jagex_runescape_preferences.dat
[2009.10.21 21:33:45 | 000,001,024 | ---- | C] () -- C:\Users\Frank\.rnd
[2009.06.23 16:54:02 | 000,182,784 | ---- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.23 12:29:59 | 000,001,164 | ---- | C] () -- C:\Users\Frank\AppData\Local\9A5FF4EA.il
[2009.06.23 12:29:59 | 000,000,280 | ---- | C] () -- C:\Users\Frank\AppData\Local\IndexIE_9A5FF4EA.il
[2009.06.23 11:32:45 | 000,000,732 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps64.dat
 
========== LOP Check ==========
 
[2012.07.07 16:13:20 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\7910.org
[2012.06.02 01:16:20 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Amazon
[2011.08.04 13:44:06 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Auslogics
[2009.10.21 09:05:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Blitware
[2009.12.02 18:57:12 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DAEMON Tools
[2011.12.26 13:27:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DesktopIconForAmazon
[2012.06.13 07:53:19 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Docx2Rtf
[2012.01.01 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft
[2011.02.10 13:41:41 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.21 13:01:48 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Facebook
[2010.12.16 13:09:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Fraunhofer
[2012.01.19 18:35:30 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HTC
[2011.05.11 15:07:22 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.06.01 11:47:59 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\inkscape
[2011.12.26 13:25:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\IrfanView
[2009.12.30 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Leadertech
[2012.01.31 00:03:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MyPhoneExplorer
[2011.05.23 13:48:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia
[2011.05.23 13:48:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia Ovi Suite
[2012.06.13 07:54:15 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\NwDocx
[2011.12.26 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OCS
[2011.11.07 23:24:53 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OpenCandy
[2011.12.26 13:23:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Opera
[2011.10.28 16:35:18 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Origin
[2011.05.06 21:27:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PC Suite
[2009.10.21 22:02:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Simple Star
[2010.04.29 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\temp
[2010.09.15 12:51:00 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Thunderbird
[2010.02.11 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom
[2011.12.09 19:58:10 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Visan
[2010.12.16 16:29:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\XMedia Recode
[2009.10.21 21:37:38 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\File Helper.job
[2012.07.07 16:32:05 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.07.2012 16:44:55 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Frank\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,13 Gb Available Physical Memory | 76,69% Memory free
16,05 Gb Paging File | 14,00 Gb Available in Paging File | 87,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 488,81 Gb Free Space | 52,48% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 5B 13 47 FB 45 C7 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013B5350-FB9C-475F-93BD-F8AFD47FEC97}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0F596B15-C9E7-4B0E-AD1E-55DADAD8C737}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{106809ED-BB4D-4F2D-A442-73C9C603982C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{153206BB-EB69-4ACE-A031-4F2ABD726C86}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1952039F-B91B-47AC-BB66-3B0EA6B75444}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{24164A48-CD12-45B8-87D4-BEE0BDB65BAF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3D76B166-C755-4491-A799-AB441E930ACF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{40D03767-E5D6-48BD-8CC4-AE5F49BB8DD5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4A1C92EC-40EE-4647-BC2E-95090A24A33E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4D70E9C2-06CA-455D-B74A-1C6D1F64E3DB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5A4EA7DB-3916-483F-8FF2-89427A8D743E}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{5A90CEED-5A54-4C8E-9359-6A72B4E423AC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{684912DE-8747-4DEC-ACC1-3D69075C0436}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{68A773E8-E59C-4D05-9178-C9D81E025F51}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7AE5BB6F-DD54-4D41-A8B4-445C5AB07B06}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8534B09D-BA6C-4E68-8EF8-121E7D6A82C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{86E99F5A-53FE-4B05-866B-972103A02B2B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{88149C5B-7077-421B-8BB5-49BC05DDD31D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{884C79CF-08A3-4164-B522-AA75AE086DEA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8EEBF4F1-7CA9-49F7-B126-6D9750133FB6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9266E6D0-1FD0-4495-94B9-FACCEAD2942B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{96F0450A-5146-4EBF-B558-98C0E049A2BD}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9C48E224-F2EB-4990-8A20-00C704CF3743}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9C6E5602-279C-4B87-9308-5FA881B7E225}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B0458E22-DCCF-48A8-A60B-1B380FE8DADE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B3B32355-E48E-4AB9-A744-F7BFE2338E76}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B3D407C2-0C7F-49D6-8CA2-A21680ECDDD8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BB22E027-0FDF-4B51-9149-592FEB5A9237}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C76042BC-91F1-4037-BC38-7C7D3AC0DF38}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CFFF1E65-D4BC-4973-B64E-948290342501}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D2ECB7E9-5950-4AC0-A42C-EF76DBBB9C76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D5E76075-5D6A-46B1-A8AF-03A061A41D73}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DD83E013-1B4B-42B9-B874-BA2382F6D323}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F442F423-F230-4212-A3BD-7A56EC0F8D8D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FD66E814-E56B-448E-8875-AAEBAFE56E1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08448839-3E20-407A-8627-E25ED022199C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{11358582-780A-436F-B4F4-D3330DE32EC8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{12C316C5-8DA8-490A-A9DB-D727D063CF21}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe | 
"{1CB55B50-2131-4F43-9E56-7B9A3D79483A}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{1F7AFAF5-41A2-4946-A6D3-7C988469AF90}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe | 
"{2174DBCA-1891-4769-A1E2-A2EA2325F1F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe | 
"{299DCF7F-3109-49B8-AFE0-187820101276}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{2D919362-D108-4BB0-8164-0539EA00B129}" = protocol=6 | dir=in | app=c:\program files (x86)\bf3\battlefield 3\bf3.exe | 
"{2F61F813-BAAA-417D-BE49-4B284E439612}" = protocol=6 | dir=in | app=c:\program files (x86)\bf3\battlefield 3\bf3.exe | 
"{2FDF33A2-0CE1-4DFB-BB08-EDDB5F243EF1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{36D9C825-C493-4F97-86DD-2E52B5AAB5CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B639335-EAF2-40A3-B152-0BE2068FAFFB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{3F45E21F-77F8-4F12-A35D-25733C84B347}" = protocol=6 | dir=in | app=d:\fsetup.exe | 
"{4BF48DAF-E88E-4B0E-B32B-8C1DC8641EC9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4CA58B40-3EC6-4C2B-A66A-9716270A3CA2}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe | 
"{4DBEF5D3-107F-4D19-823A-3316143ED6DD}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{4F5E14DD-AA7A-4F72-9250-1A87B698BD4D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{5287390A-8090-4B72-9DDD-DEFD45970805}" = protocol=17 | dir=in | app=c:\program files (x86)\bf3\battlefield 3\bf3.exe | 
"{58B64600-5E26-44AD-B4A5-F1F5A4439F73}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | 
"{5FF55B6F-CFA5-42E9-A6DF-07D112FBA2F2}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe | 
"{60B8C299-EB73-4493-AAB9-2E77529077F5}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe | 
"{6A427348-1396-48F4-A7FB-9D165BE0202F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{76837BE6-6420-4924-A997-B7E805541A69}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{76B77A97-A080-48C6-8466-DF3E318F52B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{76C6E039-4C70-4CDB-9966-26F91CC521FD}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{78F9ECC8-FD43-4717-AB81-B3E5B1C12C59}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7CBB4109-A228-4256-BABC-B3FE6CC434E5}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe | 
"{82AA9E7B-679D-4AD3-BE4A-C2A6473B55B1}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{896E222E-8BEB-4380-B403-C755ED6F47E5}" = protocol=17 | dir=in | app=c:\program files (x86)\bf3\battlefield 3\bf3.exe | 
"{8D6AC94D-77D1-4275-B8A5-41094D648F15}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{8F49BBE2-9D61-4D09-8347-B6F64DDF854F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{934C4178-5EED-42EE-AD0C-B683BAD31214}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{946F01DC-CA9B-407C-8035-9335DE765979}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe | 
"{95568745-09ED-4F5A-9808-CC1481E28A76}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9AD78029-34C6-463A-9237-AEA94E803D14}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9B58DEAE-403D-49C5-A0CC-6F4A103FA650}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9E7753C6-4B7B-4A0F-91C9-2DBA68FC0D59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FEA9F84-FF75-455F-B250-E273E22E5D45}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A3AD89C6-D56B-4E9D-88F6-63772FEB29F5}" = protocol=17 | dir=in | app=d:\fsetup.exe | 
"{AB8FF451-60A6-4B92-B5BD-5D0B17005AA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AFEDD44F-D00C-457D-8791-F37DE1E94F43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B09DAAEB-2AD5-4AD8-925B-F28BE8244BC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B5EDDC26-D41F-42E8-B168-4F7EC08423FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B735CC72-CDAB-4351-AD72-5D6AE5F32797}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B7A4F85F-9990-4522-97BA-82A817100BE9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{BB8657DD-4FC3-4D1C-B226-97C40B298C45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BCD3BBAF-30D0-428E-86BF-176F930A25A9}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | 
"{CB737821-224A-442B-ACDB-3477609D1934}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CDB2A66C-E55E-41D7-91D8-3EE74FAAD081}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{CFD5B692-2106-466F-B1D0-9646A1F60D3C}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe | 
"{D275E3F0-1AF0-4EF6-88F2-9BBB46ED3E87}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D3332FD8-5C56-4B73-8CD7-85D49674446B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D63ABC67-8E00-496D-AD94-B3F78F221DBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DBFAFB3C-4B61-4B06-B3DC-9586BA818DD9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DC1DF673-D402-4927-BE3D-D3477EAB802F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E26ADFEE-3BFB-4AA0-96FC-CFB25752E634}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E6FDB3C2-70A6-439B-B408-0E8F86E73447}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E7C63A00-5B5B-4ECA-98F0-2B2D249F6CE8}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{EE0BB81D-E351-4CA1-93B0-EE20EB3B5F43}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F4A2622F-3EAB-457D-A5E1-26F1BF7AE77F}" = protocol=6 | dir=out | app=system | 
"{F66CC220-A734-4F30-9280-08F279766F5C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FAE1869D-39BA-4BC5-82EE-17C6DD65CB3B}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe | 
"{FBC68AAE-CCB6-4582-88BF-9AFD229893FC}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe | 
"{FE827845-5923-493A-98FA-879536DB25EA}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe | 
"TCP Query User{09197238-8542-440E-919E-4B443CE97764}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{0C5DEF60-44BD-44AE-AA7E-67205FEE9FEE}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{0D0511E2-73A1-4DCF-9963-8AB03CAB2CA2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{21B37AD3-14C7-412E-9FAC-7A72345A2416}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{365D0F19-C201-47D9-AA5F-01B791CF004A}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{3E44E4A8-E491-4BFD-A64E-0310F8D1BBA9}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{9AF6ADBE-AC6A-4284-A2B2-BF9536EC1A26}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{9BF5522C-507A-4D90-8109-7FA2D477A3A7}C:\users\frank\downloads\maestia-downloader(1).exe" = protocol=6 | dir=in | app=c:\users\frank\downloads\maestia-downloader(1).exe | 
"TCP Query User{D36A002D-11ED-4DCC-92D0-866FEA435BA1}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{DB9F5B3A-3D20-459F-9C71-4583C2C80C65}C:\users\frank\downloads\maestia-downloader.exe" = protocol=6 | dir=in | app=c:\users\frank\downloads\maestia-downloader.exe | 
"TCP Query User{EC73549D-CF8A-4A10-80E7-FD4217DA2930}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{EEE1D85D-6AA3-4941-B078-A17063113583}D:\d-link.exe" = protocol=6 | dir=in | app=d:\d-link.exe | 
"UDP Query User{44C7A380-E6C1-43AB-A61F-C001CB880F18}C:\users\frank\downloads\maestia-downloader.exe" = protocol=17 | dir=in | app=c:\users\frank\downloads\maestia-downloader.exe | 
"UDP Query User{591D3E77-D290-4345-86AF-90391012DF48}C:\users\frank\downloads\maestia-downloader(1).exe" = protocol=17 | dir=in | app=c:\users\frank\downloads\maestia-downloader(1).exe | 
"UDP Query User{7B51892A-DD7D-4694-A7BA-8BB1E06135BF}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{7B7DF927-7D6F-4262-95CB-463077739C45}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{993AD3F8-6681-4CC8-AD46-4D949F688F12}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{9A99AA8C-DC7E-43AB-A0A7-56C4D98F9EE8}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{A85102DB-78CE-4983-B85E-4ABAB1766CE2}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{C508D110-21B6-476B-A660-5834D9254E16}D:\d-link.exe" = protocol=17 | dir=in | app=d:\d-link.exe | 
"UDP Query User{C567A00E-2FF7-406C-BFE3-A82AC26E2F00}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{DE3CB284-7450-47DF-9406-B683B3F00219}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{E412DA07-514C-445A-9B79-260C72B89A38}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{F83908CB-674C-4AC9-AEC1-E997D6CB02C1}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.442
"{479B309B-E6B4-4947-8B83-472CF4272582}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for AMD64 and Intel EM64T
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SearchAnonymizer" = SearchAnonymizer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B7E302B-9360-4A45-9A21-472D26A1EC47}" = DHP-302
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6339663B-F26F-4FE3-B813-0E1DEC4ED976}" = Nokia Ovi Suite
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B1E8FA3-32BB-4902-AF7E-B9D9DAD6A675}" = Trust Webcam 16175
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DB7AE42C-695D-4D36-A8FA-31A1C6454436}" = Nokia PC-Internetzugang
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.4" = ESN Sonar
"GameSpy Arcade" = GameSpy Arcade
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"Inkscape" = Inkscape 0.48.2
"InstallShield_{2B7E302B-9360-4A45-9A21-472D26A1EC47}" = DHP-302
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"IrfanView" = IrfanView (remove only)
"LG Internet Kit" = LG Internet Kit
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"mmssetup_is1" = MixMeister Studio Demo 7.3.2
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Internet Access" = Nokia PC-Internetzugang
"Origin" = Origin
"PartyPoker" = PartyPoker
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.10.2011 00:05:34 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.10.2011 00:06:27 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.10.2011 10:26:54 | Computer Name = Admin-PC | Source = Windows Installer 3.1 | ID = 921877
Description = 
 
