| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert".Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.07.2012, 14:09
| #1 |
| |  "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". Hallo liebes Team, mein Rechner (Win 7) wurde am 22.7. evt. mit einem Trojaner infiziert. Die Meldung lautet: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". Habe den Computer im abgesicherten Modus gestartet und mir Malwarebytes heruntergeladen und das Update installiert. Der Quick- Scan ergab folgendes: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.22.06 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 **** :: **** [Administrator] Schutz: Deaktiviert 22.07.2012 14:36:18 mbam-log-2012-07-22 (14-36-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 193199 Laufzeit: 2 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\uwe schafstall\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\uwe schafstall\Downloads\SoftonicDownloader_fuer_minecraft.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\uwe schafstall\Downloads\SoftonicDownloader_fuer_photoscape.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Windows\System32\V.ico (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\SysWOW64\V.ico (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\uwe schafstall\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Danach habe ich mir OTL heruntergeladen und ebenfalls einen scan durchgeführt. OTL Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.07.2012 14:54:53 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\uwe schafstall\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 79,88% Memory free 7,97 Gb Paging File | 7,18 Gb Available in Paging File | 90,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,45 Gb Total Space | 327,92 Gb Free Space | 71,53% Space Free | Partition Type: NTFS Drive D: | 458,77 Gb Total Space | 133,61 Gb Free Space | 29,12% Space Free | Partition Type: NTFS Computer Name: UWESCHAFSTALL | User Name: uwe schafstall | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\uwe schafstall\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\uwe schafstall\AppData\Roaming\13001.028\components\AcroFF.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (yksvc) -- C:\Windows\SysNative\yk62x64.dll (Marvell) SRV:64bit: - (lxdj_device) -- C:\Windows\SysNative\lxdjcoms.exe ( ) SRV:64bit: - (lxdjCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdjserv.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxdjCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdjserv.exe () SRV - (lxdj_device) -- C:\Windows\SysWOW64\lxdjcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=384&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=384&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=10&cc= IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {ECAE4F22-0EDD-45C3-979A-A5FF4E44A199} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1027E1BA-F410-4B39-A305-B4006A6CB8B8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=FEDBCE52-1124-427A-8036-75734638A046&apn_sauid=C3556903-998A-4B3B-BDE3-B42E90AD7ACC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE394 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=384&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{ECAE4F22-0EDD-45C3-979A-A5FF4E44A199}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=814 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.21 23:18:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.21 23:18:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.23 21:32:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 18:05:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.22 22:30:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\uwe schafstall\AppData\Roaming\13001.028 [2012.07.22 01:30:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 18:05:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.22 22:30:27 | 000,000,000 | ---D | M] [2012.04.21 19:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Extensions [2012.06.27 16:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions [2012.06.27 16:36:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.04.21 19:08:49 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.04.01 16:58:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.07 14:24:03 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\battlefieldplay4free@ea.com [2011.04.01 16:58:27 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\engine@conduit.com [2011.08.23 03:12:10 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\gutscheinmieze@synatix-gmbh.de [2012.06.12 20:35:02 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\toolbar@ask.com [2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\askcom.xml [2011.03.15 13:21:54 | 000,000,931 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\conduit.xml [2012.04.21 19:08:46 | 000,002,519 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\Search_Results.xml [2012.06.12 16:23:36 | 000,002,060 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\softonic.xml [2012.05.24 21:33:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.24 21:33:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.22 01:30:56 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\UWE SCHAFSTALL\APPDATA\ROAMING\13001.028 [2012.06.26 18:05:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.08.24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.06.26 18:05:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.26 18:05:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.26 18:05:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 18:05:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 19:08:46 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012.06.26 18:05:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 18:05:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=48&cc= CHR - Extension: No name found = C:\Users\uwe schafstall\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.30.153.1_0\ CHR - Extension: No name found = C:\Users\uwe schafstall\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: No name found = C:\Users\uwe schafstall\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho64.dll () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100919120818.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101225220159.dll (McAfee, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\bh\Softonic.dll (Softonic.com) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [lxdjamon] C:\Program Files (x86)\Lexmark 1400 Series\lxdjamon.exe () O4:64bit: - HKLM..\Run: [lxdjmon.exe] "C:\Program Files (x86)\Lexmark 1400 Series\lxdjmon.exe" File not found O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\setEvent.exe File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe File not found O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [WinSCard] C:\Users\uwe schafstall\AppData\Local\Microsoft\Windows\25\WinSCard.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.103.78 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A778355-EDCC-4EDE-B22C-C1E985BE7681}: DhcpNameServer = 80.69.100.182 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B3E18C5-6BCD-4A29-A740-0403DE581506}: DhcpNameServer = 80.69.103.78 192.168.0.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup\rsrc\autorun.exe O33 - MountPoints2\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.22 14:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.07.22 14:30:39 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\Malwarebytes [2012.07.22 14:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.22 14:30:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.22 14:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.22 14:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.22 13:51:28 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\hellomoto [2012.07.22 13:19:30 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\UAs [2012.07.22 01:30:56 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\13001.028 [2012.07.22 01:30:36 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\xmldm [2012.07.22 01:30:34 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\kock [2012.07.21 16:05:36 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoD2 - Version Changer [2012.07.17 21:56:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.17 21:56:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.17 21:55:58 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.17 21:55:48 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.17 21:55:47 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.06.29 14:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2012.06.29 14:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision [2012.06.23 02:22:49 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.23 02:22:49 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.23 02:22:49 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.23 02:22:23 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.23 02:22:23 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.23 02:22:23 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.23 02:22:10 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.23 02:22:10 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2009.10.12 13:24:23 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Users\uwe schafstall\AppData\Roaming\*.tmp files -> C:\Users\uwe schafstall\AppData\Roaming\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.22 14:48:42 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk [2012.07.22 14:45:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.22 14:45:10 | 3208,544,256 | -HS- | M] () -- C:\hiberfil.sys [2012.07.22 14:42:56 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.22 14:42:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-uwe schafstall-Startup.job [2012.07.22 14:30:35 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.22 14:17:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.22 14:16:38 | 000,000,034 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\blckdom.res [2012.07.22 13:58:51 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 13:58:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 01:31:07 | 000,006,400 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\BAcroIEHelpe.dll [2012.07.22 01:31:06 | 000,268,992 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\AcroIEHelpe.dll [2012.07.18 15:52:58 | 000,000,286 | ---- | M] () -- C:\Windows\game.ini [2012.07.18 13:47:40 | 000,343,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.17 22:17:30 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.02 21:53:17 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.02 21:51:44 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.29 15:10:58 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk [2012.06.29 15:10:58 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Einzelspieler.lnk [2012.06.29 13:29:24 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.29 13:25:47 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [1 C:\Users\uwe schafstall\AppData\Roaming\*.tmp files -> C:\Users\uwe schafstall\AppData\Roaming\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.22 14:30:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.22 01:31:07 | 000,006,400 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Roaming\BAcroIEHelpe.dll [2012.07.22 01:31:06 | 000,268,992 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Roaming\AcroIEHelpe.dll [2012.07.22 01:30:48 | 000,000,034 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Roaming\blckdom.res [2012.07.18 15:52:58 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini [2012.06.29 15:10:58 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk [2012.06.29 15:10:58 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Einzelspieler.lnk [2012.06.12 16:28:17 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini [2012.05.19 19:58:41 | 000,000,102 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Local\fusioncache.dat [2012.05.19 19:57:31 | 001,554,702 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.17 13:56:29 | 000,000,000 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Local\{E4C01B19-4D93-43A1-AD58-791CFC8F37E5} [2011.10.26 12:26:40 | 000,000,040 | ---- | C] () -- C:\Users\uwe schafstall\jagex_cl_runescape_LIVE.dat [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.05.07 14:47:10 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.07 14:47:08 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.20 23:11:50 | 000,000,882 | ---- | C] () -- C:\Users\uwe schafstall\.recently-used.xbel [2011.02.18 15:18:51 | 000,000,129 | ---- | C] () -- C:\Users\uwe schafstall\jagex_runescape_preferences2.dat [2011.02.18 15:18:10 | 000,000,035 | ---- | C] () -- C:\Users\uwe schafstall\jagex_runescape_preferences.dat [2011.02.12 16:59:01 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe [2011.02.12 16:59:00 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini [2011.01.25 16:23:10 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2010.12.25 12:49:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.10.22 16:02:09 | 000,000,082 | ---- | C] () -- C:\Users\uwe schafstall\edencity.ini [2010.08.27 19:31:47 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjinpa.dll [2010.08.27 19:31:47 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdjcomx.dll [2010.08.27 19:31:47 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\lxdjinst.dll [2010.08.27 19:31:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjpmui.dll [2010.08.27 19:31:46 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjiesc.dll [2010.08.27 19:31:45 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjusb1.dll [2010.08.27 19:31:44 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjserv.dll [2010.08.27 19:31:44 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjlmpm.dll [2010.08.27 19:31:44 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjih.exe [2010.08.27 19:31:44 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjppls.exe [2010.08.27 19:31:44 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjprox.dll [2010.08.27 19:31:44 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjpplc.dll [2010.08.27 19:31:43 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjhbn3.dll [2010.08.27 19:31:43 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcomc.dll [2010.08.27 19:31:43 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcoms.exe [2010.08.27 19:31:43 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcomm.dll [2010.08.27 19:31:43 | 000,394,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcfg.exe [2010.08.27 19:25:01 | 000,000,000 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2010.12.26 00:46:12 | 000,000,000 | -HSD | M] -- C:\Users\uwe schafstall\AppData\Roaming\.