| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.07.2012, 17:28
| #1 |
 |  GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) Hallo, ich schlage mich nun schon den ganzen Tag mit dem Problem rum. Auf Chip online habe ich eine Anleitung gefunden um den Trojaner zu entfernen. Leider ohne Erfolg. sobald ich ins Internet gehe kommt der Sperrbildschirm und nichts geht mehr. Ich habe nun meinen alten Laptop aktiviert um mich hier zu melden! Ich hoffe Ihr könnt mir weiterhelfen! Maleware hat nichts gefunden, kann allerdings auch kein Update machen, AntiVir findet ab und zu etwas, bekomme es aber nicht zu fassen ???? TaskManager lässt sich nicht öffnen. Viele grüße |
|
31.07.2012, 17:43
| #2 |
| /// Helfer-Team  | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) Von einem sauberen PC OTL.exe runterladen auf USB Stick. Infizierten Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen. Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
31.07.2012, 17:58
| #3 |
| | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) AntiVir hat eben
__________________deo0_sar.exe TR/Cidex.EB.27 gefunden Neuer Quickscan mit Maleware: Hänge ich als Bild an |
|
31.07.2012, 17:59
| #4 |
| | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) OTL läuft gerade.... |
|
31.07.2012, 18:07
| #5 |
| /// Helfer-Team | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) Das Log rauskopieren und hier einfuegen! Bitte keine Zwischenposts! Erst mit Logfiles wieder melden. |
|
31.07.2012, 18:21
| #6 |
| | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) Sorry, hat sich überschnitten!!! Hier das Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.07.2012 19:01:51 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = F:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 57,47% Memory free 6,08 Gb Paging File | 4,62 Gb Available in Paging File | 75,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 42,17 Gb Free Space | 29,28% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 138,03 Gb Free Space | 95,82% Space Free | Partition Type: NTFS Drive F: | 1,93 Gb Total Space | 0,44 Gb Free Space | 22,60% Space Free | Partition Type: FAT Computer Name: HEIKO_SABINE-PC | User Name: heiko&sabine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\OTL.exe (OldTimer Tools) PRC - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe () PRC - C:\Programme\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH) PRC - C:\Programme\congstar\Internet-Manager\Bin\mcserver.exe (ZTE) PRC - C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe () PRC - C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe () PRC - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Programme\Magentic\bin\MgApp.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe () PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe () PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Kalenderchen\Kalenderchen.exe (Daniel Manger Software) PRC - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Ipe30.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\libcef.dll () MOD - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\CefSharp.WinForms.dll () MOD - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\CefSharp.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe () MOD - C:\Programme\VTech\DownloadManager\System\QtWebKit4.dll () MOD - C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe () MOD - C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe () MOD - C:\Programme\congstar\Internet-Manager\Bin\itapi.dll () MOD - C:\Programme\congstar\Internet-Manager\Bin\audio.dll () MOD - C:\Programme\congstar\Internet-Manager\Bin\coder.dll () MOD - C:\Programme\congstar\Internet-Manager\Bin\libConfig.dll () MOD - C:\Programme\congstar\Internet-Manager\Bin\log.dll () MOD - C:\Programme\congstar\Internet-Manager\Bin\libctlsvr.dll () MOD - C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepprint.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\congstar\Internet-Manager\Bin\dbus-1.dll () MOD - C:\Programme\congstar\Internet-Manager\Bin\sqlite3.dll () MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll () MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll () MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll () MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll () MOD - C:\Programme\IncrediMail\Bin\PMC.dll () MOD - C:\Programme\VTech\DownloadManager\System\DACommCenter.dll () MOD - C:\Programme\congstar\Internet-Manager\Bin\libxml2.dll () MOD - C:\Programme\congstar\Internet-Manager\Bin\zlib1.dll () MOD - C:\Programme\VTech\DownloadManager\System\QtGui4.dll () MOD - C:\Programme\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll () MOD - C:\Programme\VTech\DownloadManager\System\QtCore4.dll () MOD - C:\Programme\VTech\DownloadManager\System\imageformats\qjpeg4.dll () MOD - C:\Programme\VTech\DownloadManager\System\phonon4.dll () MOD - C:\Programme\VTech\DownloadManager\System\QtXmlPatterns4.dll () MOD - C:\Programme\VTech\DownloadManager\System\QtNetwork4.dll () MOD - C:\Programme\VTech\DownloadManager\System\QtXml4.dll () MOD - C:\Programme\Magentic\bin\MgApp.exe () MOD - C:\Programme\Magentic\bin\NeoComm.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll () MOD - C:\Programme\congstar\Internet-Manager\Bin\libexpat.dll () MOD - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\SSOle.dll () MOD - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe () MOD - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\IMFilter.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\ipeRc.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\WebCard.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\WSTheme.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\TextUI.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\PntTool.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\gserv.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\webpage.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\ipeBmp.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32sn.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\U32print.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\scanres.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\WebAbEng.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Download.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\mailtool.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\TextEng.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\ShadEng.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\FujiWare.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Tab.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\WSBsc.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\ShadUI.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\ipeConst.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\HtmlPar.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Edges.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\DX.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalRes.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Bar.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CommonUI.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\ufcnoise.upp () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\clrtoclr.upp () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCSTATU.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\UFCSCRCH.upp () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\UFCRTCH.UPP () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\UFCRMRDI.upp () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCPNTBS.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCPNTBP.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\UFCPNT.upp () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\ufcclone.upp () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uwUpdate.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32cvt.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32Misc.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32FeUI.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\type_eff.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uLzwLib.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uGifLib.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32sel.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32Plug.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32Fe.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\maskop.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\maxmin.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Aefilter.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\U32txtur.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Upbgen.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uJpgLib.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uINet.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UPjpeg.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\clrtoclr.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\autoenh.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\U32path.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCPNMGR.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32Tx.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Upecrvg.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\dbMaster.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Slider.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\BuffFile.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32txEx.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\PEBase.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\ucimg.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCCOLOR.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCDLGBR.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCCNBTN.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCCOMM.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCBUF.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uiplA6.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uipl.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Cpuinf32.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ETService) -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (HRService) -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe () ========== Driver Services (SafeList) ========== DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found DRV - (StarOpen) -- File not found DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (DKbFltr) -- system32\DRIVERS\DKbFltr.sys File not found DRV - (AVFSFilter) -- system32\DRIVERS\avfsfilter.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (HSPADataCardusbser) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys (HSPADataCard Incorporated) DRV - (HSPADataCardusbnmea) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys (HSPADataCard Incorporated) DRV - (HSPADataCardusbmdm) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys (HSPADataCard Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=703&systemid=2&sr=0&q={searchTerms} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{06D8B124-B325-4D1B-A2F0-2CB8ABD742CF}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=703&systemid=2&sr=0&q={searchTerms} IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{EB2E41E9-63B2-4265-9922-AC05118E0993}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_de___DE343 IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.net" FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: sammelfreund@webmiles.de:1.12 FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.5.76 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.0.19 FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:2.7.2.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@ei.Webfetti.com/Plugin: C:\Program Files\WebfettiEI\Installr\1.bin\NP7dEISB.dll (Webfetti) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internet-Manager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 10:16:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.12 07:20:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 10:16:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.12 07:20:11 | 000,000,000 | ---D | M] [2012.07.31 01:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Extensions [2012.07.31 07:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions [2010.09.18 09:32:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.07.16 17:49:26 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9} [2012.07.16 17:49:27 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2012.07.16 17:49:29 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6} [2012.07.16 17:49:31 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} [2012.07.16 17:49:33 | 000,000,000 | ---D | M] (WinZipBar_DE Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac} [2010.09.27 17:07:04 | 000,000,000 | ---D | M] (webmiles-Sammelfreund) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\sammelfreund@webmiles.de [2012.04.24 22:19:04 | 000,000,927 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\conduit.xml [2012.03.07 08:07:21 | 000,002,185 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\MyStart Search.xml [2012.07.18 11:51:06 | 000,002,515 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\Search_Results.xml [2012.05.07 18:17:04 | 000,002,060 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\softonic.xml [2012.07.31 01:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.11.09 22:57:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.07.22 23:18:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.04.01 14:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNET-MANAGER\BIN\ADDON [2012.07.22 23:18:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.20 14:01:16 | 000,021,707 | ---- | M] () (No name found) -- C:\USERS\HEIKO&SABINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M3RDQ38Z.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI [2012.04.20 14:01:17 | 000,007,972 | ---- | M] () (No name found) -- C:\USERS\HEIKO&SABINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M3RDQ38Z.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI [2012.03.16 07:19:11 | 000,128,837 | ---- | M] () (No name found) -- C:\USERS\HEIKO&SABINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M3RDQ38Z.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI [2012.07.30 10:16:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.02 15:41:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.09.30 08:37:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.18 13:21:57 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011.09.30 08:37:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.30 08:37:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.30 08:37:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.18 11:51:06 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2011.09.30 08:37:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.30 08:37:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: Search CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: Search CHR - Extension: No name found = C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: No name found = C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: No name found = C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.11.29 19:48:35 | 000,000,108 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) O2 - BHO: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (WinZipBar_DE Toolbar) - {F3F5241A-C2C5-42D2-B6A1-2709209BBBAC} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) O4 - HKLM..\Run: [AgentMonitor] C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe () O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DMS-Kalenderchen] C:\Program Files\Kalenderchen\Kalenderchen.exe (Daniel Manger Software) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Maple_S2P] C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe () O4 - HKLM..\Run: [NSCSysTrayUI] C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe (Samsung) O4 - HKLM..\Run: [PC Prima] C:\Program Files\Ascentive\PC Prima\PCPrima.exe (Ascentive LLC) O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [Facebook Update] C:\Users\heiko&sabine\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [Magentic] C:\Programme\Magentic\bin\Magentic.exe () O4 - Startup: C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook) O8 - Extra context menu item: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E769CE1-F2DD-45BB-B680-DCFB35D04A6F}: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FA3E9E7-D3B3-425D-9E89-42C9D6983572}: NameServer = 10.0.0.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\heiko&sabine\Pictures\2011-10-01\028.JPG O24 - Desktop BackupWallPaper: C:\Users\heiko&sabine\Pictures\2011-10-01\028.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk F:\ O33 - MountPoints2\{b92361df-51b8-11df-95a9-00238b7c2246}\Shell\AutoRun\command - "" = F:\Menu.exe O33 - MountPoints2\{cc486072-edff-11de-8bbe-00238b7c2246}\Shell\1\Command - "" = F:\.