Error - 28.10.2011 10:30:39 | Computer Name = Admin-PC | Source = Windows Installer 3.1 | ID = 921877
Description = 
 
Error - 28.10.2011 11:43:55 | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 28.10.2011 11:49:29 | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 28.10.2011 13:10:20 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.0.0.0 arbeitet nicht mehr mit Windows 
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: cc0  Anfangszeit: 01cc9592d87a4f80  Zeitpunkt der Beendigung:
 218
 
Error - 28.10.2011 13:30:17 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error - 28.10.2011 13:30:18 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error - 28.10.2011 13:31:32 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 06.07.2012 02:25:26 | Computer Name = Admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
Error - 06.07.2012 02:25:50 | Computer Name = Admin-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker HP Deskjet 3070 B611 series nicht
 unter dem Namen HP Deskjet 3070 B611 series freigeben. Fehler: 2114. Der Drucker
 kann nicht von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 06.07.2012 02:26:22 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 06.07.2012 14:23:48 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 06.07.2012 14:24:51 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 07.07.2012 06:55:33 | Computer Name = Admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
Error - 07.07.2012 06:55:33 | Computer Name = Admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
Error - 07.07.2012 09:58:58 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 07.07.2012 10:32:58 | Computer Name = Admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
Error - 07.07.2012 10:32:59 | Computer Name = Admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description = 
 
 
< End of report >

--- --- ---

So, weiter weiß ich nicht mehr! Hoffe ihr könnt mir helfen!

LG - Claudia

cosinus · 11.07.2012, 21:13

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

maeusuruh · 16.07.2012, 20:40

Hallo Arne,

ich habe jetzt den Malewarebytes im Vollscan durchgeführt und er hat nichts gefunden!! Den Quickscan hatte ich ja vorher gemacht, da hatte er ja was gefunden (s.o.).

Dann habe ich den ESET Online Scanner laufen lassen: hier die log.txt

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3eb40ff41bb27545ae6a5870f64334b3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-16 07:05:49
# local_time=2012-07-16 09:05:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 11084397 11084397 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 56 297235 179981374 0 0
# compatibility_mode=8192 67108863 100 0 192 192 0 0
# scanned=326747
# found=0
# cleaned=0
# scan_time=8081

Was mach ich nun weiter???

Schöne Grüße

Claudia

cosinus · 17.07.2012, 11:08

Zitat:

ich habe jetzt den Malewarebytes im Vollscan durchgeführt und er hat nichts gefunden!!

Trotzdem bitte alle Logs davon posten
Die Logs enthalten ein paar mehr Infos als nur Fund oder kein Fund.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

maeusuruh · 17.07.2012, 21:34

Ok, hier der Vollscan:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.17.12

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Frank :: ADMIN-PC [Administrator]

Schutz: Deaktiviert

17.07.2012 20:40:41
mbam-log-2012-07-17 (20-40-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 491451
Laufzeit: 1 Stunde(n), 45 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Gruß Claudia

cosinus · 18.07.2012, 16:02

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

maeusuruh · 18.07.2012, 16:44

Hier der adwcleaner:

Code:

ATTFilter

 # AdwCleaner v1.702 - Logfile created 07/18/2012 at 17:41:48
# Updated 13/07/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Frank - ADMIN-PC
# Running from : C:\Users\Frank\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Web Assistant Updater

***** [Files / Folders] *****

Folder Found : C:\Users\Frank\AppData\Local\OpenCandy
Folder Found : C:\Users\Frank\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Frank\AppData\LocalLow\Conduit
Folder Found : C:\Users\Frank\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Frank\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\Conduit
Folder Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\ConduitEngine
Folder Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\extensions\ffxtlbra@softonic.com
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Program Files\Web Assistant
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\Askcom.xml
File Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\Conduit.xml
File Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\MyStart Search.xml

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Software
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Found : HKLM\SOFTWARE\Software
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6R8vQpBcfa&i=26
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\prefs.js