# [2012.06.12 20:27:34 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\.minecraft [2012.07.22 01:30:56 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\13001.028 [2012.03.20 22:07:58 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1 [2011.11.29 17:42:41 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoft [2011.04.01 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.27 21:00:56 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\GameConsole [2011.08.23 03:12:10 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\Gutscheinmieze [2012.07.22 13:51:46 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\hellomoto [2012.07.22 01:30:34 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\kock [2010.12.11 18:36:40 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\Lexmark Productivity Studio [2011.05.08 13:46:06 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\PhotoScape [2010.12.26 00:11:15 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\PowerCinema [2011.05.08 18:10:19 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\Samsung [2010.08.27 18:55:49 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\SoftDMA [2010.08.27 19:25:03 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\Template [2011.11.20 18:23:22 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\TIPP10 [2012.07.22 13:19:30 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\UAs [2012.07.22 01:30:36 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\xmldm [2012.03.19 20:44:56 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.22 14:42:53 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-uwe schafstall-Startup.job ========== Purity Check ========== ========== Files - Unicode (All) ========== [2010.09.19 22:10:33 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?L) -- C:\Windows\SysNative\麰L [2010.09.19 22:10:33 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?L) -- C:\Windows\SysNative\麰L ========== Alternate Data Streams ========== @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 < End of report > Extras.Txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.07.2012 14:54:53 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\uwe schafstall\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 79,88% Memory free
7,97 Gb Paging File | 7,18 Gb Available in Paging File | 90,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,45 Gb Total Space | 327,92 Gb Free Space | 71,53% Space Free | Partition Type: NTFS
Drive D: | 458,77 Gb Total Space | 133,61 Gb Free Space | 29,12% Space Free | Partition Type: NTFS
Computer Name: UWESCHAFSTALL | User Name: uwe schafstall | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{086656ED-7C87-440C-A583-098E8499ED1D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{132FECBA-AFAD-468F-8052-9A5CCD167F27}" = lport=137 | protocol=17 | dir=in | app=system |
"{1488E7C0-7F5B-430E-829F-1FF6FB8CB089}" = rport=445 | protocol=6 | dir=out | app=system |
"{235663EA-D983-4173-830A-93A0874DD416}" = lport=138 | protocol=17 | dir=in | app=system |
"{2447D796-0DD0-4BB5-AA18-088962EA6C66}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E9E2054-23C0-407C-AB3E-65E0DC26B437}" = lport=139 | protocol=6 | dir=in | app=system |
"{30A30A67-0DF9-4B1A-B058-44CF5E116333}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37AA2250-7A64-451C-B031-0301FA36987E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3E236E98-57B5-49D9-87F9-40F4A5B501AE}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F18D3F5-ABF1-48B0-94C3-363431988652}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C1948EF-A62A-46BA-99F9-C4ACF0F236F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7A13492C-6813-4076-979F-6C447A02B83F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88AF6B31-A6A6-4E36-83AE-54AA561BF55F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B2EC1011-FD75-4452-9E80-24494B090A5F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEB9567B-AA57-4BD8-BF0D-9422317C98C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1737D70-E719-432D-8924-76A728DE338D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5E04955-74A9-4B7E-B6D1-1B5D075FF58B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C9342B08-674B-42C5-B4F3-777E552F133A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DD86214C-26DB-413B-9D00-3A7C6AC9A780}" = rport=137 | protocol=17 | dir=out | app=system |
"{DED21CD8-E654-48FD-B905-494A64BD4795}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E765ED07-7548-4331-A1C0-9BEC8F2BAA8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EF9492E7-157A-476C-9296-D675370236DB}" = rport=139 | protocol=6 | dir=out | app=system |
"{F4389176-1D7A-4B98-B199-FA1AE90D9BCC}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D0F86B-4454-4828-8EC8-2B3C622E8272}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{081042EB-A458-40E4-BB4F-2FCFFA9FB497}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"{0AB4F0C8-D9A5-41CF-AF40-81ACEAD579DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{0D02F170-6B0B-4537-BE42-EA1DAF9086BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0FCCC39C-22C5-4EF6-887F-5EA890176067}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{10D74238-87CF-4FFE-B1FC-EAE86CDFD1B7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{125065E1-C05D-4A96-83AB-9E72EEAE199F}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{12F49060-B8C9-42BA-A69B-6DBDF81E5415}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjjswx.exe |
"{13F88B47-48E6-45F2-9FC8-546803F1FBF1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{16A8344B-DD0D-44D8-87E4-9C0A105DD70C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C5042CD-9E36-41D1-818D-2EDEC9EBF9F0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1FC19372-6FE5-4492-9552-B3D49A2AF8B5}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
"{20265966-94D9-4F49-8C7A-6AECBEDBC110}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2463EFC7-E9D2-48E7-A609-FE4B1848DCCD}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{25956C55-2F96-4D8A-94D5-808EBB640470}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{276AB897-1272-4542-A115-6EA7404132CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks ii napoleonic wars\engine.exe |
"{29DD7833-06C6-4190-B89A-3128CE58F8EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe |
"{2A312CB4-D705-4540-884D-C3195F8D33B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{2A7ECEF1-B45B-4B56-9683-FFC38E631BF2}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdjcoms.exe |
"{2A914823-678A-403D-AE35-A43B33914DB7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjtime.exe |
"{2DBC9D66-0466-49C9-B8BB-884854D2CC45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks ii napoleonic wars\engine.exe |
"{2EFE9EE1-4B20-4FE4-9BBC-AA4061E9C7BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2F3FF919-633F-4310-8B4D-34AEA284B022}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks ii battle for europe\engine.exe |
"{35CA41EF-1DB2-46CA-94DC-1652B586A498}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3E077E0B-26E9-4873-9483-F7B2F596568F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{436F5D28-8440-48CB-9109-B217766BF18E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjpswx.exe |
"{439F18F2-F056-40BD-BF11-6842C66F482E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{445275A2-A47C-47B5-8D22-E246EA256F09}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe |
"{48A39B3E-D240-4622-8600-667EFBAE7C57}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4DEDF912-2DC6-43DE-95DD-360D65250007}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{50648B03-BD25-48B8-973E-E730919F9D46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe |
"{59382FD6-E579-4B68-AA63-05E09AEFCFDF}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjjswx.exe |
"{5AE10A14-5BF8-4E95-9C28-FB27DB6E3370}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{643CEE68-9F9E-456D-BDD5-E8CD0EF15FDD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6616518B-81E2-476E-B0D7-8F5A1AB7D371}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{66545189-9349-4EA4-A23D-1D2A6B7F1A7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\american conquest - fight back\dmcr.exe |
"{6D112700-3780-41F8-B31F-51D9BE226F17}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6F08D1D6-72B7-40D1-B58B-900FAC617C2D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{70FA6548-D8A5-4CF3-84A2-BAB27EE4E4FF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{71B35DD1-2A04-42D2-A41C-EA9E77E121A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{73E7CECB-2B61-4DE9-9D6A-0EDFFF54D519}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7608C46C-E9A8-47A0-B07D-609BCAAAFA34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{775BE3A7-21EF-4E1D-9FDD-E11B13584824}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{7936CE03-948F-4E3B-94C4-6810EDE013CB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{800FE393-04DA-4F7A-9CE3-EDEC416685AE}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{8548B433-E29F-49B5-A737-9CA2AE13B761}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe |
"{8760AD6A-FCE0-4314-9F94-C581A18C2547}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{877C433C-DC2B-494F-905D-134933BC544D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{88955E38-1EDF-4CDA-98CD-258C86A26FA4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{8958B566-9DB5-460C-8059-66DD659A08AC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8A19D514-0D54-4604-9732-08066D9D06F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe |
"{8B8B303C-E965-42FC-BA0F-BAE502504547}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe |
"{926C5960-0EE9-4879-A2A6-2432A31DA4C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{98B4CAF9-0C0E-4E85-AD48-1AB9D94EF862}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9D67D5B2-2312-440E-854B-4C5247F330B9}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{9DCD561E-A5C1-4252-9E15-5EF31591E709}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{A4354260-ED5E-488F-8C18-E9B765002CEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7605C5D-F526-47E9-8714-16A1D490391A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks art of war\dmcr.exe |
"{A8C3AD6C-798D-4E99-8B72-D08ECCF49D0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe |
"{AA2B7EFF-B8D4-4862-A76E-D126B1D3F3C1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AD732F4C-FAF3-43D6-AD8C-14848B6A21FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe |
"{AD7DD20F-C6AE-4444-85E7-503A2F1DE26A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks ii battle for europe\engine.exe |
"{AE6F9039-DCEB-42FE-8288-F39D6792AFA5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\american conquest - fight back\dmcr.exe |
"{AE8E51FD-7E5E-483F-9941-FB035F464A98}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF9F770A-22BE-49EA-BDFF-6844F9FC3109}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B00D086B-6159-417A-A678-6D07449E3ED0}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{B7B18237-12C3-4315-A0D3-19C9E7C058B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{B8BE47E7-401B-414A-97D3-2506AA748C42}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{B8C6AA70-BC9D-457F-AA7D-26F367C18698}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\american conquest\dmcr.exe |