\recycled\info.exe -- [2010.04.05 17:51:42 | 000,189,692 | RHS- | M] () O33 - MountPoints2\{cc486072-edff-11de-8bbe-00238b7c2246}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.27 08:10:19 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.07.25 19:19:11 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\Documents\Steuerfälle [2012.07.25 19:19:11 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Local\AAV [2012.07.25 19:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps [2012.07.25 19:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Akademische Arbeitsgemeinschaft [2012.07.25 19:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV [2012.07.25 18:43:07 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\Buhl Data Service [2012.07.25 18:43:05 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Local\Buhl Data Service [2012.07.25 18:24:41 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Local\Buhl [2012.07.25 18:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\WISO [2012.07.25 18:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2012.07.25 17:43:40 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mfc42loc.dll [2012.07.25 17:42:41 | 000,074,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrclr40.dll [2012.07.25 17:42:40 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrecr40.dll [2012.07.18 11:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.07.18 11:50:55 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\Documents\My Received Files [2012.07.18 11:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications [2012.07.17 01:02:40 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.17 00:47:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.17 00:47:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.17 00:47:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.17 00:47:05 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.17 00:47:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.17 00:47:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.17 00:47:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.16 18:03:06 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.07.16 18:03:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.07.16 18:03:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.07.16 18:03:05 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.07.16 18:03:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.07.16 18:02:55 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.07.16 18:02:54 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.07.16 18:02:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.12 16:51:12 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\xjpiw2w3pzhefpil3c2dttvazyqimrja [2012.07.12 16:08:24 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\xfuukkl3bampywutpilpk3lvgaloknuu [2012.07.12 15:02:06 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\Documents\InterVideo [2012.07.12 13:13:10 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\InterVideo [2012.07.03 10:40:05 | 000,000,000 | ---D | C] -- C:\Windows\pss [2009.11.09 22:56:54 | 008,155,424 | ---- | C] (Mozilla) -- C:\Users\heiko&sabine\yahoo_firefox_3.5.5_setup_de-pro1.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.31 19:00:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.31 18:56:24 | 000,280,528 | ---- | M] () -- C:\Users\heiko&sabine\Desktop\Maleware.JPG [2012.07.31 18:54:59 | 000,000,668 | ---- | M] () -- C:\Windows\ULEAD32.INI [2012.07.31 18:51:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.31 18:36:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.07.31 18:36:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 18:36:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 18:36:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.31 18:36:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.31 18:35:01 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.31 17:14:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.07.31 17:09:12 | 000,001,166 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000UA.job [2012.07.31 15:28:55 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini [2012.07.31 11:37:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.31 11:37:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.31 11:37:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.31 11:37:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.31 11:29:40 | 210,292,736 | ---- | M] () -- C:\Users\heiko&sabine\Desktop\KWU_1.0.3.upd.iso [2012.07.30 23:08:03 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000Core.job [2012.07.27 11:52:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.27 11:52:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.27 08:10:19 | 000,001,114 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.07.25 22:03:53 | 000,046,080 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.25 19:11:42 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2010.lnk [2012.07.25 18:52:34 | 000,000,553 | ---- | M] () -- C:\Windows\wiso.ini [2012.07.23 00:05:52 | 000,588,882 | ---- | M] () -- C:\Users\heiko&sabine\Das Nachbarrecht in Baden-Wrttemberg.pdf [2012.07.18 12:27:37 | 000,806,324 | ---- | M] () -- C:\Users\heiko&sabine\Kuehlbox_Sammelpass.pdf [2012.07.18 11:50:39 | 000,000,041 | ---- | M] () -- C:\Windows\System32\Filzip.ini [2012.07.17 07:58:28 | 000,379,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.08 20:16:39 | 249,228,028 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.31 18:56:20 | 000,280,528 | ---- | C] () -- C:\Users\heiko&sabine\Desktop\Maleware.JPG [2012.07.31 12:30:15 | 210,292,736 | ---- | C] () -- C:\Users\heiko&sabine\Desktop\KWU_1.0.3.upd.iso [2012.07.31 00:10:10 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.25 19:09:06 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2010.lnk [2012.07.25 18:24:47 | 000,000,553 | ---- | C] () -- C:\Windows\wiso.ini [2012.07.23 00:05:52 | 000,588,882 | ---- | C] () -- C:\Users\heiko&sabine\Das Nachbarrecht in Baden-Wrttemberg.pdf [2012.07.18 12:27:37 | 000,806,324 | ---- | C] () -- C:\Users\heiko&sabine\Kuehlbox_Sammelpass.pdf [2012.07.18 11:50:39 | 000,000,041 | ---- | C] () -- C:\Windows\System32\Filzip.ini [2012.07.04 00:05:44 | 249,228,028 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.07.01 10:59:31 | 000,379,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.08 15:37:12 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini [2012.04.12 15:01:39 | 000,073,377 | ---- | C] () -- C:\Users\heiko&sabine\firstload email.JPG [2012.03.18 10:51:39 | 000,000,680 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Local\d3d9caps.dat [2012.01.06 22:17:44 | 003,522,695 | ---- | C] () -- C:\Users\heiko&sabine\Prüfung Heiko Häußler.pdf [2012.01.06 19:20:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.12.24 19:19:48 | 000,000,581 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Local\cookies.ini [2011.10.02 19:38:13 | 010,187,709 | ---- | C] () -- C:\Users\heiko&sabine\Bedienungsanleitung Kamera.pdf [2011.08.01 17:21:38 | 000,852,264 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll [2011.05.20 09:08:06 | 000,450,560 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll [2011.04.26 13:12:22 | 000,000,340 | ---- | C] () -- C:\Windows\wininit.ini [2011.04.20 03:09:00 | 000,565,827 | ---- | C] () -- C:\Windows\System32\sqlite3.dll [2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2009.11.25 09:52:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.11.16 23:39:34 | 000,075,857 | ---- | C] () -- C:\Users\heiko&sabine\einkaufszettel1.pdf [2009.11.16 11:26:35 | 001,001,352 | ---- | C] () -- C:\Users\heiko&sabine\Kalenderchen4.exe [2009.10.10 18:45:56 | 005,627,175 | ---- | C] () -- C:\Users\heiko&sabine\CscSetup.exe [2009.10.09 19:06:53 | 033,727,544 | ---- | C] () -- C:\Users\heiko&sabine\Nokia_PC_Suite_7_1_30_9_ger_web.exe [2009.10.04 18:24:50 | 000,001,787 | ---- | C] () -- C:\Users\heiko&sabine\Network Scan.lnk [2009.10.03 21:30:54 | 034,119,048 | ---- | C] () -- C:\Users\heiko&sabine\avira_antivir_personal_de.exe [2009.10.03 17:42:14 | 000,010,303 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Roaming\SmarThruOptions.xml [2009.10.03 17:40:41 | 000,000,840 | ---- | C] () -- C:\Users\heiko&sabine\SmarThru 4.lnk [2009.10.03 17:04:56 | 029,432,192 | ---- | C] () -- C:\Users\heiko&sabine\turbo lister.exe [2009.10.03 16:16:20 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini [2009.09.05 20:53:03 | 000,046,080 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.05 20:48:13 | 000,017,089 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Roaming\UserTile.png [2009.09.04 12:58:12 | 000,000,370 | ---- | C] () -- C:\Users\heiko&sabine\Music.lnk ========== LOP Check ========== [2012.04.30 12:14:55 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\AquaSoft [2012.03.18 11:34:17 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Ascentive [2012.04.30 11:52:24 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Barbecue [2012.05.07 22:49:42 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\BitZipper [2012.07.25 18:43:07 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Buhl Data Service [2010.05.02 21:35:50 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.03.18 12:53:13 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Fighters [2012.07.30 12:58:43 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\FileZilla [2012.03.28 10:45:55 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Firstload [2012.04.23 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Internet-Manager [2012.07.12 13:13:10 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\InterVideo [2011.07.07 10:00:43 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Latyov [2009.10.09 19:23:04 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Nokia [2011.07.04 13:16:35 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Nuha [2011.02.05 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Opera [2009.10.09 19:15:37 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PC Suite [2012.01.06 19:20:27 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\pdfforge [2009.09.05 20:48:13 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PeerNetworking [2012.02.27 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PixelPlanet [2009.11.29 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PPMate [2009.11.29 19:47:43 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\ppStream [2012.05.07 23:01:08 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PreisHai4 [2012.07.03 07:00:15 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\SchnapperPro [2009.10.03 17:42:15 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\SmarThru4 [2012.06.27 13:56:40 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\TeamViewer [2012.03.19 16:18:52 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\TuneUp Software [2012.07.15 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\xfuukkl3bampywutpilpk3lvgaloknuu [2012.07.15 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\xjpiw2w3pzhefpil3c2dttvazyqimrja [2012.07.30 23:08:03 | 000,001,144 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000Core.job [2012.07.31 17:09:12 | 000,001,166 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000UA.job [2012.07.31 18:35:29 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8 < End of report > OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.07.2012 19:01:51 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 57,47% Memory free
6,08 Gb Paging File | 4,62 Gb Available in Paging File | 75,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 42,17 Gb Free Space | 29,28% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 138,03 Gb Free Space | 95,82% Space Free | Partition Type: NTFS
Drive F: | 1,93 Gb Total Space | 0,44 Gb Free Space | 22,60% Space Free | Partition Type: FAT
Computer Name: HEIKO_SABINE-PC | User Name: heiko&sabine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
"C:\Program Files\PPMate\ppmnet.exe" = C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E914B02-2EC8-4DFE-9E89-93F581EF56AD}" = rport=139 | protocol=6 | dir=out | app=system |
"{3D3A0462-3504-4A27-88C5-2DE407BA08F0}" = rport=445 | protocol=6 | dir=out | app=system |
"{53394AF4-F7CD-4021-85A5-B82FE47E1D58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5B6878C5-61B6-4B8B-ABAF-5E147A655ED8}" = lport=137 | protocol=17 | dir=in | app=system |
"{67ED021A-7085-43A8-864F-E38BB0CC22B3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{69FF37C3-6B15-449F-8860-E278A09E7B73}" = lport=138 | protocol=17 | dir=in | app=system |
"{83523B0F-B544-4FAE-8CF3-688C577F34E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{AD2985DD-B111-4032-8023-4E9BB1AE546B}" = rport=137 | protocol=17 | dir=out | app=system |
"{AFABBF11-E885-47F1-A2EA-25EB7EF2D8AF}" = lport=139 | protocol=6 | dir=in | app=system |
"{B6516948-EB0D-4820-B453-C11F10673D46}" = lport=445 | protocol=6 | dir=in | app=system |
"{B8C2BD9B-045D-44F0-9521-46837B5B0EA3}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09FF3F39-0A63-436D-B802-A2219C381965}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{0F1B3F47-7E4C-41FC-9B76-AFC697E782C2}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |
"{22995D61-57E7-4532-8B31-3EC8D3213217}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |
"{2882448B-CBB8-404B-BBD4-8FC6A2ECF6E8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2B763279-45F7-4B13-BEB9-EC527B2C0BC4}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{30D764A1-ADEE-486A-989C-61E6EB8E82AE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{3494590C-AEB0-431E-B011-41D6685221C2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{35C6BDEA-BC79-41F1-BF89-02EACF797B35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D204159-4B7A-4A26-B862-C19FDD12E986}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |
"{53B917C3-1AED-4193-994C-9A86B8FEF598}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{556D0EC6-07CE-4305-81F1-43B8613A9C76}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{779B4D74-C1AA-4487-8F61-90215B40A751}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{7AF69277-D029-46EC-AAB3-F2872BB5F025}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{91C1288C-E2B4-4F7A-B275-189A36A1D6DF}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{96F46C49-E045-423F-9513-D569F213FF30}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{A1F60CC5-8753-4712-9CB9-D2745422808F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AD4917C2-E9C1-4562-9159-18A5C9884C16}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B074EFEA-F23F-4838-B65D-E9B29C287DC7}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{B4280EBE-0191-4F66-BAD2-AAA42369190C}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |
"{B51718DD-2053-4EA4-B6B9-475D4C6B8973}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |
"{BAC20EBB-AC35-4234-83E2-233827448276}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BEF0681C-4051-4410-98C4-4FEA8D3BF4B2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C957A97E-44E9-42C5-A625-C2EDAA47728A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D1A88FE5-2058-442B-B0D4-156C8BC9E426}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D681135E-D5C2-41B0-8805-156688764EAF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E3EF2766-AB76-4C85-A315-13C7B4F6015B}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{EE7C4B96-ED83-451F-949C-E60C8F038608}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F3002249-9A63-4320-B378-EF259FA471FA}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |
"TCP Query User{0D4C1F37-B22F-456D-B372-9840CB6E0626}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{0FD3A2E2-1B4D-4565-9BBA-ECA7C4546FC7}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{65D78471-2F58-4705-9447-EEF5CB69C7BC}C:\program files\samsung\networkscan\nscsystrayui.exe" = protocol=6 | dir=in | app=c:\program files\samsung\networkscan\nscsystrayui.exe |
"TCP Query User{7236734F-16CA-42A1-B22C-A67A888B13BF}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{7CAAA912-5324-4FD5-8E0F-C1F98EDC2C2D}C:\program files\samsung\networkscan\nscsystrayui.exe" = protocol=6 | dir=in | app=c:\program files\samsung\networkscan\nscsystrayui.exe |
"TCP Query User{861E6987-2E7E-48A5-A6A5-998D18E77B29}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B83643BA-2B38-4F1D-BF21-8529B52B85C8}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{E8453747-6419-4AB1-B9CF-0C547422D0EC}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{401BB8E6-51D4-4B99-8A08-CC813EC35F42}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{41086B30-27AB-48C0-A7EE-3D3165C8963F}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{75D06B1F-3A92-42E0-80ED-3B564C9D14A2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{81275567-FD26-411A-952E-8C409C9A0D56}C:\program files\samsung\networkscan\nscsystrayui.exe" = protocol=17 | dir=in | app=c:\program files\samsung\networkscan\nscsystrayui.exe |
"UDP Query User{8B02150F-0A17-49D8-8848-FC72E9A105E9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A4BFDBE3-0C6C-4423-BC0E-F323DCB0E7C8}C:\program files\samsung\networkscan\nscsystrayui.exe" = protocol=17 | dir=in | app=c:\program files\samsung\networkscan\nscsystrayui.exe |
"UDP Query User{B34E3C4A-5119-480E-B15C-935107ADBE90}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D2C58CB8-AE65-4043-8225-48A4F5A84038}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A97B513-267C-4AF8-A986-C45235E64E72}_is1" = AquaSoft DesktopKalender "Leuchtturm"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{4381448B-AF21-4088-BE5E-FBD65F610BBC}" = Drucken Total Pro
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59C95D15-5F24-435E-898D-3806961FC79D}" = Steuer 2006
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}" = Facebook Messenger 2.1.4590.0
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98357EB8-C10E-414A-A6EC-F3392EA97D35}" = Network Scan
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1B80495-4ED3-4ED0-BD57-7F9E0A0EDF35}" = Haufe iDesk-Browser
"{A30B27FF-8C79-424A-89B4-43AD712A41ED}" = Steuer 2005
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B60BC366-98BF-448F-9981-617FE8BEB30B}" = AquaSoft Barbecue 3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6 (32bit)
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D23317D1-3FE6-4B17-9625-D3C4960FE633}" = ActiveSpeed
"{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor (32bit)
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{E1E4A21F-3A61-4998-97CE-B593E41393CA}" = AquaSoft DiaShow Deluxe 6
"{E706D4DA-8463-412A-BEF7-A63D1A72CED8}" = Haufe iDesk-Service
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"{FCC32487-14A5-403C-922A-71CA97DCCBC2}" = AquaSoft PhotoFlash 2
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AquaSoft Barbecue 3" = AquaSoft Barbecue 3
"AquaSoft DiaShow Deluxe 6" = AquaSoft DiaShow Deluxe 6
"AquaSoft PhotoFlash 2" = AquaSoft PhotoFlash 2
"AquaSoftware Eyedestructor 1.501" = AquaSoftware Eyedestructor 1.501