Found : user_pref("CT2582601..clientLogIsEnabled", true);
Found : user_pref("CT2582601..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2582601..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2582601.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2582601.CTID", "CT2582601");
Found : user_pref("CT2582601.CurrentServerDate", "1-5-2011");
Found : user_pref("CT2582601.DialogsAlignMode", "LTR");
Found : user_pref("CT2582601.DialogsGetterLastCheckTime", "Sun May 01 2011 11:40:18 GMT+0200");
Found : user_pref("CT2582601.DownloadReferralCookieData", "");
Found : user_pref("CT2582601.EMailNotifierPollDate", "Sun Nov 21 2010 13:34:27 GMT+0100");
Found : user_pref("CT2582601.FeedLastCount203199574394042224", 477);
Found : user_pref("CT2582601.FeedPollDate129255010797257841", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257847", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257853", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257859", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257865", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257871", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257877", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257883", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257889", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257895", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257901", "Sun Nov 21 2010 13:23:48 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257907", "Sun Nov 21 2010 13:23:48 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257913", "Sun Nov 21 2010 13:23:48 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257919", "Sun Nov 21 2010 13:23:48 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257925", "Sun Nov 21 2010 13:23:48 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257931", "Sun Nov 21 2010 13:23:48 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257937", "Sun Nov 21 2010 13:23:48 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257943", "Sun Nov 21 2010 13:23:49 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257949", "Sun Nov 21 2010 13:23:49 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257955", "Sun Nov 21 2010 13:23:51 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257961", "Sun Nov 21 2010 13:23:51 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257967", "Sun Nov 21 2010 13:23:51 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257973", "Sun Nov 21 2010 13:23:51 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257979", "Sun Nov 21 2010 13:23:51 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257985", "Sun Nov 21 2010 13:23:51 GMT+0100");
Found : user_pref("CT2582601.FeedPollDate129255010797257991", "Sun Nov 21 2010 13:23:51 GMT+0100");
Found : user_pref("CT2582601.FeedTTL129255010797257853", 5);
Found : user_pref("CT2582601.FeedTTL129255010797257859", 5);
Found : user_pref("CT2582601.FeedTTL129255010797257889", 2);
Found : user_pref("CT2582601.FeedTTL129255010797257919", 5);
Found : user_pref("CT2582601.FeedTTL129255010797257931", 30);
Found : user_pref("CT2582601.FirstServerDate", "21-11-2010");
Found : user_pref("CT2582601.FirstTime", true);
Found : user_pref("CT2582601.FirstTimeFF3", true);
Found : user_pref("CT2582601.FirstTimeSettingsDone", true);
Found : user_pref("CT2582601.FixPageNotFoundErrors", true);
Found : user_pref("CT2582601.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2582601.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2582601.HasUserGlobalKeys", true);
Found : user_pref("CT2582601.Initialize", true);
Found : user_pref("CT2582601.InitializeCommonPrefs", true);
Found : user_pref("CT2582601.InstallationAndCookieDataSentCount", 2);
Found : user_pref("CT2582601.InstallationId", "np_0033");
Found : user_pref("CT2582601.InstallationType", "ExternalIntegration");
Found : user_pref("CT2582601.InstalledDate", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CT2582601.InvalidateCache", false);
Found : user_pref("CT2582601.IsGrouping", false);
Found : user_pref("CT2582601.IsMulticommunity", false);
Found : user_pref("CT2582601.IsOpenThankYouPage", false);
Found : user_pref("CT2582601.IsOpenUninstallPage", true);
Found : user_pref("CT2582601.LanguagePackLastCheckTime", "Sun May 01 2011 11:40:18 GMT+0200");
Found : user_pref("CT2582601.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2582601.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2582601.LastLogin_2.7.1.3", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CT2582601.LastLogin_3.3.3.2", "Sun May 01 2011 11:40:19 GMT+0200");
Found : user_pref("CT2582601.LatestVersion", "3.2.5.2");
Found : user_pref("CT2582601.Locale", "de");
Found : user_pref("CT2582601.LoginCache", 4);
Found : user_pref("CT2582601.MCDetectTooltipHeight", "83");
Found : user_pref("CT2582601.MCDetectTooltipShow", false);
Found : user_pref("CT2582601.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2582601.MCDetectTooltipWidth", "295");
Found : user_pref("CT2582601.PublisherContainerWidth", 1360);
Found : user_pref("CT2582601.RadioIsPodcast", false);
Found : user_pref("CT2582601.RadioLastCheckTime", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CT2582601.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2582601.RadioLastUpdateServer", "3");
Found : user_pref("CT2582601.RadioMediaID", "9951");
Found : user_pref("CT2582601.RadioMediaType", "Media Player");
Found : user_pref("CT2582601.RadioMenuSelectedID", "EBRadioMenu_CT2582601_RECENT9951");
Found : user_pref("CT2582601.RadioShrinked", "expanded");
Found : user_pref("CT2582601.RadioStationName", "Rap");
Found : user_pref("CT2582601.RadioStationURL", "hxxp://www.defjay.com/listen.asx");
Found : user_pref("CT2582601.RadioVolume", "34");
Found : user_pref("CT2582601.SavedHomepage", "hxxp://www.die-staemme.de/");
Found : user_pref("CT2582601.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2582601.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2582601.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT258[...]
Found : user_pref("CT2582601.SearchInNewTabEnabled", true);
Found : user_pref("CT2582601.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2582601.SearchInNewTabLastCheckTime", "Sun May 01 2011 11:40:19 GMT+0200");
Found : user_pref("CT2582601.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2582601.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2582601.SearchInNewTabUserEnabled", false);
Found : user_pref("CT2582601.ServiceMapLastCheckTime", "Sun May 01 2011 11:40:18 GMT+0200");
Found : user_pref("CT2582601.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2582601.SettingsLastCheckTime", "Sun May 01 2011 11:40:18 GMT+0200");
Found : user_pref("CT2582601.SettingsLastUpdate", "1299524390");
Found : user_pref("CT2582601.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2582601.ThirdPartyComponentsLastCheck", "Sun May 01 2011 11:40:18 GMT+0200");
Found : user_pref("CT2582601.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2582601.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2582601");
Found : user_pref("CT2582601.Uninstall", true);
Found : user_pref("CT2582601.UserID", "UN95689624456545820");
Found : user_pref("CT2582601.ValidationData_Toolbar", 2);
Found : user_pref("CT2582601.WeatherNetwork", "");
Found : user_pref("CT2582601.WeatherPollDate", "Sun Nov 21 2010 14:05:48 GMT+0100");
Found : user_pref("CT2582601.WeatherUnit", "C");
Found : user_pref("CT2582601.alertChannelId", "975434");
Found : user_pref("CT2582601.backendstorage.facebbok_user_id", "313030303030323036353534383937");
Found : user_pref("CT2582601.backendstorage.facebook_login_status", "31");
Found : user_pref("CT2582601.backendstorage.facebook_lust_recievegadet", "");
Found : user_pref("CT2582601.backendstorage.facebook_mode", "32");
Found : user_pref("CT2582601.backendstorage.facebook_user_name", "3078303034332C3078303036432C3078303036312C[...]
Found : user_pref("CT2582601.backendstorage.facebook_user_token", "3230393834353033353330347C656166363136356[...]
Found : user_pref("CT2582601.backendstorage.facebooknotifications", "31");
Found : user_pref("CT2582601.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "434C4F5345");
Found : user_pref("CT2582601.backendstorage.hxxp://facebook_conduitapps_com/v308.facebook_friendsuploadstab_[...]
Found : user_pref("CT2582601.backendstorage.hxxp://facebook_conduitapps_com/v308.facebook_last_visit_tab", "[...]
Found : user_pref("CT2582601.backendstorage.hxxp://facebook_conduitapps_com/v308.facebook_myuploadstab_pos",[...]
Found : user_pref("CT2582601.clientLogIsEnabled", true);
Found : user_pref("CT2582601.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2582601.components.1000034", false);
Found : user_pref("CT2582601.components.1003", true);
Found : user_pref("CT2582601.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Found : user_pref("CT2582601.globalFirstTimeInfoLastCheckTime", "Sun May 01 2011 11:40:19 GMT+0200");
Found : user_pref("CT2582601.isAppTrackingManagerOn", true);
Found : user_pref("CT2582601.myStuffEnabled", true);
Found : user_pref("CT2582601.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2582601.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2582601.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2582601.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2582601.oldAppsList", "129144940768357001,129144940768669502,129144940770700906,1000082[...]
Found : user_pref("CT2582601.testingCtid", "");
Found : user_pref("CT2582601.toolbarAppMetaDataLastCheckTime", "Sun May 01 2011 11:40:18 GMT+0200");
Found : user_pref("CT2582601.toolbarContextMenuLastCheckTime", "Sun May 01 2011 11:40:18 GMT+0200");
Found : user_pref("CT2582601.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2582601");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2582601", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2582601",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2582601/CT2582601[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/ar[...]