"{B9E1B74C-F1D2-4FB6-8349-9656133B001B}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{BA2262B3-FDD3-4AC7-9F29-F6F4B7402763}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ocin94\day of defeat source\hl2.exe |
"{BA22F1AA-A962-47B6-B07A-DB671B2D4CFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\american conquest\dmcr.exe |
"{BBADFCEF-D923-4C3D-BE01-4D83C013D9FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBBB017F-9AD0-4C01-A9E4-70F0FCE0438C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBCF39D8-DB66-47FB-956A-2CA6C883B47C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C011BD93-CFD2-4D92-93C0-CB4FF6408CFE}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{C1EE6A47-C80F-4F25-AA14-B27E9B3CDE67}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C85D9C7F-EEC0-4591-9321-A6CE0774CFB4}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjtime.exe |
"{C89EF85A-0E87-479A-BFC4-3C152F096E58}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjpswx.exe |
"{CB6C9B6E-998E-408F-ACC9-A9B79F1F5C8C}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{CCDC6027-B4FF-45CE-80B2-A4B70D4B5FE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks european wars\dmcr.exe |
"{CD7B5A2A-9422-4506-BD53-23C605E053A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ocin94\counter-strike source\hl2.exe |
"{D45F0CF4-DF0D-43E6-ACC2-1C2D2FEBD794}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4CED8A6-E3A4-49E0-B8F7-9A6C512B0D2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D574A868-EFA6-4C02-99DA-9103A26DDE35}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D6526B70-D9FD-44E9-A5A1-C962B406C24C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{D9091EA2-67D4-4512-84AE-44C959F03DE8}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdjcoms.exe |
"{D9D24A72-FF21-46A7-9DE3-BA61C747557A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe |
"{D9DDCC0F-EA4D-4329-B729-464A30569ADA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAB86308-77F9-4802-BE1D-16CFAF3FBA90}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"{DBD9C752-1C61-45F2-A2A4-04C73CD146B7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DFC82109-2A24-4C40-9501-414046A10692}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks art of war\dmcr.exe |
"{E338A0F9-E6EB-4987-A225-1EA72BE08F1F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E9275557-DDD6-42B2-83E4-23743B55A1DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe |
"{EB85B93B-0FB8-4E75-927C-98AA4F269BA7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ocin94\counter-strike source\hl2.exe |
"{EBFFCD34-7E3C-4223-9298-30388B78B4CD}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
"{ECAEADED-5F46-487A-B19E-EF701866D865}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{EE077BD0-C261-4379-9E3C-D8098626E462}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{EE90F5AA-E085-4B87-BE5D-606D761FFFDB}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{F54A9B6A-4EB2-4CD6-96C4-2C4098FB5A07}" = protocol=6 | dir=out | app=system |
"{F8BE96F2-7C4A-4473-819B-6A5B150CF1A2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F9967158-427E-413E-909E-0E191B50884D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks european wars\dmcr.exe |
"{FF6A01BD-02AA-48D7-90AA-5F4179F29A92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ocin94\day of defeat source\hl2.exe |
"TCP Query User{B2FD7849-A340-457E-B2E5-95E31D50A02C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"TCP Query User{CBAA103D-7057-41EA-B787-28C05E87F71E}C:\program files (x86)\lexmark 1400 series\lxdjamon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
"UDP Query User{39B6B719-5919-49F7-9220-23D7F99C20A1}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"UDP Query User{E1DE7927-A80C-4C00-8B76-7E983A9FA7EC}C:\program files (x86)\lexmark 1400 series\lxdjamon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F9241E8-87C1-FB9C-5D76-3FF7D0318A87}" = ATI Catalyst Install Manager
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 1400 Series" = Lexmark 1400 Series
"LSI Soft Modem" = LSI PCI-SV92PP Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{ccb6b889-f9d9-45fd-8a78-2a4f2e599441}" = Nero 9 Essentials
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.06.00.8025
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Call of Duty 2 - Version Changer" = Call of Duty 2 - Version Changer
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security Suite
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PunkBusterSvc" = PunkBuster Services
"Searchqu Toolbar" = Searchqu Toolbar
"Softonic" = Softonic toolbar on IE
"Steam App 115200" = Cossacks II: Napoleonic Wars
"Steam App 115210" = American Conquest
"Steam App 115220" = American Conquest - Fight Back
"Steam App 38830" = Crimecraft: BLEEDOUT
"Steam App 440" = Team Fortress 2
"Steam App 4850" = Cossacks: Back to War
"Steam App 4870" = Cossacks: Art of War
"Steam App 4880" = Cossacks: European Wars
"Steam App 4890" = Cossacks II: Battle for Europe
"TIPP10_is1" = TIPP10 Version 2.1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.06.2012 08:41:12 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.06.2012 08:41:12 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.07.2012 10:46:25 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 02.07.2012 10:47:37 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 02.07.2012 10:47:54 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.07.2012 10:47:54 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.07.2012 10:47:54 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.07.2012 10:47:54 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.07.2012 07:58:35 | Computer Name = uweschafstall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cod2.exe, Version: 2.1.12.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002dfe4 ID des fehlerhaften Prozesses:
0x16ac Startzeit der fehlerhaften Anwendung: 0x01cd5912f209d956 Pfad der fehlerhaften
Anwendung: E:\Setup\rsrc\cod2.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
6abc4919-c506-11e1-a2da-90fba6e162c3
Error - 03.07.2012 08:04:18 | Computer Name = uweschafstall | Source = MsiInstaller | ID = 1013
Description =
[ System Events ]
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:50:44 | Computer Name = uweschafstall | Source = DCOM | ID = 10005
Description =
< End of report >
Wäre super wenn ihr mir helfen könntet! Liebe Grüße EDIT: Ein 2ter vollständiger Scan über Malewarebytes ergab nichts. |
|
22.07.2012, 21:50
| #2 |
| /// Helfer-Team  | "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - C:\Users\uwe schafstall\AppData\Roaming\13001.028\components\AcroFF.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=384&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=384&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {ECAE4F22-0EDD-45C3-979A-A5FF4E44A199}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1027E1BA-F410-4B39-A305-B4006A6CB8B8}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=FEDBCE52-1124-427A-8036-75734638A046&apn_sauid=C3556903-998A-4B3B-BDE3-B42E90AD7ACC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE394
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=384&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{ECAE4F22-0EDD-45C3-979A-A5FF4E44A199}: "URL" = http://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=814
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [lxdjamon] C:\Program Files (x86)\Lexmark 1400 Series\lxdjamon.exe ()
O4:64bit: - HKLM..\Run: [lxdjmon.exe] "C:\Program Files (x86)\Lexmark 1400 Series\lxdjmon.exe" File not found
O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\setEvent.exe File not found
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup\rsrc\autorun.exe
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
[2011.04.01 16:58:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.01 16:58:27 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\engine@conduit.com
[2011.04.01 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.12 20:35:02 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\toolbar@ask.com
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\askcom.xml
[2011.03.15 13:21:54 | 000,000,931 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\conduit.xml
[2012.04.21 19:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Extensions
[2012.04.21 19:08:49 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.04.21 19:08:46 | 000,002,519 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\Search_Results.xml
[2012.04.21 19:08:46 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.12 16:23:36 | 000,002,060 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\softonic.xml
[2012.06.26 18:05:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.26 18:05:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 18:05:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.26 18:05:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 18:05:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 18:05:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 18:05:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
[2012.07.22 13:51:28 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\hellomoto
[2012.07.22 13:51:46 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\hellomoto
[2012.07.22 13:19:30 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\UAs
[2012.07.22 13:19:30 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\UAs
[2012.07.22 01:30:56 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\UWE SCHAFSTALL\APPDATA\ROAMING\13001.028
[2012.07.22 01:30:56 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\13001.028
[2012.07.22 01:30:36 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\xmldm
[2012.07.22 01:30:34 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\kock
[2012.07.22 01:30:48 | 000,000,034 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Roaming\blckdom.res
[2012.07.22 01:30:56 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\13001.028
[2012.07.22 01:30:34 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\kock
[2012.07.22 01:30:36 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\xmldm
[2012.07.22 14:42:56 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.22 14:42:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-uwe schafstall-Startup.job
[2012.07.22 14:42:53 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-uwe schafstall-Startup.job
[2012.07.22 14:17:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
26.07.2012, 00:58
| #3 |
| | "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". Dies kam dabei raus:
__________________Error: Unable to interpret <OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.07.2012 14:54:53 - Run 1> in the current context! Error: Unable to interpret <OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\uwe schafstall\Downloads> in the current context! Error: Unable to interpret <64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation> in the current context! Error: Unable to interpret <Internet Explorer (Version = 8.0.7601.17514)> in the current context! Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <3,98 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 79,88% Memory free> in the current context! Error: Unable to interpret <7,97 Gb Paging File | 7,18 Gb Available in Paging File | 90,16% Paging File free> in the current context! Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)> in the current context! Error: Unable to interpret <Drive C: | 458,45 Gb Total Space | 327,92 Gb Free Space | 71,53% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive D: | 458,77 Gb Total Space | 133,61 Gb Free Space | 29,12% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Computer Name: UWESCHAFSTALL | User Name: uwe schafstall | Logged in as Administrator.> in the current context! Error: Unable to interpret <Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans> in the current context! Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <PRC - C:\Users\uwe schafstall\Downloads\OTL.exe (OldTimer Tools)> in the current context! Error: Unable to interpret <PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)> in the current context! Error: Unable to interpret <PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <MOD - C:\Users\uwe schafstall\AppData\Roaming\13001.028\components\AcroFF.