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitZipper_is1" = BitZipper 2010
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"etope Lister_is1" = 1.36
"ExpressRip" = Express Rip
"FileZilla Client" = FileZilla Client 3.5.0
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Finanzfuchs Haushaltsbuch 2005" = Finanzfuchs Haushaltsbuch 2005 2.08
"Firstload" = Firstload
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IncrediMail" = IncrediMail 2.0
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Kalenderchen_is1" = Kalenderchen 4
"Magentic" = Magentic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC Prima" = PC Prima
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"Prism" = Prism Video Converter
"Samsung CLX-216x Series" = Samsung CLX-216x Series
"Siedler3Deinstall" = Siedler3
"Strickmuster 1" = Strickmuster 1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"VLC media player" = VLC media player 1.1.5
"VTechDownloadManager" = VTech Download Manager
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZipBar_DE Toolbar" = WinZipBar_DE Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.07.2012 11:44:42 | Computer Name = heiko_sabine-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16447 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: ad0 Anfangszeit: 01cd6f333574a199 Zeitpunkt
der Beendigung: 0
Error - 31.07.2012 11:48:52 | Computer Name = heiko_sabine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\ACER\Preload\Autorun\DRV\Realtek
Audio Codec ALC268\Vista64\vncutil.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 31.07.2012 11:48:53 | Computer Name = heiko_sabine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\ACER\Preload\Autorun\DRV\Realtek
Audio Codec ALC268\Vista64\RAVCpl64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 31.07.2012 11:49:11 | Computer Name = heiko_sabine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\ACER\Preload\Autorun\DRV\Realtek
Audio Codec ALC268\AP\x64_WinVista\RTKVAA64.EXE". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 31.07.2012 11:49:12 | Computer Name = heiko_sabine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\ACER\Preload\Autorun\DRV\Synaptics
Touchpad\WinWDF\x64\dpinst.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 31.07.2012 12:35:04 | Computer Name = heiko_sabine-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\eBay\Turbo
Lister2\Tl.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für
die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen
bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Error - 31.07.2012 12:37:29 | Computer Name = heiko_sabine-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.07.2012 12:38:18 | Computer Name = heiko_sabine-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\eBay\Turbo
Lister2\Tl.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für
die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen
bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Error - 31.07.2012 12:56:29 | Computer Name = heiko_sabine-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 31.07.2012 12:56:29 | Computer Name = heiko_sabine-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 31.07.2012 08:41:04 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 31.07.2012 10:49:48 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.07.2012 10:49:48 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 31.07.2012 11:05:27 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.07.2012 11:05:27 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 31.07.2012 11:44:06 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.07.2012 11:44:06 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 31.07.2012 12:35:06 | Computer Name = heiko_sabine-PC | Source = DCOM | ID = 10010
Description =
Error - 31.07.2012 12:37:30 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.07.2012 12:37:30 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
--- --- --- |
|
31.07.2012, 18:26
| #7 |
| /// Helfer-Team | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (StarOpen) -- File not found
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (DKbFltr) -- system32\DRIVERS\DKbFltr.sys File not found
DRV - (AVFSFilter) -- system32\DRIVERS\avfsfilter.sys File not found
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=703&systemid=2&sr=0&q={searchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{06D8B124-B325-4D1B-A2F0-2CB8ABD742CF}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=703&systemid=2&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{EB2E41E9-63B2-4265-9922-AC05118E0993}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_de___DE343
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.net"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: sammelfreund@webmiles.de:1.12
FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.5.76
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:2.7.2.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
O2 - BHO: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (WinZipBar_DE Toolbar) - {F3F5241A-C2C5-42D2-B6A1-2709209BBBAC} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [Magentic] C:\Programme\Magentic\bin\Magentic.exe ()
O4 - Startup: C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook)
O8 - Extra context menu item: An SchnapperPro senden - http://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b92361df-51b8-11df-95a9-00238b7c2246}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{cc486072-edff-11de-8bbe-00238b7c2246}\Shell\1\Command - "" = F:\.\recycled\info.exe -- [2010.04.05 17:51:42 | 000,189,692 | RHS- | M] ()
O33 - MountPoints2\{cc486072-edff-11de-8bbe-00238b7c2246}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe
[2012.07.25 19:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV
[2012.07.18 11:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.07.31 17:14:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
[2012.04.24 22:19:04 | 000,000,927 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\conduit.xml
[2012.03.07 08:07:21 | 000,002,185 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\MyStart Search.xml
[2012.07.18 11:51:06 | 000,002,515 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\Search_Results.xml
[2012.07.31 19:00:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.31 18:51:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.31 18:36:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 18:36:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 18:36:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.31 17:09:12 | 000,001,166 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000UA.job
[2012.07.30 23:08:03 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000Core.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
31.07.2012, 19:04
| #8 |
| | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) Error: Unable to interpret <OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.07.2012 19:46:59 - Run 2> in the current context! Error: Unable to interpret <OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\heiko&sabine\Desktop> in the current context! Error: Unable to interpret <Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation> in the current context! Error: Unable to interpret <Internet Explorer (Version = 9.0.8112.16421)> in the current context! Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <2,93 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 50,30% Memory free> in the current context! Error: Unable to interpret <6,08 Gb Paging File | 4,45 Gb Available in Paging File | 73,21% Paging File free> in the current context! Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files> in the current context! Error: Unable to interpret <Drive C: | 144,04 Gb Total Space | 42,17 Gb Free Space | 29,28% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive D: | 144,04 Gb Total Space | 138,03 Gb Free Space | 95,82% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive F: | 1,93 Gb Total Space | 0,44 Gb Free Space | 22,58% Space Free | Partition Type: FAT> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Computer Name: HEIKO_SABINE-PC | User Name: heiko&sabine | Logged in as Administrator.> in the current context! Error: Unable to interpret <Boot Mode: Normal | Scan Mode: All users> in the current context! Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <PRC - C:\Users\heiko&sabine\Desktop\OTL.exe (OldTimer Tools)> in the current context! Error: Unable to interpret <PRC - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook)> in the current context! Error: Unable to interpret <PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)> in the current context! Error: Unable to interpret <PRC - C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe ()> in the current context! Error: Unable to interpret <PRC - C:\Programme\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH)> in the current context! Error: Unable to interpret <PRC - C:\Programme\congstar\Internet-Manager\Bin\mcserver.exe (ZTE)> in the current context! Error: Unable to interpret <PRC - C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe ()> in the current context! Error: Unable to interpret <PRC - C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe ()> in the current context! Error: Unable to interpret <PRC - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)> in the current context! Error: Unable to interpret <PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)> in the current context! Error: Unable to interpret <PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Magentic\bin\MgApp.exe ()> in the current context! Error: Unable to interpret <PRC - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)> in the current context! Error: Unable to interpret <PRC - C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()> in the current context! Error: Unable to interpret <PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()> in the current context! Error: Unable to interpret <PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe ()> in the current context! Error: Unable to interpret <PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)> in the current context! Error: Unable to interpret <PRC - C:\Programme\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <MOD - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\libcef.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\CefSharp.WinForms.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\CefSharp.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtWebKit4.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\itapi.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\audio.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\coder.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\libConfig.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\log.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\libctlsvr.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepprint.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\dbus-1.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\sqlite3.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\IncrediMail\Bin\PMC.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\DACommCenter.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\libxml2.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\zlib1.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtGui4.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtCore4.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\imageformats\qjpeg4.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\phonon4.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtXmlPatterns4.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtNetwork4.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtXml4.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\Magentic\bin\MgApp.exe ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\Magentic\bin\NeoComm.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\libexpat.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\SSOle.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\IMFilter.dll ()> in the current context! Error: Unable to interpret <MOD - C:\Programme\Filzip\fzshext.dll ()> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)> in the current context! Error: Unable to interpret <SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)> in the current context! Error: Unable to interpret <SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)> in the current context! Error: Unable to interpret <SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)> in the current context! Error: Unable to interpret <SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)> in the current context! Error: Unable to interpret <SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)> in the current context! Error: Unable to interpret <SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)> in the current context! Error: Unable to interpret <SRV - (ETService) -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()> in the current context! Error: Unable to interpret <SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)> in the current context! Error: Unable to interpret <SRV - (HRService) -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe ()> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found> in the current context! Error: Unable to interpret <DRV - (StarOpen) -- File not found> in the current context! Error: Unable to interpret <DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found> in the current context! Error: Unable to interpret <DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found> in the current context! Error: Unable to interpret <DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found> in the current context! Error: Unable to interpret <DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found> in the current context! Error: Unable to interpret <DRV - (DKbFltr) -- system32\DRIVERS\DKbFltr.sys File not found> in the current context! Error: Unable to interpret <DRV - (AVFSFilter) -- system32\DRIVERS\avfsfilter.sys File not found> in the current context! Error: Unable to interpret <DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)> in the current context! Error: Unable to interpret <DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)> in the current context! Error: Unable to interpret <DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)> in the current context! Error: Unable to interpret <DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)> in the current context! Error: Unable to interpret <DRV - (HSPADataCardusbser) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys (HSPADataCard Incorporated)> in the current context! Error: Unable to interpret <DRV - (HSPADataCardusbnmea) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys (HSPADataCard Incorporated)> in the current context! Error: Unable to interpret <DRV - (HSPADataCardusbmdm) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys (HSPADataCard Incorporated)> in the current context! Error: Unable to interpret <DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)> in the current context! Error: Unable to interpret <DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)> in the current context! Error: Unable to interpret <DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)> in the current context! Error: Unable to interpret <DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)> in the current context! Error: Unable to interpret <DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()> in the current context! Error: Unable to interpret <DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)> in the current context! Error: Unable to interpret <DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)> in the current context! Error: Unable to interpret <DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)> in the current context! Error: Unable to interpret <DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)> in the current context! Error: Unable to interpret <DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)> in the current context! Error: Unable to interpret <DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)> in the current context! Error: Unable to interpret <DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Internet Explorer ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=emg720> in the current context! Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=emg720> in the current context! Error: Unable to interpret <IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <IE - HKLM\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=703&systemid=2&sr=0&q={searchTerms}> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE> in the current context! Error: Unable to interpret <IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}> in the current context! Error: Unable to interpret <IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=emg720> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{06D8B124-B325-4D1B-A2F0-2CB8ABD742CF}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=703&systemid=2&sr=0&q={searchTerms}> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{EB2E41E9-63B2-4265-9922-AC05118E0993}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_de___DE343> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== FireFox ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.defaultengine: "Ask.com"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "Search Results"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar_DE Customized Web Search"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=3&q={searchTerms}"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.order.1: "Search Results"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "Google"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.net"> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: sammelfreund@webmiles.de:1.12> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.5.76> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.0.19> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:2.7.2.0> in the current context! Error: Unable to interpret <FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q="> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@ei.Webfetti.com/Plugin: C:\Program Files\WebfettiEI\Installr\1.bin\NP7dEISB.dll (Webfetti)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)> in the current context! Error: Unable to interpret <FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internet-Manager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 10:16:42 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.12 07:20:11 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 10:16:42 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.12 07:20:11 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.07.31 01:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Extensions> in the current context! Error: Unable to interpret <[2012.07.31 07:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions> in the current context! Error: Unable to interpret <[2010.09.18 09:32:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}> in the current context! Error: Unable to interpret <[2012.07.16 17:49:26 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}> in the current context! Error: Unable to interpret <[2012.07.16 17:49:27 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}> in the current context! Error: Unable to interpret <[2012.07.16 17:49:29 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}> in the current context! Error: Unable to interpret <[2012.07.16 17:49:31 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}> in the current context! Error: Unable to interpret <[2012.07.16 17:49:33 | 000,000,000 | ---D | M] (WinZipBar_DE Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac}> in the current context! Error: Unable to interpret <[2010.09.27 17:07:04 | 000,000,000 | ---D | M] (webmiles-Sammelfreund) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\sammelfreund@webmiles.de> in the current context! Error: Unable to interpret <[2012.04.24 22:19:04 | 000,000,927 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\conduit.xml> in the current context! Error: Unable to interpret <[2012.03.07 08:07:21 | 000,002,185 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\MyStart Search.xml> in the current context! Error: Unable to interpret <[2012.07.18 11:51:06 | 000,002,515 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\Search_Results.xml> in the current context! Error: Unable to interpret <[2012.05.07 18:17:04 | 000,002,060 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\softonic.xml> in the current context! Error: Unable to interpret <[2012.07.31 01:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions> in the current context! Error: Unable to interpret <[2009.11.09 22:57:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}> in the current context! Error: Unable to interpret <[2012.07.22 23:18:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}> in the current context! Error: Unable to interpret <[2010.04.01 14:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNET-MANAGER\BIN\ADDON> in the current context! Error: Unable to interpret <[2012.07.22 23:18:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}> in the current context! Error: Unable to interpret <[2012.04.20 14:01:16 | 000,021,707 | ---- | M] () (No name found) -- C:\USERS\HEIKO&SABINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M3RDQ38Z.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI> in the current context! Error: Unable to interpret <[2012.04.20 14:01:17 | 000,007,972 | ---- | M] () (No name found) -- C:\USERS\HEIKO&SABINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M3RDQ38Z.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI> in the current context! Error: Unable to interpret <[2012.03.16 07:19:11 | 000,128,837 | ---- | M] () (No name found) -- C:\USERS\HEIKO&SABINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M3RDQ38Z.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI> in the current context! Error: Unable to interpret <[2012.07.30 10:16:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll> in the current context! Error: Unable to interpret <[2012.02.02 15:41:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll> in the current context! Error: Unable to interpret <[2011.09.30 08:37:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context! Error: Unable to interpret <[2012.04.18 13:21:57 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml> in the current context! Error: Unable to interpret <[2011.09.30 08:37:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml> in the current context! Error: Unable to interpret <[2011.09.30 08:37:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml> in the current context! Error: Unable to interpret <[2011.09.30 08:37:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context! Error: Unable to interpret <[2012.07.18 11:51:06 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml> in the current context! Error: Unable to interpret <[2011.09.30 08:37:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context! Error: Unable to interpret <[2011.09.30 08:37:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Chrome ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <CHR - homepage: hxxp://search.bearshare.net> in the current context! Error: Unable to interpret <CHR - default_search_provider: ()> in the current context! Error: Unable to interpret <CHR - default_search_provider: search_url = > in the current context! Error: Unable to interpret <CHR - default_search_provider: suggest_url = > in the current context! Error: Unable to interpret <CHR - homepage: hxxp://search.bearshare.net> in the current context! Error: Unable to interpret <CHR - Extension: No name found = C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\> in the current context! Error: Unable to interpret <CHR - Extension: No name found = C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\> in the current context! Error: Unable to interpret <CHR - Extension: No name found = C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <O1 HOSTS File: ([2009.11.29 19:48:35 | 000,000,108 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts> in the current context! Error: Unable to interpret <O1 - Hosts: 127.0.0.1 localhost> in the current context! Error: Unable to interpret <O1 - Hosts: ::1 localhost> in the current context! Error: Unable to interpret <O1 - Hosts: ::1 localhost> in the current context! Error: Unable to interpret <O1 - Hosts: ::1 localhost> in the current context! Error: Unable to interpret <O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context! Error: Unable to interpret <O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found> in the current context! Error: Unable to interpret <O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context! Error: Unable to interpret <O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O2 - BHO: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context! Error: Unable to interpret <O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context! Error: Unable to interpret <O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (WinZipBar_DE Toolbar) - {F3F5241A-C2C5-42D2-B6A1-2709209BBBAC} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [AgentMonitor] C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe ()> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [DMS-Kalenderchen] C:\Program Files\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [eRecoveryService] File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Maple_S2P] C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe ()> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [NSCSysTrayUI] C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe (Samsung)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [PC Prima] C:\Program Files\Ascentive\PC Prima\PCPrima.exe (Ascentive LLC)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [Facebook Update] C:\Users\heiko&sabine\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [Magentic] C:\Programme\Magentic\bin\Magentic.exe ()> in the current context! Error: Unable to interpret <O4 - Startup: C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook)> in the current context! Error: Unable to interpret <O8 - Extra context menu item: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found> in the current context! Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)> in the current context! Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found> in the current context! Error: Unable to interpret <O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context! Error: Unable to interpret <O9 - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context! Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)> in the current context! Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)> in the current context! Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E769CE1-F2DD-45BB-B680-DCFB35D04A6F}: DhcpNameServer = 10.0.0.1> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FA3E9E7-D3B3-425D-9E89-42C9D6983572}: NameServer = 10.0.0.1> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O24 - Desktop WallPaper: C:\Users\heiko&sabine\Pictures\2011-10-01\028.JPG> in the current context! Error: Unable to interpret <O24 - Desktop BackupWallPaper: C:\Users\heiko&sabine\Pictures\2011-10-01\028.JPG> in the current context! Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context! Error: Unable to interpret <O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]> in the current context! Error: Unable to interpret <O32 - Unable to obtain root file information for disk F:\> in the current context! Error: Unable to interpret <O33 - MountPoints2\{b92361df-51b8-11df-95a9-00238b7c2246}\Shell\AutoRun\command - "" = F:\Menu.exe> in the current context! Error: Unable to interpret <O33 - MountPoints2\{cc486072-edff-11de-8bbe-00238b7c2246}\Shell\1\Command - "" = F:\.\recycled\info.exe -- [2010.04.05 17:51:42 | 000,189,692 | RHS- | M] ()> in the current context! Error: Unable to interpret <O33 - MountPoints2\{cc486072-edff-11de-8bbe-00238b7c2246}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe> in the current context! Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context! Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context! Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context! Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)> in the current context! Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.07.31 19:46:43 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\heiko&sabine\Desktop\OTL.exe> in the current context! Error: Unable to interpret <[2012.07.27 08:10:19 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook> in the current context! Error: Unable to interpret <[2012.07.25 19:19:11 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\Documents\Steuerfälle> in the current context! Error: Unable to interpret <[2012.07.25 19:19:11 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Local\AAV> in the current context! Error: Unable to interpret <[2012.07.25 19:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps> in the current context! Error: Unable to interpret <[2012.07.25 19:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Akademische Arbeitsgemeinschaft> in the current context! Error: Unable to interpret <[2012.07.25 19:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV> in the current context! Error: Unable to interpret <[2012.07.25 18:43:07 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\Buhl Data Service> in the current context! Error: Unable to interpret <[2012.07.25 18:43:05 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Local\Buhl Data Service> in the current context! Error: Unable to interpret <[2012.07.25 18:24:41 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Local\Buhl> in the current context! Error: Unable to interpret <[2012.07.25 18:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\WISO> in the current context! Error: Unable to interpret <[2012.07.25 18:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH> in the current context! Error: Unable to interpret <[2012.07.25 17:43:40 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mfc42loc.dll> in the current context! Error: Unable to interpret <[2012.07.25 17:42:41 | 000,074,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrclr40.dll> in the current context! Error: Unable to interpret <[2012.07.25 17:42:40 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrecr40.dll> in the current context! Error: Unable to interpret <[2012.07.18 11:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess> in the current context! Error: Unable to interpret <[2012.07.18 11:50:55 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\Documents\My Received Files> in the current context! Error: Unable to interpret <[2012.07.18 11:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications> in the current context! Error: Unable to interpret <[2012.07.17 01:02:40 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys> in the current context! Error: Unable to interpret <[2012.07.17 00:47:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb> in the current context! Error: Unable to interpret <[2012.07.17 00:47:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll> in the current context! Error: Unable to interpret <[2012.07.17 00:47:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe> in the current context! Error: Unable to interpret <[2012.07.17 00:47:05 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll> in the current context! Error: Unable to interpret <[2012.07.17 00:47:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll> in the current context! Error: Unable to interpret <[2012.07.17 00:47:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll> in the current context! Error: Unable to interpret <[2012.07.17 00:47:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl> in the current context! Error: Unable to interpret <[2012.07.16 18:03:06 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll> in the current context! Error: Unable to interpret <[2012.07.16 18:03:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll> in the current context! Error: Unable to interpret <[2012.07.16 18:03:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll> in the current context! Error: Unable to interpret <[2012.07.16 18:03:05 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll> in the current context! Error: Unable to interpret <[2012.07.16 18:03:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll> in the current context! Error: Unable to interpret <[2012.07.16 18:02:55 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe> in the current context! Error: Unable to interpret <[2012.07.16 18:02:54 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe> in the current context! Error: Unable to interpret <[2012.07.16 18:02:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll> in the current context! Error: Unable to interpret <[2012.07.12 16:51:12 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\xjpiw2w3pzhefpil3c2dttvazyqimrja> in the current context! Error: Unable to interpret <[2012.07.12 16:08:24 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\xfuukkl3bampywutpilpk3lvgaloknuu> in the current context! Error: Unable to interpret <[2012.07.12 15:02:06 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\Documents\InterVideo> in the current context! Error: Unable to interpret <[2012.07.12 13:13:10 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\InterVideo> in the current context! Error: Unable to interpret <[2012.07.03 10:40:05 | 000,000,000 | ---D | C] -- C:\Windows\pss> in the current context! Error: Unable to interpret <[2009.11.09 22:56:54 | 008,155,424 | ---- | C] (Mozilla) -- C:\Users\heiko&sabine\yahoo_firefox_3.5.5_setup_de-pro1.exe> in the current context! Error: Unable to interpret <[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.07.31 19:51:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job> in the current context! Error: Unable to interpret <[2012.07.31 19:46:30 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini> in the current context! Error: Unable to interpret <[2012.07.31 19:00:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job> in the current context! Error: Unable to interpret <[2012.07.31 18:54:59 | 000,000,668 | ---- | M] () -- C:\Windows\ULEAD32.INI> in the current context! Error: Unable to interpret <[2012.07.31 18:45:36 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\heiko&sabine\Desktop\OTL.exe> in the current context! Error: Unable to interpret <[2012.07.31 18:36:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml> in the current context! Error: Unable to interpret <[2012.07.31 18:36:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0> in the current context! Error: Unable to interpret <[2012.07.31 18:36:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0> in the current context! Error: Unable to interpret <[2012.07.31 18:36:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job> in the current context! Error: Unable to interpret <[2012.07.31 18:36:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context! Error: Unable to interpret <[2012.07.31 18:35:01 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk> in the current context! Error: Unable to interpret <[2012.07.31 17:14:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad> in the current context! Error: Unable to interpret <[2012.07.31 17:09:12 | 000,001,166 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000UA.job> in the current context! Error: Unable to interpret <[2012.07.31 11:37:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat> in the current context! Error: Unable to interpret <[2012.07.31 11:37:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat> in the current context! Error: Unable to