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/result.htm?q=");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2582601,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2582601");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 21 2011 16:58:47 GMT+01[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun May 01 2011 01:17:33 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun May 01 2011 01:17:25 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "d28878a8-54b1-44ff-893f-1689174313cc");
Found : user_pref("CommunityToolbar.facebook.sessionKey", "eaf6165a52ee896139383624-100000206554897");
Found : user_pref("CommunityToolbar.facebook.sessionSecret", "dc74e0df59a52ac607c385084305d878");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Nov 21 2010 13:23:47 GMT+0100");
Found : user_pref("CommunityToolbar.facebook.userId", "100000206554897");
Found : user_pref("CommunityToolbar.globalUserId", "a32c2896-5c8e-4535-8786-732ccbb427df");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2582601");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Apr 20 2011 22:52:14 GMT+0200");
Found : user_pref("ConduitEngine.BrowserCompStateIsOpen_1627818309137728572", true);
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun May 01 2011 11:36:31 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "03/21/2011 17");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Mon Mar 21 2011 16:58:48 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun May 01 2011 11:36:31 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.3.2.1", "Tue Mar 22 2011 12:04:32 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sun May 01 2011 11:36:32 GMT+0200");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sun May 01 2011 11:36:31 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN91039505358548577");
Found : user_pref("ConduitEngine.apps1627818309137728572", false);
Found : user_pref("ConduitEngine.componentAlertEnabled", false);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun May 01 2011 11:36:32 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun May 01 2011 11:36:31 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 2);
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.defaultthis.engineName", "pc gear de Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2582601&Sea[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.Softonic.admin", false);
Found : user_pref("extensions.Softonic.aflt", "orgnl");
Found : user_pref("extensions.Softonic.autoRvrt", "false");
Found : user_pref("extensions.Softonic.cntry", "DE");
Found : user_pref("extensions.Softonic.dfltLng", "");
Found : user_pref("extensions.Softonic.dfltlng", "en");
Found : user_pref("extensions.Softonic.dfltsrch", "false");
Found : user_pref("extensions.Softonic.envrmnt", "production");
Found : user_pref("extensions.Softonic.excTlbr", false);
Found : user_pref("extensions.Softonic.hdrMd5", "C6870FEE33F57EE46463A55EBC1E8B72");
Found : user_pref("extensions.Softonic.hmpg", false);
Found : user_pref("extensions.Softonic.hrdid", "8c0dac64000000000000002215600bad");
Found : user_pref("extensions.Softonic.id", "8c0dac64000000000000002215600bad");
Found : user_pref("extensions.Softonic.instlDay", "15492");
Found : user_pref("extensions.Softonic.instlRef", "MON00001");
Found : user_pref("extensions.Softonic.instlday", "15492");
Found : user_pref("extensions.Softonic.instlref", "MON00001");
Found : user_pref("extensions.Softonic.isDcmntCmplt", true);
Found : user_pref("extensions.Softonic.isdcmntcmplt", "false");
Found : user_pref("extensions.Softonic.keywordurl", "");
Found : user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.323:34:20");
Found : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Found : user_pref("extensions.Softonic.newTab", false);
Found : user_pref("extensions.Softonic.newtab", "false");
Found : user_pref("extensions.Softonic.newtaburl", "");
Found : user_pref("extensions.Softonic.prdct", "Softonic");
Found : user_pref("extensions.Softonic.prtnrId", "softonic");
Found : user_pref("extensions.Softonic.prtnrid", "softonic");
Found : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Found : user_pref("extensions.Softonic.savedVrsnTs", "1");
Found : user_pref("extensions.Softonic.sg", "az");
Found : user_pref("extensions.Softonic.similarsitesstorage-pid2", "8489e505aeab360d");
Found : user_pref("extensions.Softonic.smplGrp", "none");
Found : user_pref("extensions.Softonic.smplgrp", "none");
Found : user_pref("extensions.Softonic.srch", "");
Found : user_pref("extensions.Softonic.srchprvdr", "");
Found : user_pref("extensions.Softonic.tlbrId", "base");
Found : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]
Found : user_pref("extensions.Softonic.tlbrid", "base");
Found : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]
Found : user_pref("extensions.Softonic.vrsn", "1.5.24.3");
Found : user_pref("extensions.Softonic.vrsnTs", "1.5.24.323:34:20");
Found : user_pref("extensions.Softonic.vrsni", "1.5.24.3");
Found : user_pref("extensions.Softonic.vrsnts", "1.5.24.323:34:20");
Found : user_pref("extensions.Softonic_i.newTab", false);
Found : user_pref("extensions.Softonic_i.smplGrp", "none");
Found : user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.323:34:20");
Found : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Found : user_pref("extensions.asktb.cbid", "U3");
Found : user_pref("extensions.asktb.config-updated", false);
Found : user_pref("extensions.asktb.crumb", "2012.07.08+00.08.16-toolbar003iad-DE-QmVybGluLEdlcm1hbnk%3D");
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Found : user_pref("extensions.asktb.displaybehavior", "");
Found : user_pref("extensions.asktb.displaytext", "");
Found : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0007");
Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://mystart.incredibar.com/mb165/?loc=IB_D[...]
Found : user_pref("extensions.asktb.first-restart-after-config-update", true);
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1341850132200");
Found : user_pref("extensions.asktb.last-v", "3.14.1.100013");
Found : user_pref("extensions.asktb.locale", "de_DE");
Found : user_pref("extensions.asktb.location", "Berlin,Germany");
Found : user_pref("extensions.asktb.lstation", "");
Found : user_pref("extensions.asktb.news-native-on", true);
Found : user_pref("extensions.asktb.o", "100000027");
Found : user_pref("extensions.asktb.pstate", "");
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Found : user_pref("extensions.asktb.socialmini-first", true);
Found : user_pref("extensions.asktb.socialmini-interval", "1200000");
Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Found : user_pref("extensions.asktb.socialmini-max-items", "30");
Found : user_pref("extensions.asktb.socialmini-native-on", true);
Found : user_pref("extensions.asktb.socialmini-speed", "10000");
Found : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Found : user_pref("extensions.asktb.to", "");
Found : user_pref("extensions.enabledAddons", "fb_add_on@avm.de:1.6.3,ich@maltegoetz.de:1.4.2,ffxtlbra@softo[...]
Found : user_pref("extensions.facemoods.aflt", "_#dpg");
Found : user_pref("extensions.facemoods.firstRun", false);
Found : user_pref("extensions.facemoods.lastActv", "6");
Found : user_pref("extensions.incredibar.actvtyRptTime", "1341467344666");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "EN");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.dfltlng", "EN");
Found : user_pref("extensions.incredibar.dfltsrch", "false");
Found : user_pref("extensions.incredibar.did", "10665");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "D2BF7951FBB008229551AA1ADAAAA037");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.hrdid", "0");
Found : user_pref("extensions.incredibar.id", "8c0dac64000000000000002215600bad");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15504");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.instlday", "15504");
Found : user_pref("extensions.incredibar.instlref", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", false);
Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Found : user_pref("extensions.incredibar.keywordurl", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.147:33:53");
Found : user_pref("extensions.incredibar.logicsMngrDailyReportTime", "05-07-2012");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.newtab", "false");
Found : user_pref("extensions.incredibar.newtaburl", "");
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.propectorlck", 80068214);
Found : user_pref("extensions.incredibar.prtkHmpg", 1);
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.smplgrp", "none");
Found : user_pref("extensions.incredibar.srch", "");
Found : user_pref("extensions.incredibar.srchprvdr", "");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8vQpBcfa&loc=IB_T[...]
Found : user_pref("extensions.incredibar.tlbrid", "base");
Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8vQpBcfa&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6R8vQpBcfa");
Found : user_pref("extensions.incredibar.upn2n", "92824526614914436");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.147:33:53");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.147:33:53");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10665");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "8c0dac64000000000000002215600bad");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15504");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8vQpBcfa&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6R8vQpBcfa");
Found : user_pref("extensions.incredibar_i.upn2n", "92824526614914436");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.147:33:53");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&loca[...]
Found : user_pref("plasmoo.search.engine.prevkeywordurl", "hxxp://start.facemoods.com/results.php?f=5&a=dpg&[...]
Found : user_pref("plasmoo.search.engine.prevsearchdefaultthisenginename", "pc gear de Customized Web Search[...]
Found : user_pref("plasmoo.search.engine.prevsearchdefaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?c[...]