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()> in the current context! Error: Unable to interpret <SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()> in the current context! Error: Unable to interpret <SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)> in the current context! Error: Unable to interpret <SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)> in the current context! Error: Unable to interpret <SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)> in the current context! Error: Unable to interpret <SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)> in the current context! Error: Unable to interpret <SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)> in the current context! Error: Unable to interpret <SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)> in the current context! Error: Unable to interpret <SRV:64bit: - (yksvc) -- C:\Windows\SysNative\yk62x64.dll (Marvell)> in the current context! Error: Unable to interpret <SRV:64bit: - (lxdj_device) -- C:\Windows\SysNative\lxdjcoms.exe ( )> in the current context! Error: Unable to interpret <SRV:64bit: - (lxdjCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdjserv.exe ()> in the current context! Error: Unable to interpret <SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)> in the current context! Error: Unable to interpret <SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()> in the current context! Error: Unable to interpret <SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)> in the current context! Error: Unable to interpret <SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)> in the current context! Error: Unable to interpret <SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)> in the current context! Error: Unable to interpret <SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)> in the current context! Error: Unable to interpret <SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)> in the current context! Error: Unable to interpret <SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)> in the current context! Error: Unable to interpret <SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)> in the current context! Error: Unable to interpret <SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)> in the current context! Error: Unable to interpret <SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()> in the current context! Error: Unable to interpret <SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)> in the current context! Error: Unable to interpret <SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)> in the current context! Error: Unable to interpret <SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)> in the current context! Error: Unable to interpret <SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)> in the current context! Error: Unable to interpret <SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)> in the current context! Error: Unable to interpret <SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <SRV - (lxdjCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdjserv.exe ()> in the current context! Error: Unable to interpret <SRV - (lxdj_device) -- C:\Windows\SysWOW64\lxdjcoms.exe ( )> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)> in the current context! Error: Unable to interpret <DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)> in the current context! Error: Unable to interpret <DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)> in the current context! Error: Unable to interpret <DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)> in the current context! Error: Unable to interpret <DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)> in the current context! Error: Unable to interpret <DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)> in the current context! Error: Unable to interpret <DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)> in the current context! Error: Unable to interpret <DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)> in the current context! Error: Unable to interpret <DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)> in the current context! Error: Unable to interpret <DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)> in the current context! Error: Unable to interpret <DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)> in the current context! Error: Unable to interpret <DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)> in the current context! Error: Unable to interpret <DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)> in the current context! Error: Unable to interpret <DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)> in the current context! Error: Unable to interpret <DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)> in the current context! Error: Unable to interpret <DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)> in the current context! Error: Unable to interpret <DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)> in the current context! Error: Unable to interpret <DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)> in the current context! Error: Unable to interpret <DRV:64bit: - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.)> in the current context! Error: Unable to interpret <DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)> in the current context! Error: Unable to interpret <DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Internet Explorer ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841> in the current context! Error: Unable to interpret <IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841> in the current context! Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}> in the current context! Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context! Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7> in the current context! Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=384&systemid=406&sr=0&q={searchTerms}> in the current context! Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841> in the current context! Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm> in the current context! Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841> in the current context! Error: Unable to interpret <IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=384&systemid=406&sr=0&q={searchTerms}> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841> in the current context! Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=10&cc=> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes,DefaultScope = {ECAE4F22-0EDD-45C3-979A-A5FF4E44A199}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{1027E1BA-F410-4B39-A305-B4006A6CB8B8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=FEDBCE52-1124-427A-8036-75734638A046&apn_sauid=C3556903-998A-4B3B-BDE3-B42E90AD7ACC> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE394> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=384&systemid=406&sr=0&q={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{ECAE4F22-0EDD-45C3-979A-A5FF4E44A199}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=814> in the current context! Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context! Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== FireFox ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.defaultengine: "Ask.com"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "Ask.com"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.order.1: "Ask.com"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "Google"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.update: false> in the current context! Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406"> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03> in the current context! Error: Unable to interpret <FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)> in the current context! Error: Unable to interpret <FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.21 23:18:21 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.21 23:18:21 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.23 21:32:13 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 18:05:30 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.22 22:30:27 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\uwe schafstall\AppData\Roaming\13001.028 [2012.07.22 01:30:56 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 18:05:30 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.22 22:30:27 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.04.21 19:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Extensions> in the current context! Error: Unable to interpret <[2012.06.27 16:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions> in the current context! Error: Unable to interpret <[2012.06.27 16:36:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}> in the current context! Error: Unable to interpret <[2012.04.21 19:08:49 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}> in the current context! Error: Unable to interpret <[2011.04.01 16:58:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}> in the current context! Error: Unable to interpret <[2011.05.07 14:24:03 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\battlefieldplay4free@ea.com> in the current context! Error: Unable to interpret <[2011.04.01 16:58:27 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\engine@conduit.com> in the current context! Error: Unable to interpret <[2011.08.23 03:12:10 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\gutscheinmieze@synatix-gmbh.de> in the current context! Error: Unable to interpret <[2012.06.12 20:35:02 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\toolbar@ask.com> in the current context! Error: Unable to interpret <[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\askcom.xml> in the current context! Error: Unable to interpret <[2011.03.15 13:21:54 | 000,000,931 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\conduit.xml> in the current context! Error: Unable to interpret <[2012.04.21 19:08:46 | 000,002,519 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\Search_Results.xml> in the current context! Error: Unable to interpret <[2012.06.12 16:23:36 | 000,002,060 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\softonic.xml> in the current context! Error: Unable to interpret <[2012.05.24 21:33:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions> in the current context! Error: Unable to interpret <[2012.05.24 21:33:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}> in the current context! Error: Unable to interpret <[2012.07.22 01:30:56 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\UWE SCHAFSTALL\APPDATA\ROAMING\13001.028> in the current context! Error: Unable to interpret <[2012.06.26 18:05:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll> in the current context! Error: Unable to interpret <[2010.08.24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll> in the current context! Error: Unable to interpret <[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll> in the current context! Error: Unable to interpret <[2012.06.26 18:05:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context! Error: Unable to interpret <[2012.06.26 18:05:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml> in the current context! Error: Unable to interpret <[2012.06.26 18:05:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml> in the current context! Error: Unable to interpret <[2012.06.26 18:05:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context! Error: Unable to interpret <[2012.04.21 19:08:46 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml> in the current context! Error: Unable to interpret <[2012.06.26 18:05:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context! Error: Unable to interpret <[2012.06.26 18:05:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Chrome ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <CHR - default_search_provider: ()> in the current context! Error: Unable to interpret <CHR - default_search_provider: search_url = > in the current context! Error: Unable to interpret <CHR - default_search_provider: suggest_url = > in the current context! Error: Unable to interpret <CHR - homepage: hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=48&cc=> in the current context! Error: Unable to interpret <CHR - Extension: No name found = C:\Users\uwe schafstall\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.30.153.1_0\> in the current context! Error: Unable to interpret <CHR - Extension: No name found = C:\Users\uwe schafstall\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\> in the current context! Error: Unable to interpret <CHR - Extension: No name found = C:\Users\uwe schafstall\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts> in the current context! Error: Unable to interpret <O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho64.dll ()> in the current context! Error: Unable to interpret <O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100919120818.dll (McAfee, Inc.)> in the current context! Error: Unable to interpret <O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc)> in the current context! Error: Unable to interpret <O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)> in the current context! Error: Unable to interpret <O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)> in the current context! Error: Unable to interpret <O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)> in the current context! Error: Unable to interpret <O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()> in the current context! Error: Unable to interpret <O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)> in the current context! Error: Unable to interpret <O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)> in the current context! Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context! Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)> in the current context! Error: Unable to interpret <O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101225220159.dll (McAfee, Inc.)> in the current context! Error: Unable to interpret <O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()> in the current context! Error: Unable to interpret <O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)> in the current context! Error: Unable to interpret <O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context! Error: Unable to interpret <O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)> in the current context! Error: Unable to interpret <O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)> in the current context! Error: Unable to interpret <O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)> in the current context! Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)> in the current context! Error: Unable to interpret <O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\bh\Softonic.dll (Softonic.com)> in the current context! Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)> in the current context! Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)> in the current context! Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context! Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context! Error: Unable to interpret <O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)> in the current context! Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O4:64bit: - HKLM..\Run: [lxdjamon] C:\Program Files (x86)\Lexmark 1400 Series\lxdjamon.exe ()> in the current context! Error: Unable to interpret <O4:64bit: - HKLM..\Run: [lxdjmon.exe] "C:\Program Files (x86)\Lexmark 1400 Series\lxdjmon.exe" File not found> in the current context! Error: Unable to interpret <O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)> in the current context! Error: Unable to interpret <O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\setEvent.exe File not found> in the current context! Error: Unable to interpret <O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)> in the current context! Error: Unable to interpret <O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [NPSStartup] File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [WinSCard] C:\Users\uwe schafstall\AppData\Local\Microsoft\Windows\25\WinSCard.exe ()> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3> in the current context! Error: Unable to interpret <O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found> in the current context! Error: Unable to interpret <O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()> in the current context! Error: Unable to interpret <O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found> in the current context! Error: Unable to interpret <O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()> in the current context! Error: Unable to interpret <O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context! Error: Unable to interpret <O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context! Error: Unable to interpret <O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context! Error: Unable to interpret <O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context! Error: Unable to interpret <O1364bit: - gopher Prefix: missing> in the current context! Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context! Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1)> in the current context! Error: Unable to interpret <O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)> in the current context! Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)> in the current context! Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1)> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.103.78 192.168.0.1> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A778355-EDCC-4EDE-B22C-C1E985BE7681}: DhcpNameServer = 80.69.100.182 192.168.0.1> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B3E18C5-6BCD-4A29-A740-0403DE581506}: DhcpNameServer = 80.69.103.78 192.168.0.1> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\livecall - No CLSID value found> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\ms-help - No CLSID value found> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\msnim - No CLSID value found> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\skype4com - No CLSID value found> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)> in the current context! Error: Unable to interpret <O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)> in the current context! Error: Unable to interpret <O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc)> in the current context! Error: Unable to interpret <O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc)> in the current context! Error: Unable to interpret <O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found> in the current context! Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context! Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context! Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context! Error: Unable to interpret <O33 - MountPoints2\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup\rsrc\autorun.exe> in the current context! Error: Unable to interpret <O33 - MountPoints2\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe> in the current context! Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context! Error: Unable to interpret <O35:64bit: - HKLM\..comfile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O35:64bit: - HKLM\..exefile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*> in the current context! Error: Unable to interpret <O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context! Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context! Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context! Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)> in the current context! Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)> in the current context! Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.07.22 14:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee> in the current context! Error: Unable to interpret <[2012.07.22 14:30:39 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\Malwarebytes> in the current context! Error: Unable to interpret <[2012.07.22 14:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware> in the current context! Error: Unable to interpret <[2012.07.22 14:30:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys> in the current context! Error: Unable to interpret <[2012.07.22 14:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware> in the current context! Error: Unable to interpret <[2012.07.22 14:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes> in the current context! Error: Unable to interpret <[2012.07.22 13:51:28 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\hellomoto> in the current context! Error: Unable to interpret <[2012.07.22 13:19:30 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\UAs> in the current context! Error: Unable to interpret <[2012.07.22 01:30:56 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\13001.028> in the current context! Error: Unable to interpret <[2012.07.22 01:30:36 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\xmldm> in the current context! Error: Unable to interpret <[2012.07.22 01:30:34 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\kock> in the current context! Error: Unable to interpret <[2012.07.21 16:05:36 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoD2 - Version Changer> in the current context! Error: Unable to interpret <[2012.07.17 21:56:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll> in the current context! Error: Unable to interpret <[2012.07.17 21:56:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll> in the current context! Error: Unable to interpret <[2012.07.17 21:55:58 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll> in the current context! Error: Unable to interpret <[2012.07.17 21:55:48 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll> in the current context! Error: Unable to interpret <[2012.07.17 21:55:47 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll> in the current context! Error: Unable to interpret <[2012.06.29 14:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision> in the current context! Error: Unable to interpret <[2012.06.29 14:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision> in the current context! Error: Unable to interpret <[2012.06.23 02:22:49 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll> in the current context! Error: Unable to interpret <[2012.06.23 02:22:49 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe> in the current context! Error: Unable to interpret <[2012.06.23 02:22:49 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll> in the current context! Error: Unable to interpret <[2012.06.23 02:22:23 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll> in the current context! Error: Unable to interpret <[2012.06.23 02:22:23 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll> in the current context! Error: Unable to interpret <[2012.06.23 02:22:23 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll> in the current context! Error: Unable to interpret <[2012.06.23 02:22:10 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll> in the current context! Error: Unable to interpret <[2012.06.23 02:22:10 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe> in the current context! Error: Unable to interpret <[2009.10.12 13:24:23 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe> in the current context! Error: Unable to interpret <[1 C:\Users\uwe schafstall\AppData\Roaming\*.tmp files -> C:\Users\uwe schafstall\AppData\Roaming\*.tmp -> ]> in the current context! Error: Unable to interpret <[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]> in the current context! Error: Unable to interpret <[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.07.22 14:48:42 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk> in the current context! Error: Unable to interpret <[2012.07.22 14:45:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context! Error: Unable to interpret <[2012.07.22 14:45:10 | 3208,544,256 | -HS- | M] () -- C:\hiberfil.sys> in the current context! Error: Unable to interpret <[2012.07.22 14:42:56 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job> in the current context! Error: Unable to interpret <[2012.07.22 14:42:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-uwe schafstall-Startup.job> in the current context! Error: Unable to interpret <[2012.07.22 14:30:35 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk> in the current context! Error: Unable to interpret <[2012.07.22 14:17:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job> in the current context! Error: Unable to interpret <[2012.07.22 14:16:38 | 000,000,034 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\blckdom.res> in the current context! Error: Unable to interpret <[2012.07.22 13:58:51 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0> in the current context! Error: Unable to interpret <[2012.07.22 13:58:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0> in the current context! Error: Unable to interpret <[2012.07.22 01:31:07 | 000,006,400 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\BAcroIEHelpe.dll> in the current context! Error: Unable to interpret <[2012.07.22 01:31:06 | 000,268,992 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\AcroIEHelpe.dll> in the current context! Error: Unable to interpret <[2012.07.18 15:52:58 | 000,000,286 | ---- | M] () -- C:\Windows\game.ini> in the current context! Error: Unable to interpret <[2012.07.18 13:47:40 | 000,343,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT> in the current context! Error: Unable to interpret <[2012.07.17 22:17:30 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk> in the current context! Error: Unable to interpret <[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys> in the current context! Error: Unable to interpret <[2012.07.02 21:53:17 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe> in the current context! Error: Unable to interpret <[2012.07.02 21:51:44 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe> in the current context! Error: Unable to interpret <[2012.06.29 15:10:58 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk> in the current context! Error: Unable to interpret <[2012.06.29 15:10:58 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Einzelspieler.lnk> in the current context! Error: Unable to interpret <[2012.06.29 13:29:24 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr> in the current context! Error: Unable to interpret <[2012.06.29 13:25:47 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0> in the current context! Error: Unable to interpret <[1 C:\Users\uwe