interpret <[2012.07.31 11:37:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat> in the current context! Error: Unable to interpret <[2012.07.31 11:37:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat> in the current context! Error: Unable to interpret <[2012.07.31 11:29:40 | 210,292,736 | ---- | M] () -- C:\Users\heiko&sabine\Desktop\KWU_1.0.3.upd.iso> in the current context! Error: Unable to interpret <[2012.07.30 23:08:03 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000Core.job> in the current context! Error: Unable to interpret <[2012.07.27 11:52:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe> in the current context! Error: Unable to interpret <[2012.07.27 11:52:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl> in the current context! Error: Unable to interpret <[2012.07.27 08:10:19 | 000,001,114 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk> in the current context! Error: Unable to interpret <[2012.07.25 22:03:53 | 000,046,080 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context! Error: Unable to interpret <[2012.07.25 19:11:42 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2010.lnk> in the current context! Error: Unable to interpret <[2012.07.25 18:52:34 | 000,000,553 | ---- | M] () -- C:\Windows\wiso.ini> in the current context! Error: Unable to interpret <[2012.07.23 00:05:52 | 000,588,882 | ---- | M] () -- C:\Users\heiko&sabine\Das Nachbarrecht in Baden-Wrttemberg.pdf> in the current context! Error: Unable to interpret <[2012.07.18 12:27:37 | 000,806,324 | ---- | M] () -- C:\Users\heiko&sabine\Kuehlbox_Sammelpass.pdf> in the current context! Error: Unable to interpret <[2012.07.18 11:50:39 | 000,000,041 | ---- | M] () -- C:\Windows\System32\Filzip.ini> in the current context! Error: Unable to interpret <[2012.07.17 07:58:28 | 000,379,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT> in the current context! Error: Unable to interpret <[2012.07.08 20:16:39 | 249,228,028 | ---- | M] () -- C:\Windows\MEMORY.DMP> in the current context! Error: Unable to interpret <[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys> in the current context! Error: Unable to interpret <[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.07.31 12:30:15 | 210,292,736 | ---- | C] () -- C:\Users\heiko&sabine\Desktop\KWU_1.0.3.upd.iso> in the current context! Error: Unable to interpret <[2012.07.31 00:10:10 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad> in the current context! Error: Unable to interpret <[2012.07.25 19:09:06 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2010.lnk> in the current context! Error: Unable to interpret <[2012.07.25 18:24:47 | 000,000,553 | ---- | C] () -- C:\Windows\wiso.ini> in the current context! Error: Unable to interpret <[2012.07.23 00:05:52 | 000,588,882 | ---- | C] () -- C:\Users\heiko&sabine\Das Nachbarrecht in Baden-Wrttemberg.pdf> in the current context! Error: Unable to interpret <[2012.07.18 12:27:37 | 000,806,324 | ---- | C] () -- C:\Users\heiko&sabine\Kuehlbox_Sammelpass.pdf> in the current context! Error: Unable to interpret <[2012.07.18 11:50:39 | 000,000,041 | ---- | C] () -- C:\Windows\System32\Filzip.ini> in the current context! Error: Unable to interpret <[2012.07.04 00:05:44 | 249,228,028 | ---- | C] () -- C:\Windows\MEMORY.DMP> in the current context! Error: Unable to interpret <[2012.07.01 10:59:31 | 000,379,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT> in the current context! Error: Unable to interpret <[2012.05.08 15:37:12 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini> in the current context! Error: Unable to interpret <[2012.04.12 15:01:39 | 000,073,377 | ---- | C] () -- C:\Users\heiko&sabine\firstload email.JPG> in the current context! Error: Unable to interpret <[2012.03.18 10:51:39 | 000,000,680 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Local\d3d9caps.dat> in the current context! Error: Unable to interpret <[2012.01.06 22:17:44 | 003,522,695 | ---- | C] () -- C:\Users\heiko&sabine\Prüfung Heiko Häußler.pdf> in the current context! Error: Unable to interpret <[2012.01.06 19:20:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll> in the current context! Error: Unable to interpret <[2011.12.24 19:19:48 | 000,000,581 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Local\cookies.ini> in the current context! Error: Unable to interpret <[2011.10.02 19:38:13 | 010,187,709 | ---- | C] () -- C:\Users\heiko&sabine\Bedienungsanleitung Kamera.pdf> in the current context! Error: Unable to interpret <[2011.08.01 17:21:38 | 000,852,264 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll> in the current context! Error: Unable to interpret <[2011.05.20 09:08:06 | 000,450,560 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll> in the current context! Error: Unable to interpret <[2011.04.26 13:12:22 | 000,000,340 | ---- | C] () -- C:\Windows\wininit.ini> in the current context! Error: Unable to interpret <[2011.04.20 03:09:00 | 000,565,827 | ---- | C] () -- C:\Windows\System32\sqlite3.dll> in the current context! Error: Unable to interpret <[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin> in the current context! Error: Unable to interpret <[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin> in the current context! Error: Unable to interpret <[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin> in the current context! Error: Unable to interpret <[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll> in the current context! Error: Unable to interpret <[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config> in the current context! Error: Unable to interpret <[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll> in the current context! Error: Unable to interpret <[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll> in the current context! Error: Unable to interpret <[2009.11.25 09:52:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol> in the current context! Error: Unable to interpret <[2009.11.16 23:39:34 | 000,075,857 | ---- | C] () -- C:\Users\heiko&sabine\einkaufszettel1.pdf> in the current context! Error: Unable to interpret <[2009.11.16 11:26:35 | 001,001,352 | ---- | C] () -- C:\Users\heiko&sabine\Kalenderchen4.exe> in the current context! Error: Unable to interpret <[2009.10.10 18:45:56 | 005,627,175 | ---- | C] () -- C:\Users\heiko&sabine\CscSetup.exe> in the current context! Error: Unable to interpret <[2009.10.09 19:06:53 | 033,727,544 | ---- | C] () -- C:\Users\heiko&sabine\Nokia_PC_Suite_7_1_30_9_ger_web.exe> in the current context! Error: Unable to interpret <[2009.10.04 18:24:50 | 000,001,787 | ---- | C] () -- C:\Users\heiko&sabine\Network Scan.lnk> in the current context! Error: Unable to interpret <[2009.10.03 21:30:54 | 034,119,048 | ---- | C] () -- C:\Users\heiko&sabine\avira_antivir_personal_de.exe> in the current context! Error: Unable to interpret <[2009.10.03 17:42:14 | 000,010,303 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Roaming\SmarThruOptions.xml> in the current context! Error: Unable to interpret <[2009.10.03 17:40:41 | 000,000,840 | ---- | C] () -- C:\Users\heiko&sabine\SmarThru 4.lnk> in the current context! Error: Unable to interpret <[2009.10.03 17:04:56 | 029,432,192 | ---- | C] () -- C:\Users\heiko&sabine\turbo lister.exe> in the current context! Error: Unable to interpret <[2009.10.03 16:16:20 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini> in the current context! Error: Unable to interpret <[2009.09.05 20:53:03 | 000,046,080 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context! Error: Unable to interpret <[2009.09.05 20:48:13 | 000,017,089 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Roaming\UserTile.png> in the current context! Error: Unable to interpret <[2009.09.04 12:58:12 | 000,000,370 | ---- | C] () -- C:\Users\heiko&sabine\Music.lnk> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== LOP Check ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.04.30 12:14:55 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\AquaSoft> in the current context! Error: Unable to interpret <[2012.03.18 11:34:17 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Ascentive> in the current context! Error: Unable to interpret <[2012.04.30 11:52:24 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Barbecue> in the current context! Error: Unable to interpret <[2012.05.07 22:49:42 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\BitZipper> in the current context! Error: Unable to interpret <[2012.07.25 18:43:07 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Buhl Data Service> in the current context! Error: Unable to interpret <[2010.05.02 21:35:50 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1> in the current context! Error: Unable to interpret <[2012.03.18 12:53:13 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Fighters> in the current context! Error: Unable to interpret <[2012.07.30 12:58:43 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\FileZilla> in the current context! Error: Unable to interpret <[2012.03.28 10:45:55 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Firstload> in the current context! Error: Unable to interpret <[2012.04.23 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Internet-Manager> in the current context! Error: Unable to interpret <[2012.07.12 13:13:10 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\InterVideo> in the current context! Error: Unable to interpret <[2011.07.07 10:00:43 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Latyov> in the current context! Error: Unable to interpret <[2009.10.09 19:23:04 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Nokia> in the current context! Error: Unable to interpret <[2011.07.04 13:16:35 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Nuha> in the current context! Error: Unable to interpret <[2011.02.05 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Opera> in the current context! Error: Unable to interpret <[2009.10.09 19:15:37 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PC Suite> in the current context! Error: Unable to interpret <[2012.01.06 19:20:27 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\pdfforge> in the current context! Error: Unable to interpret <[2009.09.05 20:48:13 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PeerNetworking> in the current context! Error: Unable to interpret <[2012.02.27 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PixelPlanet> in the current context! Error: Unable to interpret <[2009.11.29 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PPMate> in the current context! Error: Unable to interpret <[2009.11.29 19:47:43 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\ppStream> in the current context! Error: Unable to interpret <[2012.05.07 23:01:08 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PreisHai4> in the current context! Error: Unable to interpret <[2012.07.03 07:00:15 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\SchnapperPro> in the current context! Error: Unable to interpret <[2009.10.03 17:42:15 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\SmarThru4> in the current context! Error: Unable to interpret <[2012.06.27 13:56:40 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\TeamViewer> in the current context! Error: Unable to interpret <[2012.03.19 16:18:52 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\TuneUp Software> in the current context! Error: Unable to interpret <[2012.07.15 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\xfuukkl3bampywutpilpk3lvgaloknuu> in the current context! Error: Unable to interpret <[2012.07.15 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\xjpiw2w3pzhefpil3c2dttvazyqimrja> in the current context! Error: Unable to interpret <[2012.07.30 23:08:03 | 000,001,144 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000Core.job> in the current context! Error: Unable to interpret <[2012.07.31 17:09:12 | 000,001,166 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000UA.job> in the current context! Error: Unable to interpret <[2012.07.31 18:35:29 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Purity Check ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Alternate Data Streams ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8> in the current context! Error: Unable to interpret << End of report > > in the current context! OTL by OldTimer - Version 3.2.55.0 log created on 07312012_200117 |
|
31.07.2012, 19:05
| #9 |
| /// Helfer-Team | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) Falsch! Fix richtig kopieren! Nochmal! |
|
31.07.2012, 19:20
| #10 |
| | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) Abgestürzt :-( Files\Folders moved on Reboot... File\Folder F:\.\recycled\info.exe not found! File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. PendingFileRenameOperations files... File F:\.\recycled\info.exe not found! [2012.07.31 20:17:14 | 000,003,216 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5 [2012.07.31 20:17:13 | 000,003,216 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5 Registry entries deleted on Reboot... Musste meinen Reg.schlüssel eingeben, und nun funktioniert es wieder! Aber ist der PC nun sauber??? Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.07.03.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 heiko&sabine :: HEIKO_SABINE-PC [Administrator] Schutz: Aktiviert 31.07.2012 20:47:05 mbam-log-2012-07-31 (20-47-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 199041 Laufzeit: 8 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
31.07.2012, 22:46
| #11 |
| /// Helfer-Team | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) Sehr gut!  1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
02.08.2012, 22:52
| #12 |
| | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.08.02.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 heiko&sabine :: HEIKO_SABINE-PC [Administrator] Schutz: Aktiviert 02.08.2012 20:56:24 mbam-log-2012-08-02 (20-56-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 380586 Laufzeit: 2 Stunde(n), 53 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) # AdwCleaner v1.800 - Logfile created 08/02/2012 at 23:49:59 # Updated 01/08/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # User : heiko&sabine - HEIKO_SABINE-PC # Running from : C:\Users\heiko&sabine\Downloads\adwcleaner(1).exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\heiko&sabine\AppData\Local\APN Folder Found : C:\Users\heiko&sabine\AppData\Local\AskToolbar Folder Found : C:\Users\heiko&sabine\AppData\Local\Conduit Folder Found : C:\Users\heiko&sabine\AppData\LocalLow\AskToolbar Folder Found : C:\Users\heiko&sabine\AppData\LocalLow\Conduit Folder Found : C:\Users\heiko&sabine\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\heiko&sabine\AppData\LocalLow\IncrediMail_MediaBar_2 Folder Found : C:\Users\heiko&sabine\AppData\LocalLow\IncrediMail_MediaBar_2 Folder Found : C:\Users\heiko&sabine\AppData\LocalLow\WinZipBar_DE Folder Found : C:\Users\heiko&sabine\AppData\Roaming\pdfforge Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\Conduit Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\ConduitCommon Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2438727 Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2724386 Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2801937 Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2856415 Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT3192727 Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9} Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6} Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac} Folder Found : C:\Program Files\Ask.com Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\ConduitEngine Folder Found : C:\Program Files\IncrediMail_MediaBar_2 Folder Found : C:\Program Files\IncrediMail_MediaBar_2 Folder Found : C:\Program Files\WinZipBar_DE Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} File Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\softonic.xml File Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\adapter@babylontc.com.xpi File Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\ocr@babylon.com.xpi File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2724386[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3192727 Key Found : HKCU\Software\APN Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\conduitEngine Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\pdfforge Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\AskToolbar Key Found : HKCU\Software\Babylon Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\APN Key Found : HKLM\SOFTWARE\AskToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\conduitEngine Key Found : HKLM\SOFTWARE\conduitEngine Key Found : HKLM\SOFTWARE\IncrediMail_MediaBar_2 Key Found : HKLM\SOFTWARE\IncrediMail_MediaBar_2 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_2 Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar_DE Toolbar Key Found : HKLM\SOFTWARE\WinZipBar_DE ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E3A5BBD0-B829-4D68-AF58-F66E67F959C6} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B02C310B-C22D-4A43-B68B-46DD7A501B87} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EDF5505-E849-4219-8771-A8BCD4AD0698} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1CD5CAC-70BB-4CE8-A9C6-E25B2C5EA9D2} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6200AE96-C98B-42EB-ADB8-F1AD68AA4EDB} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E3A5BBD0-B829-4D68-AF58-F66E67F959C6} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\prefs.js Found : user_pref("CT2438727..clientLogIsEnabled", false); Found : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2438727.BrowserCompStateIsOpen_1000515", true); Found : user_pref("CT2438727.CT2438727", "CT2438727"); Found : user_pref("CT2438727.CurrentServerDate", "2-8-2012"); Found : user_pref("CT2438727.DSInstall", false); Found : user_pref("CT2438727.DialogsAlignMode", "LTR"); Found : user_pref("CT2438727.DialogsGetterLastCheckTime", "Thu Aug 02 2012 21:21:54 GMT+0200"); Found : user_pref("CT2438727.