*************************

AdwCleaner[R1].txt - [41164 octets] - [18/07/2012 17:41:48]

########## EOF - C:\AdwCleaner[R1].txt - [41293 octets] ##########

cosinus · 18.07.2012, 21:23

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

maeusuruh · 19.07.2012, 11:11

adwCleaner - Delete:

Code:

ATTFilter

 # AdwCleaner v1.702 - Logfile created 07/19/2012 at 12:04:31
# Updated 13/07/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Frank - ADMIN-PC
# Running from : C:\Users\Frank\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Users\Frank\AppData\Local\OpenCandy
Deleted on reboot : C:\Users\Frank\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Users\Frank\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Frank\AppData\LocalLow\facemoods.com
Deleted on reboot : C:\Users\Frank\AppData\Roaming\OpenCandy
Deleted on reboot : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\Conduit
Deleted on reboot : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\ConduitEngine
Deleted on reboot : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\extensions\ffxtlbra@softonic.com
Deleted on reboot : C:\ProgramData\Ask
Deleted on reboot : C:\Program Files\Web Assistant
Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\MyStart Search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Deleted : HKLM\SOFTWARE\Software
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6R8vQpBcfa&i=26 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\prefs.js

C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\user.js ... Deleted !

Deleted : user_pref("CT2582601..clientLogIsEnabled", true);
Deleted : user_pref("CT2582601..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2582601..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2582601.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2582601.CTID", "CT2582601");
Deleted : user_pref("CT2582601.CurrentServerDate", "1-5-2011");
Deleted : user_pref("CT2582601.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2582601.DialogsGetterLastCheckTime", "Sun May 01 2011 11:40:18 GMT+0200");
Deleted : user_pref("CT2582601.DownloadReferralCookieData", "");
Deleted : user_pref("CT2582601.EMailNotifierPollDate", "Sun Nov 21 2010 13:34:27 GMT+0100");
Deleted : user_pref("CT2582601.FeedLastCount203199574394042224", 477);
Deleted : user_pref("CT2582601.FeedPollDate129255010797257841", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257847", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257853", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257859", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257865", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257871", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257877", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257883", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257889", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257895", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257901", "Sun Nov 21 2010 13:23:48 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257907", "Sun Nov 21 2010 13:23:48 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257913", "Sun Nov 21 2010 13:23:48 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257919", "Sun Nov 21 2010 13:23:48 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257925", "Sun Nov 21 2010 13:23:48 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257931", "Sun Nov 21 2010 13:23:48 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257937", "Sun Nov 21 2010 13:23:48 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257943", "Sun Nov 21 2010 13:23:49 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257949", "Sun Nov 21 2010 13:23:49 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257955", "Sun Nov 21 2010 13:23:51 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257961", "Sun Nov 21 2010 13:23:51 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257967", "Sun Nov 21 2010 13:23:51 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257973", "Sun Nov 21 2010 13:23:51 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257979", "Sun Nov 21 2010 13:23:51 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257985", "Sun Nov 21 2010 13:23:51 GMT+0100");
Deleted : user_pref("CT2582601.FeedPollDate129255010797257991", "Sun Nov 21 2010 13:23:51 GMT+0100");
Deleted : user_pref("CT2582601.FeedTTL129255010797257853", 5);
Deleted : user_pref("CT2582601.FeedTTL129255010797257859", 5);
Deleted : user_pref("CT2582601.FeedTTL129255010797257889", 2);
Deleted : user_pref("CT2582601.FeedTTL129255010797257919", 5);
Deleted : user_pref("CT2582601.FeedTTL129255010797257931", 30);
Deleted : user_pref("CT2582601.FirstServerDate", "21-11-2010");
Deleted : user_pref("CT2582601.FirstTime", true);
Deleted : user_pref("CT2582601.FirstTimeFF3", true);
Deleted : user_pref("CT2582601.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2582601.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2582601.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2582601.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2582601.HasUserGlobalKeys", true);
Deleted : user_pref("CT2582601.Initialize", true);
Deleted : user_pref("CT2582601.InitializeCommonPrefs", true);
Deleted : user_pref("CT2582601.InstallationAndCookieDataSentCount", 2);
Deleted : user_pref("CT2582601.InstallationId", "np_0033");
Deleted : user_pref("CT2582601.InstallationType", "ExternalIntegration");
Deleted : user_pref("CT2582601.InstalledDate", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CT2582601.InvalidateCache", false);
Deleted : user_pref("CT2582601.IsGrouping", false);
Deleted : user_pref("CT2582601.IsMulticommunity", false);
Deleted : user_pref("CT2582601.IsOpenThankYouPage", false);
Deleted : user_pref("CT2582601.IsOpenUninstallPage", true);
Deleted : user_pref("CT2582601.LanguagePackLastCheckTime", "Sun May 01 2011 11:40:18 GMT+0200");
Deleted : user_pref("CT2582601.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2582601.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2582601.LastLogin_2.7.1.3", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CT2582601.LastLogin_3.3.3.2", "Sun May 01 2011 11:40:19 GMT+0200");
Deleted : user_pref("CT2582601.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2582601.Locale", "de");
Deleted : user_pref("CT2582601.LoginCache", 4);
Deleted : user_pref("CT2582601.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2582601.MCDetectTooltipShow", false);
Deleted : user_pref("CT2582601.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2582601.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2582601.PublisherContainerWidth", 1360);
Deleted : user_pref("CT2582601.RadioIsPodcast", false);
Deleted : user_pref("CT2582601.RadioLastCheckTime", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CT2582601.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2582601.RadioLastUpdateServer", "3");
Deleted : user_pref("CT2582601.RadioMediaID", "9951");
Deleted : user_pref("CT2582601.RadioMediaType", "Media Player");
Deleted : user_pref("CT2582601.RadioMenuSelectedID", "EBRadioMenu_CT2582601_RECENT9951");
Deleted : user_pref("CT2582601.RadioShrinked", "expanded");
Deleted : user_pref("CT2582601.RadioStationName", "Rap");
Deleted : user_pref("CT2582601.RadioStationURL", "hxxp://www.defjay.com/listen.asx");
Deleted : user_pref("CT2582601.RadioVolume", "34");
Deleted : user_pref("CT2582601.SavedHomepage", "hxxp://www.die-staemme.de/");
Deleted : user_pref("CT2582601.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2582601.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2582601.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT258[...]
Deleted : user_pref("CT2582601.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2582601.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2582601.SearchInNewTabLastCheckTime", "Sun May 01 2011 11:40:19 GMT+0200");
Deleted : user_pref("CT2582601.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2582601.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2582601.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2582601.ServiceMapLastCheckTime", "Sun May 01 2011 11:40:18 GMT+0200");
Deleted : user_pref("CT2582601.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2582601.SettingsLastCheckTime", "Sun May 01 2011 11:40:18 GMT+0200");
Deleted : user_pref("CT2582601.SettingsLastUpdate", "1299524390");
Deleted : user_pref("CT2582601.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2582601.ThirdPartyComponentsLastCheck", "Sun May 01 2011 11:40:18 GMT+0200");
Deleted : user_pref("CT2582601.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2582601.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2582601");
Deleted : user_pref("CT2582601.Uninstall", true);
Deleted : user_pref("CT2582601.UserID", "UN95689624456545820");
Deleted : user_pref("CT2582601.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2582601.WeatherNetwork", "");
Deleted : user_pref("CT2582601.WeatherPollDate", "Sun Nov 21 2010 14:05:48 GMT+0100");
Deleted : user_pref("CT2582601.WeatherUnit", "C");
Deleted : user_pref("CT2582601.alertChannelId", "975434");
Deleted : user_pref("CT2582601.backendstorage.facebbok_user_id", "313030303030323036353534383937");
Deleted : user_pref("CT2582601.backendstorage.facebook_login_status", "31");
Deleted : user_pref("CT2582601.backendstorage.facebook_lust_recievegadet", "");
Deleted : user_pref("CT2582601.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT2582601.backendstorage.facebook_user_name", "3078303034332C3078303036432C3078303036312C[...]
Deleted : user_pref("CT2582601.backendstorage.facebook_user_token", "3230393834353033353330347C656166363136356[...]
Deleted : user_pref("CT2582601.backendstorage.facebooknotifications", "31");
Deleted : user_pref("CT2582601.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "434C4F5345");
Deleted : user_pref("CT2582601.backendstorage.hxxp://facebook_conduitapps_com/v308.facebook_friendsuploadstab_[...]
Deleted : user_pref("CT2582601.backendstorage.hxxp://facebook_conduitapps_com/v308.facebook_last_visit_tab", "[...]
Deleted : user_pref("CT2582601.backendstorage.hxxp://facebook_conduitapps_com/v308.facebook_myuploadstab_pos",[...]
Deleted : user_pref("CT2582601.clientLogIsEnabled", true);
Deleted : user_pref("CT2582601.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2582601.components.1000034", false);
Deleted : user_pref("CT2582601.components.1003", true);
Deleted : user_pref("CT2582601.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2582601.globalFirstTimeInfoLastCheckTime", "Sun May 01 2011 11:40:19 GMT+0200");
Deleted : user_pref("CT2582601.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2582601.myStuffEnabled", true);
Deleted : user_pref("CT2582601.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2582601.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2582601.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2582601.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2582601.oldAppsList", "129144940768357001,129144940768669502,129144940770700906,1000082[...]
Deleted : user_pref("CT2582601.testingCtid", "");
Deleted : user_pref("CT2582601.toolbarAppMetaDataLastCheckTime", "Sun May 01 2011 11:40:18 GMT+0200");
Deleted : user_pref("CT2582601.toolbarContextMenuLastCheckTime", "Sun May 01 2011 11:40:18 GMT+0200");
Deleted : user_pref("CT2582601.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2582601");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2582601", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2582601",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2582601/CT2582601[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/ar[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/result.htm?q=");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2582601,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2582601");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 21 2011 16:58:47 GMT+01[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun May 01 2011 01:17:33 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun May 01 2011 01:17:25 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "d28878a8-54b1-44ff-893f-1689174313cc");
Deleted : user_pref("CommunityToolbar.facebook.sessionKey", "eaf6165a52ee896139383624-100000206554897");
Deleted : user_pref("CommunityToolbar.facebook.sessionSecret", "dc74e0df59a52ac607c385084305d878");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Nov 21 2010 13:23:47 GMT+0100");
Deleted : user_pref("CommunityToolbar.facebook.userId", "100000206554897");
Deleted : user_pref("CommunityToolbar.globalUserId", "a32c2896-5c8e-4535-8786-732ccbb427df");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2582601");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Apr 20 2011 22:52:14 GMT+0200");
Deleted : user_pref("ConduitEngine.BrowserCompStateIsOpen_1627818309137728572", true);
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun May 01 2011 11:36:31 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "03/21/2011 17");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Mon Mar 21 2011 16:58:48 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun May 01 2011 11:36:31 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.2.1", "Tue Mar 22 2011 12:04:32 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sun May 01 2011 11:36:32 GMT+0200");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sun May 01 2011 11:36:31 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN91039505358548577");
Deleted : user_pref("ConduitEngine.apps1627818309137728572", false);
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun May 01 2011 11:36:32 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun May 01 2011 11:36:31 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "pc gear de Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2582601&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.Softonic.admin", false);
Deleted : user_pref("extensions.Softonic.aflt", "orgnl");
Deleted : user_pref("extensions.Softonic.autoRvrt", "false");
Deleted : user_pref("extensions.Softonic.cntry", "DE");
Deleted : user_pref("extensions.Softonic.dfltLng", "");
Deleted : user_pref("extensions.Softonic.dfltlng", "en");
Deleted : user_pref("extensions.Softonic.dfltsrch", "false");
Deleted : user_pref("extensions.Softonic.envrmnt", "production");
Deleted : user_pref("extensions.Softonic.excTlbr", false);
Deleted : user_pref("extensions.Softonic.hdrMd5", "C6870FEE33F57EE46463A55EBC1E8B72");
Deleted : user_pref("extensions.Softonic.hmpg", false);
Deleted : user_pref("extensions.Softonic.hrdid", "8c0dac64000000000000002215600bad");
Deleted : user_pref("extensions.Softonic.id", "8c0dac64000000000000002215600bad");
Deleted : user_pref("extensions.Softonic.instlDay", "15492");
Deleted : user_pref("extensions.Softonic.instlRef", "MON00001");
Deleted : user_pref("extensions.Softonic.instlday", "15492");
Deleted : user_pref("extensions.Softonic.instlref", "MON00001");
Deleted : user_pref("extensions.Softonic.isDcmntCmplt", true);
Deleted : user_pref("extensions.Softonic.isdcmntcmplt", "false");
Deleted : user_pref("extensions.Softonic.keywordurl", "");
Deleted : user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.323:34:20");
Deleted : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.Softonic.newTab", false);
Deleted : user_pref("extensions.Softonic.newtab", "false");
Deleted : user_pref("extensions.Softonic.newtaburl", "");
Deleted : user_pref("extensions.Softonic.prdct", "Softonic");
Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");
Deleted : user_pref("extensions.Softonic.prtnrid", "softonic");
Deleted : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Deleted : user_pref("extensions.Softonic.savedVrsnTs", "1");
Deleted : user_pref("extensions.Softonic.sg", "az");
Deleted : user_pref("extensions.Softonic.similarsitesstorage-pid2", "8489e505aeab360d");
Deleted : user_pref("extensions.Softonic.smplGrp", "none");
Deleted : user_pref("extensions.Softonic.smplgrp", "none");
Deleted : user_pref("extensions.Softonic.srch", "");
Deleted : user_pref("extensions.Softonic.srchprvdr", "");
Deleted : user_pref("extensions.Softonic.tlbrId", "base");
Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]
Deleted : user_pref("extensions.Softonic.tlbrid", "base");
Deleted : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]
Deleted : user_pref("extensions.Softonic.vrsn", "1.5.24.3");
Deleted : user_pref("extensions.Softonic.vrsnTs", "1.5.24.323:34:20");
Deleted : user_pref("extensions.Softonic.vrsni", "1.5.24.3");
Deleted : user_pref("extensions.Softonic.vrsnts", "1.5.24.323:34:20");
Deleted : user_pref("extensions.Softonic_i.newTab", false);
Deleted : user_pref("extensions.Softonic_i.smplGrp", "none");
Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.323:34:20");
Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "U3");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.crumb", "2012.07.08+00.08.16-toolbar003iad-DE-QmVybGluLEdlcm1hbnk%3D");
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0007");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://mystart.incredibar.com/mb165/?loc=IB_D[...]
Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1341850132200");
Deleted : user_pref("extensions.asktb.last-v", "3.14.1.100013");
Deleted : user_pref("extensions.asktb.locale", "de_DE");
Deleted : user_pref("extensions.asktb.location", "Berlin,Germany");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.news-native-on", true);
Deleted : user_pref("extensions.asktb.o", "100000027");
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.enabledAddons", "fb_add_on@avm.de:1.6.3,ich@maltegoetz.de:1.4.2,ffxtlbra@softo[...]
Deleted : user_pref("extensions.facemoods.aflt", "_#dpg");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "6");
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1341467344666");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "EN");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10665");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "D2BF7951FBB008229551AA1ADAAAA037");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "8c0dac64000000000000002215600bad");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15504");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15504");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.147:33:53");
Deleted : user_pref("extensions.incredibar.logicsMngrDailyReportTime", "05-07-2012");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.propectorlck", 80068214);
Deleted : user_pref("extensions.incredibar.prtkHmpg", 1);
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8vQpBcfa&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8vQpBcfa&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6R8vQpBcfa");
Deleted : user_pref("extensions.incredibar.upn2n", "92824526614914436");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.147:33:53");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.147:33:53");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10665");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "8c0dac64000000000000002215600bad");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15504");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8vQpBcfa&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8vQpBcfa");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824526614914436");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.147:33:53");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&loca[...]
Deleted : user_pref("plasmoo.search.engine.prevkeywordurl", "hxxp://start.facemoods.com/results.php?f=5&a=dpg&[...]
Deleted : user_pref("plasmoo.search.engine.prevsearchdefaultthisenginename", "pc gear de Customized Web Search[...]
Deleted : user_pref("plasmoo.search.engine.prevsearchdefaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?c[...]