schafstall\AppData\Roaming\*.tmp files -> C:\Users\uwe schafstall\AppData\Roaming\*.tmp -> ]> in the current context! Error: Unable to interpret <[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]> in the current context! Error: Unable to interpret <[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.07.22 14:30:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk> in the current context! Error: Unable to interpret <[2012.07.22 01:31:07 | 000,006,400 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Roaming\BAcroIEHelpe.dll> in the current context! Error: Unable to interpret <[2012.07.22 01:31:06 | 000,268,992 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Roaming\AcroIEHelpe.dll> in the current context! Error: Unable to interpret <[2012.07.22 01:30:48 | 000,000,034 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Roaming\blckdom.res> in the current context! Error: Unable to interpret <[2012.07.18 15:52:58 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini> in the current context! Error: Unable to interpret <[2012.06.29 15:10:58 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk> in the current context! Error: Unable to interpret <[2012.06.29 15:10:58 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Einzelspieler.lnk> in the current context! Error: Unable to interpret <[2012.06.12 16:28:17 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini> in the current context! Error: Unable to interpret <[2012.05.19 19:58:41 | 000,000,102 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Local\fusioncache.dat> in the current context! Error: Unable to interpret <[2012.05.19 19:57:31 | 001,554,702 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI> in the current context! Error: Unable to interpret <[2011.12.17 13:56:29 | 000,000,000 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Local\{E4C01B19-4D93-43A1-AD58-791CFC8F37E5}> in the current context! Error: Unable to interpret <[2011.10.26 12:26:40 | 000,000,040 | ---- | C] () -- C:\Users\uwe schafstall\jagex_cl_runescape_LIVE.dat> in the current context! Error: Unable to interpret <[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat> in the current context! Error: Unable to interpret <[2011.05.07 14:47:10 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe> in the current context! Error: Unable to interpret <[2011.05.07 14:47:08 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe> in the current context! Error: Unable to interpret <[2011.04.20 23:11:50 | 000,000,882 | ---- | C] () -- C:\Users\uwe schafstall\.recently-used.xbel> in the current context! Error: Unable to interpret <[2011.02.18 15:18:51 | 000,000,129 | ---- | C] () -- C:\Users\uwe schafstall\jagex_runescape_preferences2.dat> in the current context! Error: Unable to interpret <[2011.02.18 15:18:10 | 000,000,035 | ---- | C] () -- C:\Users\uwe schafstall\jagex_runescape_preferences.dat> in the current context! Error: Unable to interpret <[2011.02.12 16:59:01 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe> in the current context! Error: Unable to interpret <[2011.02.12 16:59:00 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini> in the current context! Error: Unable to interpret <[2011.01.25 16:23:10 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI> in the current context! Error: Unable to interpret <[2010.12.25 12:49:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat> in the current context! Error: Unable to interpret <[2010.10.22 16:02:09 | 000,000,082 | ---- | C] () -- C:\Users\uwe schafstall\edencity.ini> in the current context! Error: Unable to interpret <[2010.08.27 19:31:47 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjinpa.dll> in the current context! Error: Unable to interpret <[2010.08.27 19:31:47 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdjcomx.dll> in the current context! Error: Unable to interpret <[2010.08.27 19:31:47 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\lxdjinst.dll> in the current context! Error: Unable to interpret <[2010.08.27 19:31:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjpmui.dll> in the current context! Error: Unable to interpret <[2010.08.27 19:31:46 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjiesc.dll> in the current context! Error: Unable to interpret <[2010.08.27 19:31:45 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjusb1.dll> in the current context! Error: Unable to interpret <[2010.08.27 19:31:44 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjserv.dll> in the current context! Error: Unable to interpret <[2010.08.27 19:31:44 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjlmpm.dll> in the current context! Error: Unable to interpret <[2010.08.27 19:31:44 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjih.exe> in the current context! Error: Unable to interpret <[2010.08.27 19:31:44 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjppls.exe> in the current context! Error: Unable to interpret <[2010.08.27 19:31:44 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjprox.dll> in the current context! Error: Unable to interpret <[2010.08.27 19:31:44 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjpplc.dll> in the current context! Error: Unable to interpret <[2010.08.27 19:31:43 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjhbn3.dll> in the current context! Error: Unable to interpret <[2010.08.27 19:31:43 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcomc.dll> in the current context! Error: Unable to interpret <[2010.08.27 19:31:43 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcoms.exe> in the current context! Error: Unable to interpret <[2010.08.27 19:31:43 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcomm.dll> in the current context! Error: Unable to interpret <[2010.08.27 19:31:43 | 000,394,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcfg.exe> in the current context! Error: Unable to interpret <[2010.08.27 19:25:01 | 000,000,000 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Roaming\wklnhst.dat> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== LOP Check ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2010.12.26 00:46:12 | 000,000,000 | -HSD | M] -- C:\Users\uwe schafstall\AppData\Roaming\.#> in the current context! Error: Unable to interpret <[2012.06.12 20:27:34 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\.minecraft> in the current context! Error: Unable to interpret <[2012.07.22 01:30:56 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\13001.028> in the current context! Error: Unable to interpret <[2012.03.20 22:07:58 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1> in the current context! Error: Unable to interpret <[2011.11.29 17:42:41 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoft> in the current context! Error: Unable to interpret <[2011.04.01 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoftIEHelpers> in the current context! Error: Unable to interpret <[2010.08.27 21:00:56 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\GameConsole> in the current context! Error: Unable to interpret <[2011.08.23 03:12:10 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\Gutscheinmieze> in the current context! Error: Unable to interpret <[2012.07.22 13:51:46 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\hellomoto> in the current context! Error: Unable to interpret <[2012.07.22 01:30:34 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\kock> in the current context! Error: Unable to interpret <[2010.12.11 18:36:40 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\Lexmark Productivity Studio> in the current context! Error: Unable to interpret <[2011.05.08 13:46:06 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\PhotoScape> in the current context! Error: Unable to interpret <[2010.12.26 00:11:15 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\PowerCinema> in the current context! Error: Unable to interpret <[2011.05.08 18:10:19 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\Samsung> in the current context! Error: Unable to interpret <[2010.08.27 18:55:49 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\SoftDMA> in the current context! Error: Unable to interpret <[2010.08.27 19:25:03 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\Template> in the current context! Error: Unable to interpret <[2011.11.20 18:23:22 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\TIPP10> in the current context! Error: Unable to interpret <[2012.07.22 13:19:30 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\UAs> in the current context! Error: Unable to interpret <[2012.07.22 01:30:36 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\xmldm> in the current context! Error: Unable to interpret <[2012.03.19 20:44:56 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT> in the current context! Error: Unable to interpret <[2012.07.22 14:42:53 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-uwe schafstall-Startup.job> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Purity Check ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files - Unicode (All) ==========> in the current context! Error: Unable to interpret <[2010.09.19 22:10:33 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?L) -- C:\Windows\SysNative\麰L> in the current context! Error: Unable to interpret <[2010.09.19 22:10:33 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?L) -- C:\Windows\SysNative\麰L> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Alternate Data Streams ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AB689DEA> in the current context! Error: Unable to interpret <@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838> in the current context! Error: Unable to interpret << End of report > > in the current context! Error: Unable to interpret < > in the current context! OTL by OldTimer - Version 3.2.54.0 log created on 07262012_015541 |
|
26.07.2012, 10:56
| #4 |
| /// Helfer-Team | "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". Du musst den FIX in OTL einfuegen!!! Du hast das Log reinkopiert! Nochmal! Anleitung bachten! |
|
26.07.2012, 15:38
| #5 |
| | "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". sry, mein fehler :s All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found. File c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1027E1BA-F410-4B39-A305-B4006A6CB8B8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1027E1BA-F410-4B39-A305-B4006A6CB8B8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ECAE4F22-0EDD-45C3-979A-A5FF4E44A199}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECAE4F22-0EDD-45C3-979A-A5FF4E44A199}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "Google" removed from browser.search.selectedEngine Prefs.js: false removed from browser.search.update Prefs.js: "hxxp://www.searchnu.com/406" removed from browser.startup.homepage Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 removed from extensions.enabledItems Prefs.js: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 removed from extensions.enabledItems Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0 removed from extensions.enabledItems Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems Prefs.js: battlefieldplay4free@ea.com:1.0.53.2 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems Prefs.js: gutscheinmieze@synatix-gmbh.de:1.03 removed from extensions.enabledItems Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. 64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found. File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lxdjamon deleted successfully. C:\Program Files (x86)\Lexmark 1400 Series\lxdjamon.exe moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lxdjmon.exe deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PLD_FrameworkRun deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\snpstd3 deleted successfully. C:\Windows\vsnpstd3.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully. C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\F5D7050v3 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\ not found. File E:\Setup\rsrc\autorun.exe not found. ADS C:\ProgramData\Temp:AB689DEA deleted successfully. ADS C:\ProgramData\Temp:93DE1838 deleted successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\engine@conduit.com\searchplugin folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\engine@conduit.com\META-INF folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\engine@conduit.com\lib folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\engine@conduit.com\DualPackage folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\engine@conduit.com\defaults folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\engine@conduit.com\components folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\engine@conduit.com\chrome folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\engine@conduit.com folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoftIEHelpers folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\toolbar@ask.com\searchplugins folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\toolbar@ask.com\defaults folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\toolbar@ask.com\chrome\content folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\toolbar@ask.com\chrome folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\toolbar@ask.com folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\askcom.xml moved successfully. C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\conduit.xml moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Extensions folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\Search_Results.