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...] Found : user_pref("CT2438727.FirstServerDate", "14-1-2012"); Found : user_pref("CT2438727.FirstTime", true); Found : user_pref("CT2438727.FirstTimeFF3", true); Found : user_pref("CT2438727.FixPageNotFoundErrors", true); Found : user_pref("CT2438727.GroupingServerCheckInterval", 1440); Found : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2438727.HPInstall", false); Found : user_pref("CT2438727.HasUserGlobalKeys", true); Found : user_pref("CT2438727.HomePageProtectorEnabled", false); Found : user_pref("CT2438727.HomepageBeforeUnload", "hxxp://mystart.incredimail.com"); Found : user_pref("CT2438727.Initialize", true); Found : user_pref("CT2438727.InitializeCommonPrefs", true); Found : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2438727.InstallationType", "DirectDownload"); Found : user_pref("CT2438727.InstalledDate", "Sat Jan 14 2012 15:47:25 GMT+0100"); Found : user_pref("CT2438727.IsAlertDBUpdated", true); Found : user_pref("CT2438727.IsGrouping", false); Found : user_pref("CT2438727.IsInitSetupIni", true); Found : user_pref("CT2438727.IsMulticommunity", false); Found : user_pref("CT2438727.IsOpenThankYouPage", true); Found : user_pref("CT2438727.IsOpenUninstallPage", true); Found : user_pref("CT2438727.IsProtectorsInit", true); Found : user_pref("CT2438727.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:07:53 GMT+0200"); Found : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2438727.LastLogin_3.12.0.7", "Wed Apr 25 2012 08:39:51 GMT+0200"); Found : user_pref("CT2438727.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:19 GMT+0200"); Found : user_pref("CT2438727.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:31:33 GMT+0200"); Found : user_pref("CT2438727.LastLogin_3.14.1.0", "Thu Aug 02 2012 22:07:08 GMT+0200"); Found : user_pref("CT2438727.LastLogin_3.9.0.3", "Sun Jan 15 2012 18:11:46 GMT+0100"); Found : user_pref("CT2438727.LatestVersion", "3.14.1.0"); Found : user_pref("CT2438727.Locale", "en"); Found : user_pref("CT2438727.MCDetectTooltipHeight", "83"); Found : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2438727.MCDetectTooltipWidth", "295"); Found : user_pref("CT2438727.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2438727.OriginalFirstVersion", "3.9.0.3"); Found : user_pref("CT2438727.SearchCaption", "Zynga Customized Web Search"); Found : user_pref("CT2438727.SearchEngineBeforeUnload", "Google"); Found : user_pref("CT2438727.SearchFromAddressBarIsInit", true); Found : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...] Found : user_pref("CT2438727.SearchInNewTabEnabled", true); Found : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:50 GMT+0200"); Found : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2438727.SearchProtectorEnabled", false); Found : user_pref("CT2438727.SearchProtectorToolbarDisabled", false); Found : user_pref("CT2438727.SendProtectorDataViaLogin", true); Found : user_pref("CT2438727.ServiceMapLastCheckTime", "Thu Aug 02 2012 23:07:51 GMT+0200"); Found : user_pref("CT2438727.SettingsLastCheckTime", "Thu Aug 02 2012 21:04:18 GMT+0200"); Found : user_pref("CT2438727.SettingsLastUpdate", "1342352416"); Found : user_pref("CT2438727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2438727&SearchSource=13"); Found : user_pref("CT2438727.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Jan 14 2012 15:47:23 GMT+0100"); Found : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1312887586"); Found : user_pref("CT2438727.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727"); Found : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2438727.UserID", "UN69442096685130660"); Found : user_pref("CT2438727.ValidationData_Toolbar", 2); Found : user_pref("CT2438727.alertChannelId", "832836"); Found : user_pref("CT2438727.backendstorage.currentgame", "63697479"); Found : user_pref("CT2438727.backendstorage.facebook_mode", "32"); Found : user_pref("CT2438727.backendstorage.facebook_user_locale", "6465"); Found : user_pref("CT2438727.components.1000515", true); Found : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Sun Jan 15 2012 18:11:46 GMT+0100"); Found : user_pref("CT2438727.homepageProtectorEnableByLogin", true); Found : user_pref("CT2438727.initDone", true); Found : user_pref("CT2438727.isAppTrackingManagerOn", true); Found : user_pref("CT2438727.myStuffEnabled", true); Found : user_pref("CT2438727.myStuffPublihserMinWidth", 400); Found : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2438727.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,111,129509324767711885,129[...] Found : user_pref("CT2438727.revertSettingsEnabled", true); Found : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2438727.searchProtectorEnableByLogin", true); Found : user_pref("CT2438727.testingCtid", ""); Found : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:51 GMT+0200"); Found : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Sat Jan 14 2012 15:47:35 GMT+0100"); Found : user_pref("CT2438727.usagesFlag", 2); Found : user_pref("CT2724386..clientLogIsEnabled", false); Found : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2724386.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2724386.BrowserCompStateIsOpen_129626311033612748", true); Found : user_pref("CT2724386.BrowserCompStateIsOpen_129723003199914047", true); Found : user_pref("CT2724386.BrowserCompStateIsOpen_129847484448267081", true); Found : user_pref("CT2724386.BrowserCompStateIsOpen_129851872283658385", true); Found : user_pref("CT2724386.CTID", "ct2724407"); Found : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Fri Apr 27 2012 23:18:04 GMT+0200"); Found : user_pref("CT2724386.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...] Found : user_pref("CT2724386.CommunityChanged", true); Found : user_pref("CT2724386.CurrentServerDate", "2-8-2012"); Found : user_pref("CT2724386.DialogsAlignMode", "LTR"); Found : user_pref("CT2724386.DialogsGetterLastCheckTime", "Thu Aug 02 2012 21:21:56 GMT+0200"); Found : user_pref("CT2724386.DownloadDomainsListLastCheckTime", "Fri Apr 27 2012 23:18:04 GMT+0200"); Found : user_pref("CT2724386.DownloadReferralCookieData", ""); Found : user_pref("CT2724386.FirstServerDate", "5-2-2011"); Found : user_pref("CT2724386.FirstTime", true); Found : user_pref("CT2724386.FirstTimeFF3", true); Found : user_pref("CT2724386.FixPageNotFoundErrors", true); Found : user_pref("CT2724386.GroupingLastCheckTime", "Fri Apr 27 2012 22:55:19 GMT+0200"); Found : user_pref("CT2724386.GroupingLastErrorCode", ""); Found : user_pref("CT2724386.GroupingLastResponse", false); Found : user_pref("CT2724386.GroupingLastServerUpdateTime", "129404259370830000"); Found : user_pref("CT2724386.GroupingServerCheckInterval", 1440); Found : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2724386.HasUserGlobalKeys", true); Found : user_pref("CT2724386.Initialize", true); Found : user_pref("CT2724386.InitializeCommonPrefs", true); Found : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe"); Found : user_pref("CT2724386.InstallationType", "ConduitIntegration"); Found : user_pref("CT2724386.InstalledDate", "Sat Feb 05 2011 09:46:53 GMT+0100"); Found : user_pref("CT2724386.IsGrouping", false); Found : user_pref("CT2724386.IsMulticommunity", false); Found : user_pref("CT2724386.IsOpenThankYouPage", false); Found : user_pref("CT2724386.IsOpenUninstallPage", true); Found : user_pref("CT2724386.LanguagePackLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100"); Found : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2724386.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:21 GMT+0200"); Found : user_pref("CT2724386.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:31:38 GMT+0200"); Found : user_pref("CT2724386.LastLogin_3.14.1.0", "Thu Aug 02 2012 22:07:11 GMT+0200"); Found : user_pref("CT2724386.LastLogin_3.3.0.19", "Sat Feb 05 2011 13:46:53 GMT+0100"); Found : user_pref("CT2724386.LatestVersion", "3.14.1.0"); Found : user_pref("CT2724386.Locale", "en"); Found : user_pref("CT2724386.MCDetectTooltipHeight", "83"); Found : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2724386.MCDetectTooltipWidth", "295"); Found : user_pref("CT2724386.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2724386.RadioIsPodcast", false); Found : user_pref("CT2724386.RadioMediaID", "21080119"); Found : user_pref("CT2724386.RadioMediaType", "Media Player"); Found : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080119"); Found : user_pref("CT2724386.RadioStationName", "Royal-Radio%20"); Found : user_pref("CT2724386.RadioStationURL", ""); Found : user_pref("CT2724386.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Found : user_pref("CT2724386.SearchFromAddressBarIsInit", true); Found : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...] Found : user_pref("CT2724386.SearchInNewTabEnabled", true); Found : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100"); Found : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2724386.ServiceMapLastCheckTime", "Thu Aug 02 2012 12:24:17 GMT+0200"); Found : user_pref("CT2724386.SettingsLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100"); Found : user_pref("CT2724386.SettingsLastUpdate", "1295945137"); Found : user_pref("CT2724386.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Sat Feb 05 2011 09:46:53 GMT+0100"); Found : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246790578"); Found : user_pref("CT2724386.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724386"); Found : user_pref("CT2724386.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2724386.UserID", "UN42851976944475634"); Found : user_pref("CT2724386.WeatherNetwork", ""); Found : user_pref("CT2724386.WeatherPollDate", "Sat Feb 05 2011 10:16:56 GMT+0100"); Found : user_pref("CT2724386.WeatherUnit", "C"); Found : user_pref("CT2724386.alertChannelId", "1116652"); Found : user_pref("CT2724386.ct2724407.DialogsAlignMode", "LTR"); Found : user_pref("CT2724386.ct2724407.GroupingInvalidateCache", false); Found : user_pref("CT2724386.ct2724407.GroupingLastCheckTime", "Fri Apr 27 2012 22:55:19 GMT+0200"); Found : user_pref("CT2724386.ct2724407.GroupingLastErrorCode", ""); Found : user_pref("CT2724386.ct2724407.GroupingLastResponse", false); Found : user_pref("CT2724386.ct2724407.GroupingLastServerUpdateTime", "129403703522470000"); Found : user_pref("CT2724386.ct2724407.InvalidateCache", false); Found : user_pref("CT2724386.ct2724407.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:07:59 GMT+0200"); Found : user_pref("CT2724386.ct2724407.Locale", "de"); Found : user_pref("CT2724386.ct2724407.RadioLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100"); Found : user_pref("CT2724386.ct2724407.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2724386.ct2724407.RadioLastUpdateServer", "129249047784100000"); Found : user_pref("CT2724386.ct2724407.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...] Found : user_pref("CT2724386.ct2724407.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200"); Found : user_pref("CT2724386.ct2724407.SettingsLastCheckTime", "Thu Aug 02 2012 21:04:18 GMT+0200"); Found : user_pref("CT2724386.ct2724407.SettingsLastUpdate", "1340713641"); Found : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastCheck", "Sat Feb 05 2011 09:46:53 GMT+0100"); Found : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastUpdate", "1255348257"); Found : user_pref("CT2724386.ct2724407.globalFirstTimeInfoLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100[...] Found : user_pref("CT2724386.ct2724407.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:58 GMT+0200"[...] Found : user_pref("CT2724386.ct2724407.toolbarContextMenuLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100"[...] Found : user_pref("CT2724386.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2724386.globalFirstTimeInfoLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100"); Found : user_pref("CT2724386.homepageProtectorEnableByLogin", true); Found : user_pref("CT2724386.initDone", true); Found : user_pref("CT2724386.isAppTrackingManagerOn", false); Found : user_pref("CT2724386.myStuffEnabled", true); Found : user_pref("CT2724386.myStuffPublihserMinWidth", 400); Found : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2724386.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2724386.revertSettingsEnabled", false); Found : user_pref("CT2724386.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2724386.searchProtectorEnableByLogin", true); Found : user_pref("CT2724386.testingCtid", ""); Found : user_pref("CT2724386.toolbarAppMetaDataLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100"); Found : user_pref("CT2724386.toolbarContextMenuLastCheckTime", "Sat Feb 05 2011 09:46:56 GMT+0100"); Found : user_pref("CT2724386.usagesFlag", 2); Found : user_pref("CT2801937..clientLogIsEnabled", false); Found : user_pref("CT2801937..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2801937..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2801937.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2801937.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2801937.AppTrackingLastCheckTime", "Mon May 07 2012 22:14:07 GMT+0200"); Found : user_pref("CT2801937.BrowserCompStateIsOpen_129799487489787934", true); Found : user_pref("CT2801937.BrowserCompStateIsOpen_129800116201456332", true); Found : user_pref("CT2801937.CTID", "CT2801937"); Found : user_pref("CT2801937.CurrentServerDate", "2-8-2012"); Found : user_pref("CT2801937.DSInstall", true); Found : user_pref("CT2801937.DialogsAlignMode", "LTR"); Found : user_pref("CT2801937.DialogsGetterLastCheckTime", "Wed Aug 01 2012 16:09:50 GMT+0200"); Found : user_pref("CT2801937.DownloadReferralCookieData", ""); Found : user_pref("CT2801937.EMailNotifierPollDate", "Tue May 15 2012 13:57:01 GMT+0200"); Found : user_pref("CT2801937.EnableClickToSearchBox", false); Found : user_pref("CT2801937.EnableSearchHistory", false); Found : user_pref("CT2801937.EnableSearchSuggest", false); Found : user_pref("CT2801937.FirstServerDate", "7-5-2012"); Found : user_pref("CT2801937.FirstTime", true); Found : user_pref("CT2801937.FirstTimeFF3", true); Found : user_pref("CT2801937.FirstTimeHiddenVer", true); Found : user_pref("CT2801937.FixPageNotFoundErrors", false); Found : user_pref("CT2801937.GroupingServerCheckInterval", 1440); Found : user_pref("CT2801937.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2801937.HPChangedManually", true); Found : user_pref("CT2801937.HPInstall", true); Found : user_pref("CT2801937.HasUserGlobalKeys", true); Found : user_pref("CT2801937.HomePageProtectorEnabled", false); Found : user_pref("CT2801937.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=[...] Found : user_pref("CT2801937.Initialize", true); Found : user_pref("CT2801937.InitializeCommonPrefs", true); Found : user_pref("CT2801937.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2801937.InstallationId", "ConduitInstaller.exe"); Found : user_pref("CT2801937.InstallationType", "ConduitNSISIntegration"); Found : user_pref("CT2801937.InstalledDate", "Mon May 07 2012 18:53:18 GMT+0200"); Found : user_pref("CT2801937.InvalidateCache", false); Found : user_pref("CT2801937.IsAlertDBUpdated", true); Found : user_pref("CT2801937.IsGrouping", false); Found : user_pref("CT2801937.IsInitSetupIni", true); Found : user_pref("CT2801937.IsMulticommunity", false); Found : user_pref("CT2801937.IsOpenThankYouPage", false); Found : user_pref("CT2801937.IsOpenUninstallPage", true); Found : user_pref("CT2801937.IsProtectorsInit", true); Found : user_pref("CT2801937.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200"); Found : user_pref("CT2801937.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2801937.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2801937.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:22 GMT+0200"); Found : user_pref("CT2801937.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:24:35 GMT+0200"); Found : user_pref("CT2801937.LastLogin_3.14.1.0", "Thu Aug 02 2012 22:07:10 GMT+0200"); Found : user_pref("CT2801937.LatestVersion", "3.14.1.0"); Found : user_pref("CT2801937.Locale", "de"); Found : user_pref("CT2801937.MCDetectTooltipHeight", "83"); Found : user_pref("CT2801937.MCDetectTooltipShow", false); Found : user_pref("CT2801937.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2801937.MCDetectTooltipWidth", "295"); Found : user_pref("CT2801937.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2801937.OriginalFirstVersion", "3.12.2.3"); Found : user_pref("CT2801937.RadioIsPodcast", false); Found : user_pref("CT2801937.RadioLastCheckTime", "Tue May 15 2012 13:57:01 GMT+0200"); Found : user_pref("CT2801937.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2801937.RadioLastUpdateServer", "129800256255330000"); Found : user_pref("CT2801937.RadioMediaID", "21560175"); Found : user_pref("CT2801937.RadioMediaType", "Media Player"); Found : user_pref("CT2801937.RadioMenuSelectedID", "EBRadioMenu_CT280193721560175"); Found : user_pref("CT2801937.RadioShrinkedFromSetup", false); Found : user_pref("CT2801937.RadioStationName", "GermanyFM%20Info"); Found : user_pref("CT2801937.RadioStationURL", "hxxp://www.1000mikes.com/audio/1000mikes.m3u?channelId=6680"[...] Found : user_pref("CT2801937.SavedHomepage", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc="[...] Found : user_pref("CT2801937.SearchBackToDefaultEngine", false); Found : user_pref("CT2801937.SearchCaption", "NCH DE Customized Web Search"); Found : user_pref("CT2801937.SearchEngineBeforeUnload", "WinZipBar_DE Customized Web Search"); Found : user_pref("CT2801937.SearchFromAddressBarIsInit", true); Found : user_pref("CT2801937.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...] Found : user_pref("CT2801937.SearchInNewTabEnabled", true); Found : user_pref("CT2801937.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2801937.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:52 GMT+0200"); Found : user_pref("CT2801937.