*************************

AdwCleaner[R1].txt - [41193 octets] - [18/07/2012 17:41:48]
AdwCleaner[S1].txt - [38806 octets] - [19/07/2012 12:04:31]

########## EOF - C:\AdwCleaner[S1].txt - [38935 octets] ##########

Übrigens: seit ich den ersten Quickscan mit Malwarebytes gemacht habe, taucht die incredibar, die sich ja immer wieder in meine Startseite von Firefox geladen hat, nicht mehr auf!!

cosinus · 19.07.2012, 19:04

Hätte da mal drei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Toolbar bzw. Weiterleitung nun weg?

maeusuruh · 24.07.2012, 21:45

Also:
1. Windows war nie eingeschränkt und läuft wie immer ganz normal (wobei es mir vorkommt, als ob es etwas langsamer läuft)
2. Vermisse bis jetzt nichts im Startmenü, habe auch keine leeren Ordner gefunden.
3. Die Weiterleitung, meinst damit zu incredibar oder, die ist weg. Habe Facebook in meinem Startmenü von Firefox drinnen, und die wird aufgerufen, wenn ich firefox starte. Vorher hat sich ja da incredibar immer wieder draufgelegt, wenn ich den Compi neu gestartet habe!!
LG Claudia

cosinus · 24.07.2012, 22:21

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

maeusuruh · 01.08.2012, 12:40

Sorry, war die letzten Tage nicht da!!
Jetzt die OTL:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.08.2012 13:23:39 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Frank\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 77,67% Memory free
16,21 Gb Paging File | 14,21 Gb Available in Paging File | 87,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 481,76 Gb Free Space | 51,72% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.01 12:37:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL(1).exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.13 12:25:11 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.08 22:15:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 22:14:59 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:14:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.23 06:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.01.05 21:35:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.03.23 13:12:44 | 000,327,680 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\Pac7302\PACTray.exe
PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\Pac7302\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2007.10.19 05:10:30 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.07.26 23:29:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 22:15:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:14:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.01.05 21:35:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.12.26 13:23:34 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Frank\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.08 22:15:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:15:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.12.02 15:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010.12.02 15:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.12.02 15:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.12.02 15:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.12.02 13:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.12.02 13:36:40 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010.06.25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.12.02 18:57:48 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009.06.10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.04.11 07:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.04.11 07:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2008.11.19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008.11.10 13:17:40 | 000,531,968 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PAC7302.SYS -- (PAC7302)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.03.20 02:44:34 | 000,467,456 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2007.12.06 09:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007.02.08 09:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dsiarhwprog_x64.sys -- (usbio)
DRV:64bit: - [2006.10.31 17:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006.09.19 14:43:54 | 000,018,224 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008.01.18 14:21:38 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008.01.18 14:21:36 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes,DefaultScope = Plasmoo
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{08F95AC0-1D40-443E-ADA3-9A0EAD1745C8}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{5033262E-1290-45AD-8B2C-CB2FD2E65299}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{5CFDB435-86A1-48E5-ADE8-7F43EB9EAA8F}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{6FE52790-D24A-4B46-B535-7A88C2D86152}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYDE&apn_uid=F501E56B-5C15-4F3D-A955-EF8ABECD821C&apn_sauid=44DED72A-4D64-4297-8CDC-9A6F16CB5830
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{9148E46A-4B18-4B31-8B70-A8114CF989BD}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{B357C1CA-69CF-4B2E-A69A-9BDC10F2F8AC}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{D7ABBE17-5AC2-4E34-8B5F-7FAFB01B9751}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com.anonymize-me.de/?anonymto=687474703A2F2F706C61736D6F6F2E636F6D2F726573756C742E68746D3F713D7B7365617263685465726D737D265365617263684D617368696E653D74727565&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/index.php?lh=b5f1416c11cd4baa3a997c8bfe9cb4b1&eu=IfFOcEYGRYwiAU8TS6GVAw"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: codiprog@fbplus.plugin:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: engine@plasmoo.com:1.0.0.32
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.6.3
FF - prefs.js..extensions.enabledItems: ffxtlbra@softonic.com:1.5.0
FF - prefs.js..network.proxy.http: "190.66.17.53"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Frank\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.05.31 22:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.13 12:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.13 12:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 10:49:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.07 22:44:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.12 13:15:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.05.31 22:55:38 | 000,000,000 | ---D | M]
 