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml moved successfully. C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\softonic.xml moved successfully. C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully. C:\Users\uwe schafstall\AppData\Roaming\hellomoto folder moved successfully. Folder C:\Users\uwe schafstall\AppData\Roaming\hellomoto\ not found. C:\Users\uwe schafstall\AppData\Roaming\UAs folder moved successfully. Folder C:\Users\uwe schafstall\AppData\Roaming\UAs\ not found. C:\USERS\UWE SCHAFSTALL\APPDATA\ROAMING\13001.028\components folder moved successfully. C:\USERS\UWE SCHAFSTALL\APPDATA\ROAMING\13001.028 folder moved successfully. Folder C:\Users\uwe schafstall\AppData\Roaming\13001.028\ not found. C:\Users\uwe schafstall\AppData\Roaming\xmldm folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\kock folder moved successfully. C:\Users\uwe schafstall\AppData\Roaming\blckdom.res moved successfully. Folder C:\Users\uwe schafstall\AppData\Roaming\13001.028\ not found. Folder C:\Users\uwe schafstall\AppData\Roaming\kock\ not found. Folder C:\Users\uwe schafstall\AppData\Roaming\xmldm\ not found. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Windows\Tasks\WinMaximizer-uwe schafstall-Startup.job moved successfully. File C:\Windows\Tasks\WinMaximizer-uwe schafstall-Startup.job not found. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\uwe schafstall\Downloads\cmd.bat deleted successfully. C:\Users\uwe schafstall\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: uwe schafstall ->Temp folder emptied: 34407344 bytes ->Temporary Internet Files folder emptied: 1315508 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 30407160 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 689 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 529706 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 64,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: uwe schafstall ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07262012_162857 Files\Folders moved on Reboot... File move failed. C:\Users\uwe schafstall\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot. PendingFileRenameOperations files... [2012.07.22 17:22:22 | 000,000,000 | ---- | M] () C:\Users\uwe schafstall\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5 Registry entries deleted on Reboot... mfg Nico |
|
26.07.2012, 15:39
| #6 |
| /// Helfer-Team | "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". |
|
26.07.2012, 16:55
| #7 |
| | "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". Ein erster Scan, den ich dummerweise abbrechen musste ergab folgendes: (nach diesem Scan lief windows bereits einwandfrei, wofür ich mich herzlich bedanken möchte :-).) Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.07.26.11 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 uwe schafstall :: UWESCHAFSTALL [Administrator] Schutz: Deaktiviert 26.07.2012 16:47:46 mbam-log-2012-07-26 (16-47-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 45367 Laufzeit: 2 Minute(n), 45 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WinSCard (Trojan.Agent.3D) -> Daten: C:\Users\uwe schafstall\AppData\Local\Microsoft\Windows\25\WinSCard.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\uwe schafstall\AppData\Local\Microsoft\Windows\25\WinSCard.exe (Trojan.Agent.3D) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Hier der vollständige Scan: Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.07.26.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 uwe schafstall :: UWESCHAFSTALL [Administrator] Schutz: Aktiviert 26.07.2012 16:55:39 mbam-log-2012-07-26 (16-55-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 389538 Laufzeit: 46 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Ende) AWD ergab: # AdwCleaner v1.703 - Logfile created 07/26/2012 at 17:48:41 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : uwe schafstall - UWESCHAFSTALL # Running from : C:\Users\uwe schafstall\Downloads\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\uwe schafstall\AppData\Local\Conduit Folder Found : C:\Users\UWESCH~1\AppData\Local\Temp\boost_interprocess Folder Found : C:\Users\uwe schafstall\AppData\LocalLow\AskToolbar Folder Found : C:\Users\uwe schafstall\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\uwe schafstall\AppData\LocalLow\Conduit Folder Found : C:\Users\uwe schafstall\AppData\LocalLow\DVDVideoSoftTB Folder Found : C:\Users\uwe schafstall\AppData\LocalLow\PriceGong Folder Found : C:\Users\uwe schafstall\AppData\LocalLow\searchquband Folder Found : C:\Users\uwe schafstall\AppData\LocalLow\Searchqutoolbar Folder Found : C:\Users\uwe schafstall\AppData\LocalLow\Softonic Folder Found : C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\Conduit Folder Found : C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\ConduitCommon Folder Found : C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\ConduitEngine Folder Found : C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\Searchqutoolbar Folder Found : C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\Program Files (x86)\Ask.com Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\DVDVideoSoftTB Folder Found : C:\Program Files (x86)\Searchqu Toolbar Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} File Found : C:\Users\Public\Desktop\eBay.lnk ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Key Found : HKCU\Software\APN Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKLM\SOFTWARE\APN Key Found : HKLM\SOFTWARE\AskToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\DataMngr Key Found : HKLM\SOFTWARE\DVDVideoSoftTB Key Found : HKLM\SOFTWARE\Iminent Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar Key Found : HKLM\SOFTWARE\SearchquMediabarTb Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] [x64] Key Found : HKCU\Software\APN [x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar [x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit [x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes [x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong [x64] Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar [x64] Key Found : HKCU\Software\AppDataLow\Toolbar [x64] Key Found : HKCU\Software\Ask.com [x64] Key Found : HKCU\Software\DataMngr [x64] Key Found : HKCU\Software\DataMngr_Toolbar [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine [x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd [x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 [x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF [x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF [x64] Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard [x64] Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 [x64] Key Found : HKLM\SOFTWARE\DataMngr [x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar [x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705} Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}] [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} [x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} [x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} [x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} [x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705} [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} [x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v13.0.1 (de) Profile name : default File : C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\prefs.js Found : user_pref("CT2269050..clientLogIsEnabled", false); Found : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2269050.AppTrackingLastCheckTime", "Sat Jun 23 2012 02:18:51 GMT+0200"); Found : user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true); Found : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true); Found : user_pref("CT2269050.BrowserCompStateIsOpen_129705015340022508", true); Found : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true); Found : user_pref("CT2269050.CT2269050", "CT2269050"); Found : user_pref("CT2269050.CurrentServerDate", "26-7-2012"); Found : user_pref("CT2269050.DialogsAlignMode", "LTR"); Found : user_pref("CT2269050.DialogsGetterLastCheckTime", "Thu Jul 26 2012 01:53:27 GMT+0200"); Found : user_pref("CT2269050.DownloadReferralCookieData", ""); Found : user_pref("CT2269050.EMailNotifierPollDate", "Thu Jul 26 2012 17:45:53 GMT+0200"); Found : user_pref("CT2269050.FirstServerDate", "2-4-2011"); Found : user_pref("CT2269050.FirstTime", true); Found : user_pref("CT2269050.FirstTimeFF3", true); Found : user_pref("CT2269050.FixPageNotFoundErrors", true); Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2269050.HasUserGlobalKeys", true); Found : user_pref("CT2269050.HomePageProtectorEnabled", false); Found : user_pref("CT2269050.HomepageBeforeUnload", "google.de"); Found : user_pref("CT2269050.Initialize", true); Found : user_pref("CT2269050.InitializeCommonPrefs", true); Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2269050.InstallationId", "StubInstaller"); Found : user_pref("CT2269050.InstallationType", "ConduitIntegration"); Found : user_pref("CT2269050.InstalledDate", "Sat Apr 02 2011 11:40:17 GMT+0200"); Found : user_pref("CT2269050.InvalidateCache", false); Found : user_pref("CT2269050.IsAlertDBUpdated", true); Found : user_pref("CT2269050.IsGrouping", false); Found : user_pref("CT2269050.IsMulticommunity", false); Found : user_pref("CT2269050.IsOpenThankYouPage", true); Found : user_pref("CT2269050.IsOpenUninstallPage", true); Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Thu Jul 26 2012 01:53:28 GMT+0200"); Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2269050.LastLogin_3.10.0.1", "Mon Apr 23 2012 17:03:07 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.12.0.7", "Sat Apr 28 2012 15:20:35 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.12.2.3", "Thu May 31 2012 23:51:20 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 14:19:23 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.14.1.0", "Thu Jul 26 2012 16:18:59 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.3.3.2", "Sat Oct 01 2011 11:41:00 GMT+0200"); Found : user_pref("CT2269050.LastLogin_3.8.1.0", "Thu Mar 22 2012 21:20:32 GMT+0100"); Found : user_pref("CT2269050.LatestVersion", "3.14.1.0"); Found : user_pref("CT2269050.Locale", "en"); Found : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Found : user_pref("CT2269050.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2269050.RadioIsPodcast", false); Found : user_pref("CT2269050.RadioLastCheckTime", "Thu Jul 26 2012 01:53:27 GMT+0200"); Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Found : user_pref("CT2269050.RadioMediaID", "12473383"); Found : user_pref("CT2269050.RadioMediaType", "Media Player"); Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Found : user_pref("CT2269050.RadioShrinkedFromSetup", false); Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Found : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties"); Found : user_pref("CT2269050.SearchBoxWidth", 153); Found : user_pref("CT2269050.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Found : user_pref("CT2269050.SearchInNewTabEnabled", true); Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Thu Jul 26 2012 01:53:26 GMT+0200"); Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Found : user_pref("CT2269050.SearchProtectorEnabled", false); Found : user_pref("CT2269050.SearchProtectorToolbarDisabled", false); Found : user_pref("CT2269050.ServiceMapLastCheckTime", "Thu Jul 26 2012 01:53:26 GMT+0200"); Found : user_pref("CT2269050.SettingsLastCheckTime", "Thu Jul 26 2012 16:18:58 GMT+0200"); Found : user_pref("CT2269050.SettingsLastUpdate", "1341904940"); Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Jul 26 2012 01:53:26 GMT+0200"); Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997"); Found : user_pref("CT2269050.