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2801937.SearchInNewTabUserEnabled", false); Found : user_pref("CT2801937.SearchProtectorEnabled", false); Found : user_pref("CT2801937.SearchProtectorToolbarDisabled", false); Found : user_pref("CT2801937.SendProtectorDataViaLogin", true); Found : user_pref("CT2801937.ServiceMapLastCheckTime", "Thu Aug 02 2012 23:07:52 GMT+0200"); Found : user_pref("CT2801937.SettingsLastCheckTime", "Thu Aug 02 2012 21:04:19 GMT+0200"); Found : user_pref("CT2801937.SettingsLastUpdate", "1343176950"); Found : user_pref("CT2801937.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13"); Found : user_pref("CT2801937.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2801937.ThirdPartyComponentsLastCheck", "Mon May 07 2012 18:53:16 GMT+0200"); Found : user_pref("CT2801937.ThirdPartyComponentsLastUpdate", "1331806000"); Found : user_pref("CT2801937.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2801937.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801937"); Found : user_pref("CT2801937.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2801937.UserID", "UN88242712545417888"); Found : user_pref("CT2801937.WeatherNetwork", ""); Found : user_pref("CT2801937.WeatherPollDate", "Tue May 15 2012 13:57:03 GMT+0200"); Found : user_pref("CT2801937.WeatherUnit", "C"); Found : user_pref("CT2801937.alertChannelId", "1194019"); Found : user_pref("CT2801937.approveUntrustedApps", false); Found : user_pref("CT2801937.autoDisableScopes", 0); Found : user_pref("CT2801937.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365"); Found : user_pref("CT2801937.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365"); Found : user_pref("CT2801937.backendstorage.xing_app_marketplace_app_lang", "656E"); Found : user_pref("CT2801937.backendstorage.xing_app_marketplace_gadget_height_normal", "353639"); Found : user_pref("CT2801937.backendstorage.xing_app_marketplace_gadget_height_short", "343135"); Found : user_pref("CT2801937.backendstorage.xing_app_marketplace_gadget_width", "333533"); Found : user_pref("CT2801937.components.1000034", false); Found : user_pref("CT2801937.components.1000080", false); Found : user_pref("CT2801937.components.1000082", false); Found : user_pref("CT2801937.components.1000234", false); Found : user_pref("CT2801937.components.129306877459819678", false); Found : user_pref("CT2801937.components.129306877459975929", false); Found : user_pref("CT2801937.components.129306877468568933", false); Found : user_pref("CT2801937.components.129799474422717075", false); Found : user_pref("CT2801937.components.129799482871194470", false); Found : user_pref("CT2801937.components.129799483853381569", false); Found : user_pref("CT2801937.components.129799487489787934", false); Found : user_pref("CT2801937.components.129799494588344200", false); Found : user_pref("CT2801937.components.129800116201456332", false); Found : user_pref("CT2801937.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2801937.globalFirstTimeInfoLastCheckTime", "Mon May 07 2012 18:53:19 GMT+0200"); Found : user_pref("CT2801937.homepageProtectorEnableByLogin", true); Found : user_pref("CT2801937.initDone", true); Found : user_pref("CT2801937.isAppTrackingManagerOn", true); Found : user_pref("CT2801937.isFirstRadioInstallation", false); Found : user_pref("CT2801937.isSearchProtectorNotifyChanges", false); Found : user_pref("CT2801937.myStuffEnabled", true); Found : user_pref("CT2801937.myStuffPublihserMinWidth", 400); Found : user_pref("CT2801937.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2801937.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2801937.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2801937.navigateToUrlOnSearch", false); Found : user_pref("CT2801937.revertSettingsEnabled", true); Found : user_pref("CT2801937.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2801937.searchProtectorEnableByLogin", true); Found : user_pref("CT2801937.testingCtid", ""); Found : user_pref("CT2801937.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:53 GMT+0200"); Found : user_pref("CT2801937.toolbarContextMenuLastCheckTime", "Mon May 07 2012 18:53:21 GMT+0200"); Found : user_pref("CT2801937.usageEnabled", false); Found : user_pref("CT2801937.usagesFlag", 2); Found : user_pref("CT2856415..clientLogIsEnabled", false); Found : user_pref("CT2856415..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2856415..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2856415.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2856415.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2856415.BrowserCompStateIsOpen_129502651137682069", true); Found : user_pref("CT2856415.BrowserCompStateIsOpen_129560745131733767", true); Found : user_pref("CT2856415.BrowserCompStateIsOpen_129683315081957463", true); Found : user_pref("CT2856415.CT2856415", "CT2856415"); Found : user_pref("CT2856415.CurrentServerDate", "21-7-2012"); Found : user_pref("CT2856415.DialogsAlignMode", "LTR"); Found : user_pref("CT2856415.DialogsGetterLastCheckTime", "Fri Jul 20 2012 08:45:28 GMT+0200"); Found : user_pref("CT2856415.DownloadReferralCookieData", ""); Found : user_pref("CT2856415.FirstServerDate", "8-1-2011"); Found : user_pref("CT2856415.FirstTime", true); Found : user_pref("CT2856415.FirstTimeFF3", true); Found : user_pref("CT2856415.FixPageNotFoundErrors", false); Found : user_pref("CT2856415.GroupingServerCheckInterval", 1440); Found : user_pref("CT2856415.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2856415.HasUserGlobalKeys", true); Found : user_pref("CT2856415.Initialize", true); Found : user_pref("CT2856415.InitializeCommonPrefs", true); Found : user_pref("CT2856415.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2856415.InstallationType", "Unknown"); Found : user_pref("CT2856415.InstalledDate", "Sat Jan 08 2011 10:42:24 GMT+0100"); Found : user_pref("CT2856415.IsGrouping", false); Found : user_pref("CT2856415.IsMulticommunity", false); Found : user_pref("CT2856415.IsOpenThankYouPage", true); Found : user_pref("CT2856415.IsOpenUninstallPage", true); Found : user_pref("CT2856415.LanguagePackLastCheckTime", "Fri Jul 20 2012 08:45:25 GMT+0200"); Found : user_pref("CT2856415.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2856415.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2856415.LastLogin_3.12.0.7", "Wed Apr 25 2012 08:39:48 GMT+0200"); Found : user_pref("CT2856415.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:16 GMT+0200"); Found : user_pref("CT2856415.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:24:35 GMT+0200"); Found : user_pref("CT2856415.LastLogin_3.14.1.0", "Sat Jul 21 2012 00:45:29 GMT+0200"); Found : user_pref("CT2856415.LastLogin_3.3.0.19", "Sat Jan 08 2011 10:42:24 GMT+0100"); Found : user_pref("CT2856415.LatestVersion", "3.13.0.6"); Found : user_pref("CT2856415.Locale", "en"); Found : user_pref("CT2856415.MCDetectTooltipHeight", "83"); Found : user_pref("CT2856415.MCDetectTooltipShow", false); Found : user_pref("CT2856415.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2856415.MCDetectTooltipWidth", "295"); Found : user_pref("CT2856415.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2856415.SHRINK_TOOLBAR", 1); Found : user_pref("CT2856415.SavedHomepage", "hxxp://mystart.incredimail.com/"); Found : user_pref("CT2856415.SearchFromAddressBarIsInit", true); Found : user_pref("CT2856415.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...] Found : user_pref("CT2856415.SearchInNewTabEnabled", true); Found : user_pref("CT2856415.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2856415.SearchInNewTabLastCheckTime", "Fri Jul 20 2012 08:45:26 GMT+0200"); Found : user_pref("CT2856415.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2856415.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2856415.SearchProtectorToolbarDisabled", true); Found : user_pref("CT2856415.ServiceMapLastCheckTime", "Fri Jul 20 2012 08:45:25 GMT+0200"); Found : user_pref("CT2856415.SettingsLastCheckTime", "Fri Jul 20 2012 22:09:58 GMT+0200"); Found : user_pref("CT2856415.SettingsLastUpdate", "1341830141"); Found : user_pref("CT2856415.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2856415.ThirdPartyComponentsLastCheck", "Sat Jan 08 2011 10:42:22 GMT+0100"); Found : user_pref("CT2856415.ThirdPartyComponentsLastUpdate", "1246790578"); Found : user_pref("CT2856415.ToolbarDisabled", false); Found : user_pref("CT2856415.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2856415"); Found : user_pref("CT2856415.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2856415.UserID", "UN90125898018839251"); Found : user_pref("CT2856415.ValidationData_Toolbar", 2); Found : user_pref("CT2856415.alertChannelId", "1248439"); Found : user_pref("CT2856415.approveUntrustedApps", true); Found : user_pref("CT2856415.backendstorage.cbfirsttime", "547565204A756E20313220323031322030383A35313A33372[...] Found : user_pref("CT2856415.backendstorage.sf_just_installed", "46414C5345"); Found : user_pref("CT2856415.backendstorage.sf_status", "454E41424C4544"); Found : user_pref("CT2856415.backendstorage.sf_user_id", "6369645F31323632303132383531333833323830353238"); Found : user_pref("CT2856415.backendstorage.shoppingapp.gk.exipres", "546875204A756E20323820323031322031303A[...] Found : user_pref("CT2856415.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79"); Found : user_pref("CT2856415.components.1000080", false); Found : user_pref("CT2856415.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2856415.globalFirstTimeInfoLastCheckTime", "Sat Jan 08 2011 10:42:24 GMT+0100"); Found : user_pref("CT2856415.homepageProtectorEnableByLogin", true); Found : user_pref("CT2856415.initDone", true); Found : user_pref("CT2856415.isAppTrackingManagerOn", false); Found : user_pref("CT2856415.myStuffEnabled", true); Found : user_pref("CT2856415.myStuffPublihserMinWidth", 400); Found : user_pref("CT2856415.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2856415.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2856415.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2856415.revertSettingsEnabled", true); Found : user_pref("CT2856415.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2856415.searchProtectorEnableByLogin", true); Found : user_pref("CT2856415.testingCtid", ""); Found : user_pref("CT2856415.toolbarAppMetaDataLastCheckTime", "Fri Jul 20 2012 08:45:28 GMT+0200"); Found : user_pref("CT2856415.toolbarContextMenuLastCheckTime", "Sat Jan 08 2011 10:42:24 GMT+0100"); Found : user_pref("CT2856415.usagesFlag", 2); Found : user_pref("CT3192727..clientLogIsEnabled", false); Found : user_pref("CT3192727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT3192727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT3192727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT3192727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT3192727.CTID", "CT3192727"); Found : user_pref("CT3192727.CurrentServerDate", "2-8-2012"); Found : user_pref("CT3192727.DSInstall", true); Found : user_pref("CT3192727.DialogsAlignMode", "LTR"); Found : user_pref("CT3192727.DialogsGetterLastCheckTime", "Wed Aug 01 2012 16:09:53 GMT+0200"); Found : user_pref("CT3192727.DownloadReferralCookieData", ""); Found : user_pref("CT3192727.EMailNotifierPollDate", "Tue May 15 2012 17:14:20 GMT+0200"); Found : user_pref("CT3192727.FirstServerDate", "15-5-2012"); Found : user_pref("CT3192727.FirstTime", true); Found : user_pref("CT3192727.FirstTimeFF3", true); Found : user_pref("CT3192727.FirstTimeHiddenVer", true); Found : user_pref("CT3192727.FixPageNotFoundErrors", true); Found : user_pref("CT3192727.GroupingServerCheckInterval", 1440); Found : user_pref("CT3192727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT3192727.HPInstall", true); Found : user_pref("CT3192727.HasUserGlobalKeys", true); Found : user_pref("CT3192727.HomePageProtectorEnabled", true); Found : user_pref("CT3192727.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=[...] Found : user_pref("CT3192727.Initialize", true); Found : user_pref("CT3192727.InitializeCommonPrefs", true); Found : user_pref("CT3192727.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT3192727.InstallationId", "ConduitNSISIntegration"); Found : user_pref("CT3192727.InstallationType", "ConduitNSISIntegration"); Found : user_pref("CT3192727.InstalledDate", "Tue May 15 2012 13:57:03 GMT+0200"); Found : user_pref("CT3192727.IsAlertDBUpdated", true); Found : user_pref("CT3192727.IsGrouping", false); Found : user_pref("CT3192727.IsInitSetupIni", true); Found : user_pref("CT3192727.IsMulticommunity", false); Found : user_pref("CT3192727.IsOpenThankYouPage", false); Found : user_pref("CT3192727.IsOpenUninstallPage", false); Found : user_pref("CT3192727.IsProtectorsInit", true); Found : user_pref("CT3192727.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:08:01 GMT+0200"); Found : user_pref("CT3192727.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT3192727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT3192727.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:24 GMT+0200"); Found : user_pref("CT3192727.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:31:38 GMT+0200"); Found : user_pref("CT3192727.LastLogin_3.14.1.0", "Thu Aug 02 2012 22:07:08 GMT+0200"); Found : user_pref("CT3192727.LatestVersion", "3.14.1.0"); Found : user_pref("CT3192727.Locale", "de"); Found : user_pref("CT3192727.MCDetectTooltipHeight", "83"); Found : user_pref("CT3192727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT3192727.MCDetectTooltipWidth", "295"); Found : user_pref("CT3192727.MyStuffEnabledAtInstallation", true); Found : user_pref("CT3192727.OriginalFirstVersion", "3.12.2.3"); Found : user_pref("CT3192727.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13"); Found : user_pref("CT3192727.SearchCaption", "WinZipBar_DE Customized Web Search"); Found : user_pref("CT3192727.SearchEngineBeforeUnload", "WinZipBar_DE Customized Web Search"); Found : user_pref("CT3192727.SearchFromAddressBarIsInit", true); Found : user_pref("CT3192727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...] Found : user_pref("CT3192727.SearchInNewTabEnabled", true); Found : user_pref("CT3192727.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT3192727.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200"); Found : user_pref("CT3192727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT3192727.SearchProtectorEnabled", true); Found : user_pref("CT3192727.SearchProtectorToolbarDisabled", false); Found : user_pref("CT3192727.SendProtectorDataViaLogin", true); Found : user_pref("CT3192727.ServiceMapLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200"); Found : user_pref("CT3192727.SettingsLastCheckTime", "Thu Aug 02 2012 21:04:18 GMT+0200"); Found : user_pref("CT3192727.SettingsLastUpdate", "1342354864"); Found : user_pref("CT3192727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=13"); Found : user_pref("CT3192727.ThirdPartyComponentsInterval", 504); Found : user_pref("CT3192727.ThirdPartyComponentsLastCheck", "Tue May 15 2012 13:57:02 GMT+0200"); Found : user_pref("CT3192727.ThirdPartyComponentsLastUpdate", "1331806000"); Found : user_pref("CT3192727.ToolbarShrinkedFromSetup", false); Found : user_pref("CT3192727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3192727"); Found : user_pref("CT3192727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT3192727.UserID", "UN10847091490668015"); Found : user_pref("CT3192727.alertChannelId", "1606848"); Found : user_pref("CT3192727.autoDisableScopes", 0); Found : user_pref("CT3192727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT3192727.globalFirstTimeInfoLastCheckTime", "Tue May 15 2012 13:57:06 GMT+0200"); Found : user_pref("CT3192727.homepageProtectorEnableByLogin", true); Found : user_pref("CT3192727.initDone", true); Found : user_pref("CT3192727.isAppTrackingManagerOn", true); Found : user_pref("CT3192727.myStuffEnabled", true); Found : user_pref("CT3192727.myStuffPublihserMinWidth", 400); Found : user_pref("CT3192727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT3192727.myStuffServiceIntervalMM", 1440); Found : user_pref("CT3192727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT3192727.navigateToUrlOnSearch", false); Found : user_pref("CT3192727.revertSettingsEnabled", true); Found : user_pref("CT3192727.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT3192727.searchProtectorEnableByLogin", true); Found : user_pref("CT3192727.testingCtid", ""); Found : user_pref("CT3192727.