[2010.09.15 12:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions
[2010.09.15 12:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.11 12:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.25 19:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions
[2010.04.28 06:15:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.20 19:59:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.14 22:27:01 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\fb_add_on@avm.de
[2012.05.18 13:38:38 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\8ghejrb4.default\extensions\ich@maltegoetz.de
[2011.12.26 13:23:36 | 000,001,091 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\icqplugin.xml
[2011.12.26 13:23:37 | 000,002,188 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{254DA591-C16D-4FB6-9062-4C050FA0B1BD}.xml
[2011.12.26 13:23:37 | 000,001,870 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{6332F0FF-685E-4193-9E72-D96AEE055E73}.xml
[2011.12.26 13:23:37 | 000,002,077 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{7D01AA1A-5AB3-4D3E-ACAE-79CACC0E28AC}.xml
[2012.07.07 22:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.06.23 21:00:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.13 23:06:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.07 22:45:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.11 15:39:43 | 000,061,228 | ---- | M] () (No name found) -- C:\USERS\FRANK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8GHEJRB4.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012.07.19 10:49:48 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009.09.08 16:02:46 | 000,188,416 | ---- | M] (The cURL library, hxxp://curl.haxx.se/) -- C:\Program Files (x86)\mozilla firefox\plugins\libcurl.dll
[2009.10.29 16:57:40 | 001,359,872 | ---- | M] (Fraunhofer IIS) -- C:\Program Files (x86)\mozilla firefox\plugins\npmmtaplayer.dll
[2012.06.13 12:25:21 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.07.07 21:43:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.07 21:43:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.07 21:43:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.26 13:23:36 | 000,001,611 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchDpg.xml
[2012.07.07 21:43:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.07 21:43:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.07 21:43:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Frank\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [PACTray] C:\Windows\Pixart\Pac7302\PACTray.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [UpdateUSB] C:\Windows\inf\UpdateUSB.exe (AsusTek Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\PartyGaming\PartyPoker\RunApp.exe ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EF2AE26-FF8E-4427-A3DD-D1BE409D82E6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{841DA7EE-789D-4B01-B5BF-E1D0CF08E86C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B94D2724-8C73-4AE6-A359-2099ABA3E767}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\bw+0 - No CLSID value found
O18:64bit: - Protocol\Handler\bw+0s - No CLSID value found
O18:64bit: - Protocol\Handler\bw-0 - No CLSID value found
O18:64bit: - Protocol\Handler\bw00 - No CLSID value found
O18:64bit: - Protocol\Handler\bw00s - No CLSID value found
O18:64bit: - Protocol\Handler\bw-0s - No CLSID value found
O18:64bit: - Protocol\Handler\bw10 - No CLSID value found
O18:64bit: - Protocol\Handler\bw10s - No CLSID value found
O18:64bit: - Protocol\Handler\bw20 - No CLSID value found
O18:64bit: - Protocol\Handler\bw20s - No CLSID value found
O18:64bit: - Protocol\Handler\bw30 - No CLSID value found
O18:64bit: - Protocol\Handler\bw30s - No CLSID value found
O18:64bit: - Protocol\Handler\bw40 - No CLSID value found
O18:64bit: - Protocol\Handler\bw40s - No CLSID value found
O18:64bit: - Protocol\Handler\bw50 - No CLSID value found
O18:64bit: - Protocol\Handler\bw50s - No CLSID value found
O18:64bit: - Protocol\Handler\bw60 - No CLSID value found
O18:64bit: - Protocol\Handler\bw60s - No CLSID value found
O18:64bit: - Protocol\Handler\bw70 - No CLSID value found
O18:64bit: - Protocol\Handler\bw70s - No CLSID value found
O18:64bit: - Protocol\Handler\bw80 - No CLSID value found
O18:64bit: - Protocol\Handler\bw80s - No CLSID value found
O18:64bit: - Protocol\Handler\bw90 - No CLSID value found
O18:64bit: - Protocol\Handler\bw90s - No CLSID value found
O18:64bit: - Protocol\Handler\bwa0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwa0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwb0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwb0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwc0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwc0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwd0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwd0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwe0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwe0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwf0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwf0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwfile-8876480 - No CLSID value found
O18:64bit: - Protocol\Handler\bwg0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwg0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwh0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwh0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwi0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwi0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwj0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwj0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwk0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwk0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwl0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwl0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwm0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwm0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwn0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwn0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwo0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwo0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwp0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwp0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwq0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwq0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwr0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwr0s - No CLSID value found
O18:64bit: - Protocol\Handler\bws0 - No CLSID value found
O18:64bit: - Protocol\Handler\bws0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwt0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwt0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwu0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwu0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwv0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwv0s - No CLSID value found
O18:64bit: - Protocol\Handler\bww0 - No CLSID value found
O18:64bit: - Protocol\Handler\bww0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwx0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwx0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwy0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwy0s - No CLSID value found
O18:64bit: - Protocol\Handler\bwz0 - No CLSID value found
O18:64bit: - Protocol\Handler\bwz0s - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\offline-8876480 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\bw+0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw+0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0 {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0s {3fdb282b-b33e-4500-b6c2-484bba806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {3FDB282B-B33E-4500-B6C2-484BBA806116} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Frank\Pictures\2010-09-06 Urlaub Sep.2010, Kroatien Premantura\Urlaub Sep.2010, Kroatien Premantura 012.JPG
O24 - Desktop BackupWallPaper: C:\Users\Frank\Pictures\2010-09-06 Urlaub Sep.2010, Kroatien Premantura\Urlaub Sep.2010, Kroatien Premantura 012.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ae806f2-a2a0-11df-9537-0022156014a3}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae806f2-a2a0-11df-9537-0022156014a3}\Shell\AutoRun\command - "" = J:\LGAutoRun.exe
O33 - MountPoints2\{86f40ed1-a9b5-11df-8350-0022156014a3}\Shell - "" = AutoRun
O33 - MountPoints2\{86f40ed1-a9b5-11df-8350-0022156014a3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Start.hta
O33 - MountPoints2\{de9b2b23-df64-11de-b799-0022156014a3}\Shell - "" = AutoRun
O33 - MountPoints2\{de9b2b23-df64-11de-b799-0022156014a3}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{f7e9ea89-702b-11e1-a539-0022156014a3}\Shell - "" = AutoRun
O33 - MountPoints2\{f7e9ea89-702b-11e1-a539-0022156014a3}\Shell\AutoRun\command - "" = J:\NokiaPCIA_Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^forteManager.lnk - C:\PROGRA~2\LGSOFT~1\FORTEM~1\bin\Monitor.exe - ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\PROGRA~2\MICROS~1\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MsConfig:64bit - StartUpReg: hxxp://ticker.7910.org/an1cHrs0cr60002MDAwODk1b3wwMDAwNTU0ZGF8QmFsZCBmYWhyZW4gd2lyISEhISBOb2No - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: hxxp://ticker.7910.org/an1cHrsVM1P0002MDAwMTUwbHwwMDAwNTU0ZGF8QmFsZCBmYWhyZW4gd2lyISEhISBOb2No - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig:64bit - StartUpReg: ISUSPM Startup - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig:64bit - StartUpReg: LDM - hkey= - key= - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig:64bit - StartUpReg: NokiaPCInternetAccess - hkey= - key= - C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe (Nokia)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig:64bit - StartUpReg: SoundTray - hkey= - key= - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= -  File not found
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.01 12:37:13 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL(1).exe
[2012.07.29 23:10:03 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Audacity
[2012.07.29 23:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012.07.26 16:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.16 18:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.16 18:47:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Frank\Desktop\esetsmartinstaller_enu.exe
[2012.07.09 00:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012.07.09 00:38:23 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\Freemake
[2012.07.09 00:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012.07.09 00:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2012.07.08 22:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.08 22:30:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.07 16:06:26 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Malwarebytes
[2012.07.07 16:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.07 16:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.07 16:06:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.07 16:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.01 12:37:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL(1).exe
[2012.08.01 12:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.01 12:08:33 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.01 12:08:33 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.01 12:08:33 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.01 12:08:33 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.01 12:08:33 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.01 12:02:39 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 12:02:39 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 12:02:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 21:22:24 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.31 21:22:24 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.31 21:22:19 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.07.29 23:09:18 | 000,000,846 | ---- | M] () -- C:\Users\Frank\Desktop\Audacity.lnk
[2012.07.18 17:40:46 | 000,624,883 | ---- | M] () -- C:\Users\Frank\Desktop\adwcleaner.exe
[2012.07.16 18:47:23 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Frank\Desktop\esetsmartinstaller_enu.exe
[2012.07.16 16:45:20 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.12 18:03:59 | 000,271,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.08 22:30:29 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.07 21:31:30 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.07 20:40:40 | 000,097,473 | ---- | M] () -- C:\Users\Frank\Desktop\bookmarks-2012-07-07.json
[2012.07.07 16:30:09 | 000,000,020 | ---- | M] () -- C:\Users\Frank\defogger_reenable
[2012.07.05 11:31:16 | 000,001,950 | ---- | M] () -- C:\Users\Frank\Desktop\Windows Photo Gallery.lnk
[2012.07.05 11:24:27 | 000,000,218 | ---- | M] () -- C:\Users\Frank\.recently-used.xbel
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.29 23:09:18 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.07.29 23:09:18 | 000,000,846 | ---- | C] () -- C:\Users\Frank\Desktop\Audacity.lnk
[2012.07.18 17:40:42 | 000,624,883 | ---- | C] () -- C:\Users\Frank\Desktop\adwcleaner.exe
[2012.07.07 21:43:40 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.07 21:31:30 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.07 20:40:40 | 000,097,473 | ---- | C] () -- C:\Users\Frank\Desktop\bookmarks-2012-07-07.json
[2012.07.07 16:30:09 | 000,000,020 | ---- | C] () -- C:\Users\Frank\defogger_reenable
[2012.07.07 16:06:12 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.05 11:31:16 | 000,001,950 | ---- | C] () -- C:\Users\Frank\Desktop\Windows Photo Gallery.lnk
[2012.07.05 11:24:27 | 000,000,218 | ---- | C] () -- C:\Users\Frank\.recently-used.xbel
[2011.12.26 13:23:35 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.11.06 01:09:44 | 011,980,353 | ---- | C] () -- C:\Windows\SysWow64\meinfotoalbum_meinfotoalbum_uninstaller.exe
[2011.10.28 19:57:38 | 000,001,356 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.01 17:29:47 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.09.17 14:55:57 | 001,418,240 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfserv.dll
[2011.09.17 14:55:57 | 001,099,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfusb1.dll
[2011.09.17 14:55:57 | 000,568,832 | ---- | C] () -- C:\Windows\SysWow64\lxbfutil.dll
[2011.09.17 14:55:57 | 000,488,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbflmpm.dll
[2011.09.17 14:55:57 | 000,410,112 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpmui.dll
[2011.09.17 14:55:57 | 000,305,664 | ---- | C] ( ) -- C:\Windows\SysWow64\LXBFhcp.dll
[2011.09.17 14:55:57 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfinpa.dll
[2011.09.17 14:55:57 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfiesc.dll
[2011.09.17 14:55:57 | 000,194,048 | ---- | C] () -- C:\Windows\SysWow64\LXBFinst.dll
[2011.09.17 14:55:57 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfprox.dll
[2011.09.17 14:55:57 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpplc.dll
[2011.09.17 14:55:56 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomc.dll
[2011.09.17 14:55:56 | 000,660,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfhbn3.dll
[2011.09.17 14:55:56 | 000,566,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcoms.exe
[2011.09.17 14:55:56 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomm.dll
[2011.09.17 14:55:56 | 000,236,464 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcfg.exe
[2011.09.17 14:55:56 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfih.exe
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.25 22:35:11 | 000,000,862 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI
[2011.03.28 20:54:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.08.27 17:11:17 | 000,097,344 | ---- | C] () -- C:\Users\Frank\slowenien.htm
[2010.07.29 11:50:19 | 000,000,000 | ---- | C] () -- C:\Users\Frank\jagex__preferences3.dat
[2010.07.29 11:45:26 | 000,000,099 | ---- | C] () -- C:\Users\Frank\jagex_runescape_preferences2.dat
[2010.07.29 11:44:24 | 000,000,046 | ---- | C] () -- C:\Users\Frank\jagex_runescape_preferences.dat
[2009.10.21 21:33:45 | 000,001,024 | ---- | C] () -- C:\Users\Frank\.rnd
[2009.06.23 16:54:02 | 000,182,784 | ---- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.23 12:29:59 | 000,001,164 | ---- | C] () -- C:\Users\Frank\AppData\Local\9A5FF4EA.il
[2009.06.23 12:29:59 | 000,000,280 | ---- | C] () -- C:\Users\Frank\AppData\Local\IndexIE_9A5FF4EA.il
[2009.06.23 11:32:45 | 000,000,732 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps64.dat
 