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050"); Found : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2269050.UserID", "UN42242411576594652"); Found : user_pref("CT2269050.ValidationData_Search", 0); Found : user_pref("CT2269050.ValidationData_Toolbar", 2); Found : user_pref("CT2269050.WeatherNetwork", ""); Found : user_pref("CT2269050.WeatherPollDate", "Thu Jul 26 2012 17:45:54 GMT+0200"); Found : user_pref("CT2269050.WeatherUnit", "C"); Found : user_pref("CT2269050.alertChannelId", "666138"); Found : user_pref("CT2269050.approveUntrustedApps", false); Found : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...] Found : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...] Found : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...] Found : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...] Found : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...] Found : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...] Found : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6D6F716E75727675"); Found : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473737577747B787C7B242F4B4947[...] Found : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...] Found : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...] Found : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj1j@>?d#ncf", "247E61393F236B256F7877742A212C6E414F444[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj6<?@5\"mbe", "247E61393F236B25717770732A212C6E414F444[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj7;chgjd$nn", "247E61393F236B25717277732A212C6E414F444[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj7@3=i\"mbe", "247E61393F236B25707876792A212C6E414F444[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj7c==!mk>>@oijrf,wlo", "247E61393F236B25727579752A212C[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj7c==>fbj%peh", "247E61393F236B25737572722A212C6E414F4[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj8j@=fco<@nf(shk", "247E61393F236B25737676712A212C6E41[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj:?k?i;$>bdbac*tt", "247E61393F236B25747072742A212C6E4[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj;ig4kca=jjfn)til", "247E61393F236B257678717A742B222D6[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj=b99i==am;'qq", "247E61393F236B25717172782A212C6E414F[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj>bggi=ocnd'qq", "247E61393F236B25717176712A212C6E414F[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj?j:?i9oe&fonuddjhv/yy", "247E61393F236B25756F77732A21[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cj@b>5!lad", "247E61393F236B25757076742A212C6E414F444D3[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cjb<@ae<<l@pe(shk", "247E61393F236B25757378792A212C6E41[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cjdjihl@af%peh", "247E61393F236B25767172727A2B222D6F425[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cje6:>!kkef&qfi", "247E61393F236B25757876752A212C6E414F[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cje>c;m;k>%peh", "247E61393F236B256E7074752A212C6E414F4[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cje?jh@8oen&pp", "247E61393F236B2576767372782B222D6F425[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cjegk9i<#mm", "247E61393F236B25706F73772A212C6E414F444D[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cjeik4!kk", "247E61393F236B25767177722A212C6E414F444D32[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cjeik4!lad", "247E61393F236B25767179732A212C6E414F444D3[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cjf9g:;#jb@'hpcd+uu", "247E61393F236B25767479732A212C6E[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cjfff!;gaa%peh", "247E61393F236B25717277792A212C6E414F4[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cjg<>f;;o?%oo", "247E61393F236B256F7673792A212C6E414F44[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cji8=:!lad", "247E61393F236B257378287E2A6C3F4D424B30783[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cji;<ai\"mbe", "247E61393F236B256E7378762A212C6E414F444[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078[...] Found : user_pref("CT2269050.backendstorage./9b+7e31;cjiig;k=adpjo(shk", "247E61393F236B2576787729202B6D404E[...] Found : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...] Found : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...] Found : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...] Found : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...] Found : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...] Found : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...] Found : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...] Found : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...] Found : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...] Found : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...] Found : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...] Found : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...] Found : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...] Found : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...] Found : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...] Found : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...] Found : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...] Found : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...] Found : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...] Found : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...] Found : user_pref("CT2269050.backendstorage./9b-0?3g>d", "6A6A3B41427274427A4375787920797E7A4B257A7B7C522A7E[...] Found : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", ""); Found : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D"); Found : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...] Found : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576"); Found : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...] Found : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "3A3C406D724344767A444345454B7D4B7D4F785150"); Found : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6F716E7572776F76787B"); Found : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A"); Found : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E"); Found : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443"); Found : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...] Found : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D"); Found : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B"); Found : user_pref("CT2269050.backendstorage.autocompletepro_enable", "31"); Found : user_pref("CT2269050.backendstorage.autocompletepro_enable_auto", "31"); Found : user_pref("CT2269050.backendstorage.cbcountry_000", "4445"); Found : user_pref("CT2269050.backendstorage.cbfirsttime", "4D6F6E2041707220313620323031322032313A34323A31342[...] Found : user_pref("CT2269050.backendstorage.ct2269050ads1", "25374225323261647325323225334125354225374225323[...] Found : user_pref("CT2269050.backendstorage.ct2269050current_term", "74726F6A616E65722B626F617264"); Found : user_pref("CT2269050.backendstorage.ct2269050isadsdisabled", "66616C7365"); Found : user_pref("CT2269050.backendstorage.ct2269050sdate", "3236"); Found : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "547565204A756C20333120323031322030313A[...] Found : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79"); Found : user_pref("CT2269050.backendstorage.url_history0001", "687474703A2F2F7777772E78766964656F732E636F6D2[...] Found : user_pref("CT2269050.backendstorage.youtubelang", "4445"); Found : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Tue Jul 17 2012 22:16:05 GMT+0200"); Found : user_pref("CT2269050.homepageProtectorEnableByLogin", true); Found : user_pref("CT2269050.initDone", true); Found : user_pref("CT2269050.isAppTrackingManagerOn", true); Found : user_pref("CT2269050.isFirstRadioInstallation", false); Found : user_pref("CT2269050.myStuffEnabled", true); Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129853623028165512,129[...] Found : user_pref("CT2269050.revertSettingsEnabled", true); Found : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2269050.searchProtectorEnableByLogin", true); Found : user_pref("CT2269050.testingCtid", ""); Found : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Thu Jul 26 2012 01:53:27 GMT+0200"); Found : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Sat Jul 21 2012 13:36:25 GMT+0200"); Found : user_pref("CT2269050.usagesFlag", 2); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"229[...] Found : user_pref("CommunityToolbar.EngineOwner", ""); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "dvdvideosofttb"); Found : user_pref("CommunityToolbar.IsEngineShown", true); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\uwe schafstall\\AppData\\Roaming\\M[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0"); Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...] Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2269050"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "dvdvideosofttb"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050"); Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 02 2011 11:40:17 GMT+02[...] Found : user_pref("CommunityToolbar.alert.alertEnabled", true); Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Nov 28 2011 21:38:56 GMT+0100"); Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Nov 28 2011 21:38:48 GMT+0100"); Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "082a67e2-4663-4157-9b23-046455c07185"); Found : user_pref("CommunityToolbar.globalUserId", "8a00c8b9-f89f-4f78-bd52-ee09a1d3c32b"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050"); Found : user_pref("CommunityToolbar.killedEngine", true); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jul 26 2012 01:53:2[...] Found : user_pref("CommunityToolbar.notifications.alertEnabled", true); Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Jul 26 2012 01:53:36 GMT+020[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Jul 26 2012 01:53:28 GMT+0200"); Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "d93134ca-2707-4bef-b5b0-22cf814081ee"); Found : user_pref("CommunityToolbar.undefined", ""); Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Nov 28 2011 21:38:54 GMT+0100"); Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Found : user_pref("extensions.Softonic.admin", false); Found : user_pref("extensions.Softonic.aflt", "orgnl"); Found : user_pref("extensions.Softonic.autoRvrt", "false"); Found : user_pref("extensions.Softonic.dfltLng", ""); Found : user_pref("extensions.Softonic.dfltSrch", true); Found : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)"); Found : user_pref("extensions.Softonic.dspOld", "Search Results"); Found : user_pref("extensions.Softonic.excTlbr", false); Found : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&[...] Found : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc[...] Found : user_pref("extensions.Softonic.hpOld", "hxxp://www.searchnu.com/406"); Found : user_pref("extensions.Softonic.id", "fe54a85e0000000000009444524666b4"); Found : user_pref("extensions.Softonic.instlDay", "15503"); Found : user_pref("extensions.Softonic.instlRef", "MON00001"); Found : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=[...] Found : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...] Found : user_pref("extensions.Softonic.prdct", "Softonic"); Found : user_pref("extensions.Softonic.prtnrId", "softonic"); Found : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...] Found : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Found : user_pref("extensions.Softonic.tlbrId", "base"); Found : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...] Found : user_pref("extensions.Softonic.vrsn", "1.5.24.3"); Found : user_pref("extensions.Softonic.vrsni", "1.5.24.3"); Found : user_pref("extensions.Softonic_i.dnsErr", true); Found : user_pref("extensions.Softonic_i.hmpg", true); Found : user_pref("extensions.Softonic_i.newTab", false); Found : user_pref("extensions.Softonic_i.smplGrp", "none"); Found : user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.316:28:16"); Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...] Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=[...] -\\ Google Chrome v20.0.1132.57 File : C:\Users\uwe schafstall\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "name" : "Search the web (Softonic)", Found : "search_url" : "hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=49&cc=", Found : "homepage" : "hxxp://www.searchnu.com/406", Found : "urls_to_restore_on_startup" : [ "hxxp://www.searchnu.com/406" ] ************************* AdwCleaner[R1].txt - [42356 octets] - [26/07/2012 17:48:41] ########## EOF - C:\AdwCleaner[R1].txt - [42485 octets] ########## Ich hoffe ich bin den Fießling nun los Mfg Nico |
|
26.07.2012, 16:59
| #8 |
| /// Helfer-Team | "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
09.08.2012, 09:33
| #9 |
| /// Helfer-Team | "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". |
| bandoo, bho, blockiert, bonjour, bundesrepublik, call of duty, computer, conduit, converter, der computer ist für die verletzung, der computer ist für die verletzung der gesetze, error, excel, firefox, flash player, frage, heuristiks/extra, heuristiks/shuriken, home, infiziert., install.exe, locker, logfile, microsoft office word, mozilla, mp3, msiinstaller, mywinlocker, ntdll.dll, object, office 2007, phishing, plug-in, preferences, realtek, registry, richtlinie, scan, searchqu toolbar, searchscopes, security, siteadvisor, software, super, svchost.exe, symantec, trojaner, verletzung der gesetze, verletzung der gesetze der bundesrepublik deutschland wurde blockiert |
Linear-Darstellung