========== LOP Check ==========
 
[2012.07.07 16:13:20 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\7910.org
[2012.06.02 01:16:20 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Amazon
[2012.07.29 23:37:55 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Audacity
[2011.08.04 13:44:06 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Auslogics
[2009.10.21 09:05:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Blitware
[2009.12.02 18:57:12 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DAEMON Tools
[2011.12.26 13:27:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DesktopIconForAmazon
[2012.06.13 07:53:19 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Docx2Rtf
[2012.07.09 00:53:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft
[2010.06.21 13:01:48 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Facebook
[2010.12.16 13:09:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Fraunhofer
[2012.01.19 18:35:30 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HTC
[2011.05.11 15:07:22 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.06.01 11:47:59 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\inkscape
[2011.12.26 13:25:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\IrfanView
[2009.12.30 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Leadertech
[2012.01.31 00:03:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MyPhoneExplorer
[2011.05.23 13:48:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia
[2011.05.23 13:48:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia Ovi Suite
[2012.06.13 07:54:15 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\NwDocx
[2011.12.26 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OCS
[2011.12.26 13:23:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Opera
[2011.10.28 16:35:18 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Origin
[2011.05.06 21:27:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PC Suite
[2009.10.21 22:02:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Simple Star
[2010.04.29 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\temp
[2010.09.15 12:51:00 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Thunderbird
[2010.02.11 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom
[2011.12.09 19:58:10 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Visan
[2010.12.16 16:29:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\XMedia Recode
[2009.10.21 21:37:38 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\File Helper.job
[2012.07.31 23:15:10 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.07 16:13:20 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\7910.org
[2011.05.11 09:09:35 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Adobe
[2009.12.18 09:27:07 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Ahead
[2012.06.02 01:16:20 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Amazon
[2011.11.03 07:31:54 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Apple Computer
[2009.06.23 11:44:15 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ATI
[2012.07.29 23:37:55 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Audacity
[2011.08.04 13:44:06 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Auslogics
[2012.03.10 12:52:39 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Avira
[2009.10.21 09:05:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Blitware
[2009.12.02 18:57:12 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DAEMON Tools
[2011.12.26 13:27:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DesktopIconForAmazon
[2012.06.13 07:53:19 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Docx2Rtf
[2012.04.22 00:55:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\dvdcss
[2012.07.09 00:53:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft
[2010.06.21 13:01:48 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Facebook
[2010.12.16 13:09:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Fraunhofer
[2011.10.08 17:44:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HpUpdate
[2012.01.19 18:35:30 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HTC
[2011.05.11 15:07:22 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2009.06.23 11:32:49 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Identities
[2012.06.01 11:47:59 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\inkscape
[2009.06.23 12:15:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\InstallShield
[2011.12.26 13:25:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\IrfanView
[2009.12.30 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Leadertech
[2009.06.23 20:13:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Macromedia
[2012.07.07 16:06:26 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Malwarebytes
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Media Center Programs
[2012.06.02 00:14:52 | 000,000,000 | --SD | M] -- C:\Users\Frank\AppData\Roaming\Microsoft
[2012.06.02 00:15:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MixMeister Technology
[2009.10.01 19:52:00 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Mozilla
[2010.07.31 20:17:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Mozilla-Cache
[2012.01.31 00:03:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MyPhoneExplorer
[2009.10.21 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nero
[2009.12.06 21:48:42 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\NeroDigital™
[2011.05.23 13:48:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia
[2011.05.23 13:48:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia Ovi Suite
[2012.06.13 07:54:15 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\NwDocx
[2011.12.26 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OCS
[2011.12.26 13:23:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Opera
[2011.10.28 16:35:18 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Origin
[2011.05.06 21:27:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PC Suite
[2012.02.11 11:26:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Real
[2012.01.23 18:25:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\RealNetworks
[2009.10.01 19:51:15 | 000,000,000 | RH-D | M] -- C:\Users\Frank\AppData\Roaming\SecuROM
[2009.10.21 22:02:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Simple Star
[2012.07.09 00:50:36 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Skype
[2011.08.05 21:14:42 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\skypePM
[2009.08.24 11:57:02 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Talkback
[2010.04.29 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\temp
[2010.09.15 12:51:00 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Thunderbird
[2010.02.11 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom
[2011.12.09 19:58:10 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Visan
[2012.02.10 18:32:00 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\vlc
[2010.12.16 16:29:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2011.12.26 13:27:13 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Frank\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2010.06.21 13:01:48 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Frank\AppData\Roaming\Facebook\uninstall.exe
[2011.12.26 10:06:05 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.06.02 00:14:52 | 000,000,766 | R--- | M] () -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}\ARPPRODUCTICON.exe
[2011.12.26 13:23:33 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Frank\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.12.26 13:23:34 | 000,040,960 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2012.02.27 13:42:45 | 000,591,480 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Frank\AppData\Roaming\Real\RealPlayer\setup\AU_setup20120216.exe
[2009.12.05 20:00:39 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Frank\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2009.12.06 11:44:42 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Frank\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
[2012.06.09 23:12:22 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Frank\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
[2012.06.10 11:00:59 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Frank\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe
[2012.06.10 11:00:13 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Frank\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---
[/code]

cosinus · 02.08.2012, 11:52

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes,DefaultScope = Plasmoo
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{08F95AC0-1D40-443E-ADA3-9A0EAD1745C8}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{5033262E-1290-45AD-8B2C-CB2FD2E65299}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{5CFDB435-86A1-48E5-ADE8-7F43EB9EAA8F}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{6FE52790-D24A-4B46-B535-7A88C2D86152}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYDE&apn_uid=F501E56B-5C15-4F3D-A955-EF8ABECD821C&apn_sauid=44DED72A-4D64-4297-8CDC-9A6F16CB5830
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{9148E46A-4B18-4B31-8B70-A8114CF989BD}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\{B357C1CA-69CF-4B2E-A69A-9BDC10F2F8AC}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\..\SearchScopes\Plasmoo: "URL" = http://plasmoo.com.anonymize-me.de/?anonymto=687474703A2F2F706C61736D6F6F2E636F6D2F726573756C742E68746D3F713D7B7365617263685465726D737D265365617263684D617368696E653D74727565&st={searchTerms}&clid=193bf99a-6e40-4d77-90b6-a2d438483d05&pid=freewarede&k=0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@plasmoo.com:1.0.0.32
FF - prefs.js..network.proxy.http: "190.66.17.53"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..extensions.enabledItems: ffxtlbra@softonic.com:1.5.0
FF - user.js - File not found
[2011.12.26 13:23:36 | 000,001,091 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\icqplugin.xml
[2011.12.26 13:23:37 | 000,002,188 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{254DA591-C16D-4FB6-9062-4C050FA0B1BD}.xml
[2011.12.26 13:23:37 | 000,001,870 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{6332F0FF-685E-4193-9E72-D96AEE055E73}.xml
[2011.12.26 13:23:37 | 000,002,077 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{7D01AA1A-5AB3-4D3E-ACAE-79CACC0E28AC}.xml
[2009.06.23 21:00:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.26 13:23:36 | 000,001,611 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchDpg.xml
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-1827684769-3620193026-1381853637-1000..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ae806f2-a2a0-11df-9537-0022156014a3}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae806f2-a2a0-11df-9537-0022156014a3}\Shell\AutoRun\command - "" = J:\LGAutoRun.exe
O33 - MountPoints2\{86f40ed1-a9b5-11df-8350-0022156014a3}\Shell - "" = AutoRun
O33 - MountPoints2\{86f40ed1-a9b5-11df-8350-0022156014a3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Start.hta
O33 - MountPoints2\{de9b2b23-df64-11de-b799-0022156014a3}\Shell - "" = AutoRun
O33 - MountPoints2\{de9b2b23-df64-11de-b799-0022156014a3}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{f7e9ea89-702b-11e1-a539-0022156014a3}\Shell - "" = AutoRun
O33 - MountPoints2\{f7e9ea89-702b-11e1-a539-0022156014a3}\Shell\AutoRun\command - "" = J:\NokiaPCIA_Autorun.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

maeusuruh · 08.08.2012, 22:10

Hallo Arne!

Hier die OTL Fix:

Code:

ATTFilter

 All processes killed
========== OTL ==========
HKU\S-1-5-21-1827684769-3620193026-1381853637-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1827684769-3620193026-1381853637-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-1827684769-3620193026-1381853637-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1827684769-3620193026-1381853637-1000\Software\Microsoft\Internet Explorer\SearchScopes\{08F95AC0-1D40-443E-ADA3-9A0EAD1745C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08F95AC0-1D40-443E-ADA3-9A0EAD1745C8}\ not found.
Registry key HKEY_USERS\S-1-5-21-1827684769-3620193026-1381853637-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5033262E-1290-45AD-8B2C-CB2FD2E65299}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5033262E-1290-45AD-8B2C-CB2FD2E65299}\ not found.
Registry key HKEY_USERS\S-1-5-21-1827684769-3620193026-1381853637-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5CFDB435-86A1-48E5-ADE8-7F43EB9EAA8F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CFDB435-86A1-48E5-ADE8-7F43EB9EAA8F}\ not found.
Registry key HKEY_USERS\S-1-5-21-1827684769-3620193026-1381853637-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1827684769-3620193026-1381853637-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6FE52790-D24A-4B46-B535-7A88C2D86152}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FE52790-D24A-4B46-B535-7A88C2D86152}\ not found.
Registry key HKEY_USERS\S-1-5-21-1827684769-3620193026-1381853637-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9148E46A-4B18-4B31-8B70-A8114CF989BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9148E46A-4B18-4B31-8B70-A8114CF989BD}\ not found.
Registry key HKEY_USERS\S-1-5-21-1827684769-3620193026-1381853637-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B357C1CA-69CF-4B2E-A69A-9BDC10F2F8AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B357C1CA-69CF-4B2E-A69A-9BDC10F2F8AC}\ not found.
Registry key HKEY_USERS\S-1-5-21-1827684769-3620193026-1381853637-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: engine@plasmoo.com:1.0.0.32 removed from extensions.enabledItems
Prefs.js: "190.66.17.53" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: ffxtlbra@softonic.com:1.5.0 removed from extensions.enabledItems
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{254DA591-C16D-4FB6-9062-4C050FA0B1BD}.xml moved successfully.
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{6332F0FF-685E-4193-9E72-D96AEE055E73}.xml moved successfully.
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\8ghejrb4.default\searchplugins\{7D01AA1A-5AB3-4D3E-ACAE-79CACC0E28AC}.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchDpg.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1827684769-3620193026-1381853637-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ae806f2-a2a0-11df-9537-0022156014a3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ae806f2-a2a0-11df-9537-0022156014a3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ae806f2-a2a0-11df-9537-0022156014a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ae806f2-a2a0-11df-9537-0022156014a3}\ not found.
File J:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86f40ed1-a9b5-11df-8350-0022156014a3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86f40ed1-a9b5-11df-8350-0022156014a3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86f40ed1-a9b5-11df-8350-0022156014a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86f40ed1-a9b5-11df-8350-0022156014a3}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de9b2b23-df64-11de-b799-0022156014a3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de9b2b23-df64-11de-b799-0022156014a3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de9b2b23-df64-11de-b799-0022156014a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de9b2b23-df64-11de-b799-0022156014a3}\ not found.
File I:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7e9ea89-702b-11e1-a539-0022156014a3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7e9ea89-702b-11e1-a539-0022156014a3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7e9ea89-702b-11e1-a539-0022156014a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7e9ea89-702b-11e1-a539-0022156014a3}\ not found.
File J:\NokiaPCIA_Autorun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Frank
->Temp folder emptied: 305168630 bytes
->Temporary Internet Files folder emptied: 453556188 bytes
->Java cache emptied: 48675673 bytes
->FireFox cache emptied: 1157775869 bytes
->Flash cache emptied: 68063 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 401569 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.875,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Frank
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.56.0 log created on 08082012_225916

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012.08.08 23:03:16 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F

Registry entries deleted on Reboot...

Gruß Claudia

19.07.2012, 19:04	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mystart.incredibar entfernen Hätte da mal drei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? 3.) Die Toolbar bzw. Weiterleitung nun weg? __________________ Logfiles bitte immer in CODE-Tags posten

Mystart.incredibar entfernen

Plagegeister aller Art und deren Bekämpfung: Mystart.incredibar entfernen