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:59 GMT+0200"); Found : user_pref("CT3192727.toolbarContextMenuLastCheckTime", "Tue May 15 2012 13:57:06 GMT+0200"); Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801937&Search[...] Found : user_pref("CommunityToolbar.ConduitSearchList", "NCH DE Customized Web Search,WinZipBar_DE Customize[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801937/CT2801937[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2856415/CT2856415[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3192727/CT3192727[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2724407/CT2724386[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116652/1112356/DE", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194019/1189696/DE", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1248439/1244112/DE", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801937", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2856415", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3192727", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724407", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801937",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2856415",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3192727",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2724386/CT2724386[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2856415/CT2856415[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2724407/CT2724386[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...] Found : user_pref("CommunityToolbar.EngineHiddenByUser", false); Found : user_pref("CommunityToolbar.EngineOwner", ""); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1"); Found : user_pref("CommunityToolbar.IsEngineShown", false); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\heiko&sabine\\AppData\\Roaming\\Moz[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3"); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2856415"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/?loc=ff_a[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2856415,CT2724386,CT2438727,CT2801937,CT3192727"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2856415,CT2724386,CT2438727,CT2801937,CT3192727"); Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2438727,CT2801937,CT3192727"); Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 14 2011 09:10:48 GMT+02[...] Found : user_pref("CommunityToolbar.alert.alertEnabled", true); Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 14 2011 21:37:29 GMT+0200"); Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 26 2011 19:49:33 GMT+0200"); Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "c368d400-187b-469d-93b1-41b10686de52"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100"); Found : user_pref("CommunityToolbar.globalUserId", "595a5e57-69f6-4487-80d2-bf98f765e757"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3192727"); Found : user_pref("CommunityToolbar.killedEngine", true); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 15 2012 13:57:0[...] Found : user_pref("CommunityToolbar.notifications.alertEnabled", true); Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue May 15 2012 13:57:09 GMT+020[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 15 2012 13:57:01 GMT+0200"); Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "dbb9b87c-b8b0-4af5-9cde-657df270fb67"); Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.incredimail.com"); Found : user_pref("CommunityToolbar.originalSearchEngine", "Google"); Found : user_pref("CommunityToolbar.undefined", ""); Found : user_pref("extensions.Softonic.admin", false); Found : user_pref("extensions.Softonic.aflt", "orgnl"); Found : user_pref("extensions.Softonic.autoRvrt", "false"); Found : user_pref("extensions.Softonic.dfltLng", ""); Found : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)"); Found : user_pref("extensions.Softonic.dspOld", "Google"); Found : user_pref("extensions.Softonic.excTlbr", false); Found : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc[...] Found : user_pref("extensions.Softonic.hpOld", "hxxp://mystart.incredimail.com?a=1ex6s2xHUou"); Found : user_pref("extensions.Softonic.id", "a08e748300000000000000242ba0c3ef"); Found : user_pref("extensions.Softonic.instlDay", "15467"); Found : user_pref("extensions.Softonic.instlRef", "MON00001"); Found : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=[...] Found : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...] Found : user_pref("extensions.Softonic.prdct", "Softonic"); Found : user_pref("extensions.Softonic.prtnrId", "softonic"); Found : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...] Found : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Found : user_pref("extensions.Softonic.tlbrId", "base"); Found : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...] Found : user_pref("extensions.Softonic.vrsn", "1.5.21.0"); Found : user_pref("extensions.Softonic.vrsni", "1.5.21.0"); Found : user_pref("extensions.Softonic_i.dfltSrch", true); Found : user_pref("extensions.Softonic_i.dnsErr", true); Found : user_pref("extensions.Softonic_i.hmpg", true); Found : user_pref("extensions.Softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...] Found : user_pref("extensions.Softonic_i.newTab", false); Found : user_pref("extensions.Softonic_i.smplGrp", "none"); Found : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.018:18:49"); Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...] Found : user_pref("extensions.enabledAddons", "toolbar-ff@payback.de:1.1.9.99,adapter@babylontc.com:1.0.0.1,[...] Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q=[...] -\\ Google Chrome v21.0.1180.60 File : C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "name" : "Search Results", Found : "search_url" : "hxxp://dts.search-results.com/sr?src=crb&appid=703&systemid=2&sr=0&q={search[...] -\\ Opera v [Unable to get version] File : C:\Users\heiko&sabine\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [59516 octets] - [31/07/2012 22:11:34] AdwCleaner[R2].txt - [61802 octets] - [02/08/2012 23:49:59] ########## EOF - C:\AdwCleaner[R2].txt - [61931 octets] ########## |
|
03.08.2012, 13:02
| #13 |
| /// Helfer-Team | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
03.08.2012, 16:46
| #14 |
| | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) # AdwCleaner v1.800 - Logfile created 08/03/2012 at 15:06:48 # Updated 01/08/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # User : heiko&sabine - HEIKO_SABINE-PC # Running from : C:\Users\heiko&sabine\Downloads\adwcleaner(1).exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\heiko&sabine\AppData\Local\APN Folder Deleted : C:\Users\heiko&sabine\AppData\Local\AskToolbar Folder Deleted : C:\Users\heiko&sabine\AppData\Local\Conduit Folder Deleted : C:\Users\heiko&sabine\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\heiko&sabine\AppData\LocalLow\Conduit Folder Deleted : C:\Users\heiko&sabine\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\heiko&sabine\AppData\LocalLow\IncrediMail_MediaBar_2 Folder Deleted : C:\Users\heiko&sabine\AppData\LocalLow\WinZipBar_DE Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\pdfforge Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\Conduit Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\ConduitCommon Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2438727 Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2724386 Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2801937 Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2856415 Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT3192727 Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9} Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6} Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac} Folder Deleted : C:\Program Files\Ask.com Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\ConduitEngine Folder Deleted : C:\Program Files\IncrediMail_MediaBar_2 Folder Deleted : C:\Program Files\WinZipBar_DE Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} File Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\softonic.xml File Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\adapter@babylontc.com.xpi File Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\ocr@babylon.com.xpi File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3192727 Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AskToolbar Key Deleted : HKCU\Software\Babylon Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\APN Key Deleted : HKLM\SOFTWARE\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\conduitEngine Key Deleted : HKLM\SOFTWARE\IncrediMail_MediaBar_2 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_2 Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar_DE Toolbar Key Deleted : HKLM\SOFTWARE\WinZipBar_DE ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E3A5BBD0-B829-4D68-AF58-F66E67F959C6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B02C310B-C22D-4A43-B68B-46DD7A501B87} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EDF5505-E849-4219-8771-A8BCD4AD0698} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1CD5CAC-70BB-4CE8-A9C6-E25B2C5EA9D2} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6200AE96-C98B-42EB-ADB8-F1AD68AA4EDB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E3A5BBD0-B829-4D68-AF58-F66E67F959C6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\prefs.js C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\user.js ... Deleted ! Deleted : user_pref("CT2438727..clientLogIsEnabled", false); Deleted : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2438727.BrowserCompStateIsOpen_1000515", true); Deleted : user_pref("CT2438727.CT2438727", "CT2438727"); Deleted : user_pref("CT2438727.CurrentServerDate", "3-8-2012"); Deleted : user_pref("CT2438727.DSInstall", false); Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2438727.DialogsGetterLastCheckTime", "Thu Aug 02 2012 21:21:54 GMT+0200"); Deleted : user_pref("CT2438727.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...] Deleted : user_pref("CT2438727.FirstServerDate", "14-1-2012"); Deleted : user_pref("CT2438727.FirstTime", true); Deleted : user_pref("CT2438727.FirstTimeFF3", true); Deleted : user_pref("CT2438727.FixPageNotFoundErrors", true); Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2438727.HPInstall", false); Deleted : user_pref("CT2438727.HasUserGlobalKeys", true); Deleted : user_pref("CT2438727.HomePageProtectorEnabled", false); Deleted : user_pref("CT2438727.HomepageBeforeUnload", "hxxp://mystart.incredimail.com"); Deleted : user_pref("CT2438727.Initialize", true); Deleted : user_pref("CT2438727.InitializeCommonPrefs", true); Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2438727.InstallationType", "DirectDownload"); Deleted : user_pref("CT2438727.InstalledDate", "Sat Jan 14 2012 15:47:25 GMT+0100"); Deleted : user_pref("CT2438727.IsAlertDBUpdated", true); Deleted : user_pref("CT2438727.IsGrouping", false); Deleted : user_pref("CT2438727.IsInitSetupIni", true); Deleted : user_pref("CT2438727.IsMulticommunity", false); Deleted : user_pref("CT2438727.IsOpenThankYouPage", true); Deleted : user_pref("CT2438727.IsOpenUninstallPage", true); Deleted : user_pref("CT2438727.IsProtectorsInit", true); Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:07:53 GMT+0200"); Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2438727.LastLogin_3.12.0.7", "Wed Apr 25 2012 08:39:51 GMT+0200"); Deleted : user_pref("CT2438727.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:19 GMT+0200"); Deleted : user_pref("CT2438727.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:31:33 GMT+0200"); Deleted : user_pref("CT2438727.LastLogin_3.14.1.0", "Fri Aug 03 2012 08:24:30 GMT+0200"); Deleted : user_pref("CT2438727.LastLogin_3.9.0.3", "Sun Jan 15 2012 18:11:46 GMT+0100"); Deleted : user_pref("CT2438727.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT2438727.Locale", "en"); Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2438727.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2438727.OriginalFirstVersion", "3.9.0.3"); Deleted : user_pref("CT2438727.SearchCaption", "Zynga Customized Web Search"); Deleted : user_pref("CT2438727.SearchEngineBeforeUnload", "Google"); Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...] Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true); Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:50 GMT+0200"); Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2438727.SearchProtectorEnabled", false); Deleted : user_pref("CT2438727.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2438727.SendProtectorDataViaLogin", true); Deleted : user_pref("CT2438727.ServiceMapLastCheckTime", "Thu Aug 02 2012 23:07:51 GMT+0200"); Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Fri Aug 03 2012 08:24:29 GMT+0200"); Deleted : user_pref("CT2438727.SettingsLastUpdate", "1342352416"); Deleted : user_pref("CT2438727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2438727&SearchSource=13"); Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Jan 14 2012 15:47:23 GMT+0100"); Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1312887586"); Deleted : user_pref("CT2438727.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727"); Deleted : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2438727.UserID", "UN69442096685130660"); Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2); Deleted : user_pref("CT2438727.alertChannelId", "832836"); Deleted : user_pref("CT2438727.backendstorage.currentgame", "63697479"); Deleted : user_pref("CT2438727.backendstorage.facebook_mode", "32"); Deleted : user_pref("CT2438727.backendstorage.facebook_user_locale", "6465"); Deleted : user_pref("CT2438727.components.1000515", true); Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Sun Jan 15 2012 18:11:46 GMT+0100"); Deleted : user_pref("CT2438727.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2438727.initDone", true); Deleted : user_pref("CT2438727.isAppTrackingManagerOn", true); Deleted : user_pref("CT2438727.myStuffEnabled", true); Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,111,129509324767711885,129[...] Deleted : user_pref("CT2438727.revertSettingsEnabled", true); Deleted : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2438727.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2438727.testingCtid", ""); Deleted : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:51 GMT+0200"); Deleted : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Sat Jan 14 2012 15:47:35 GMT+0100"); Deleted : user_pref("CT2438727.usagesFlag", 2); Deleted : user_pref("CT2724386..clientLogIsEnabled", false); Deleted : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2724386.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129626311033612748", true); Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129723003199914047", true); Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129847484448267081", true); Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129851872283658385", true); Deleted : user_pref("CT2724386.CTID", "ct2724407"); Deleted : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Fri Apr 27 2012 23:18:04 GMT+0200"); Deleted : user_pref("CT2724386.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...] Deleted : user_pref("CT2724386.CommunityChanged", true); Deleted : user_pref("CT2724386.CurrentServerDate", "3-8-2012"); Deleted : user_pref("CT2724386.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2724386.DialogsGetterLastCheckTime", "Thu Aug 02 2012 21:21:56 GMT+0200"); Deleted : user_pref("CT2724386.DownloadDomainsListLastCheckTime", "Fri Apr 27 2012 23:18:04 GMT+0200"); Deleted : user_pref("CT2724386.DownloadReferralCookieData", ""); Deleted : user_pref("CT2724386.FirstServerDate", "5-2-2011"); Deleted : user_pref("CT2724386.FirstTime", true); Deleted : user_pref("CT2724386.FirstTimeFF3", true); Deleted : user_pref("CT2724386.FixPageNotFoundErrors", true); Deleted : user_pref("CT2724386.GroupingLastCheckTime", "Fri Apr 27 2012 22:55:19 GMT+0200"); Deleted : user_pref("CT2724386.GroupingLastErrorCode", ""); Deleted : user_pref("CT2724386.GroupingLastResponse", false); Deleted : user_pref("CT2724386.GroupingLastServerUpdateTime", "129404259370830000"); Deleted : user_pref("CT2724386.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2724386.HasUserGlobalKeys", true); Deleted : user_pref("CT2724386.Initialize", true); Deleted : user_pref("CT2724386.InitializeCommonPrefs", true); Deleted : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe"); Deleted : user_pref("CT2724386.InstallationType", "ConduitIntegration"); Deleted : user_pref("CT2724386.InstalledDate", "Sat Feb 05 2011 09:46:53 GMT+0100"); Deleted : user_pref("CT2724386.IsGrouping", false); Deleted : user_pref("CT2724386.IsMulticommunity", false); Deleted : user_pref("CT2724386.IsOpenThankYouPage", false); Deleted : user_pref("CT2724386.IsOpenUninstallPage", true); Deleted : user_pref("CT2724386.LanguagePackLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100"); Deleted : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2724386.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:21 GMT+0200"); Deleted : user_pref("CT2724386.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:31:38 GMT+0200"); Deleted : user_pref("CT2724386.LastLogin_3.14.1.0", "Fri Aug 03 2012 08:24:37 GMT+0200"); Deleted : user_pref("CT2724386.LastLogin_3.3.0.19", "Sat Feb 05 2011 13:46:53 GMT+0100"); Deleted : user_pref("CT2724386.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT2724386.Locale", "en"); Deleted : user_pref("CT2724386.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2724386.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2724386.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2724386.RadioIsPodcast", false); Deleted : user_pref("CT2724386.RadioMediaID", "21080119"); Deleted : user_pref("CT2724386.RadioMediaType", "Media Player"); Deleted : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080119"); Deleted : user_pref("CT2724386.RadioStationName", "Royal-Radio%20"); Deleted : user_pref("CT2724386.RadioStationURL", ""); Deleted : user_pref("CT2724386.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Deleted : user_pref("CT2724386.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...] Deleted : user_pref("CT2724386.SearchInNewTabEnabled", true); Deleted : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100"); Deleted : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2724386.ServiceMapLastCheckTime", "Fri Aug 03 2012 08:24:31 GMT+0200"); Deleted : user_pref("CT2724386.SettingsLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100"); Deleted : user_pref("CT2724386.SettingsLastUpdate", "1295945137"); Deleted : user_pref("CT2724386.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Sat Feb 05 2011 09:46:53 GMT+0100"); Deleted : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246790578"); Deleted : user_pref("CT2724386.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724386"); Deleted : user_pref("CT2724386.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2724386.UserID", "UN42851976944475634"); Deleted : user_pref("CT2724386.WeatherNetwork", ""); Deleted : user_pref("CT2724386.WeatherPollDate", "Sat Feb 05 2011 10:16:56 GMT+0100"); Deleted : user_pref("CT2724386.WeatherUnit", "C"); Deleted : user_pref("CT2724386.alertChannelId", "1116652"); Deleted : user_pref("CT2724386.ct2724407.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2724386.ct2724407.GroupingInvalidateCache", false); Deleted : user_pref("CT2724386.ct2724407.GroupingLastCheckTime", "Fri Apr 27 2012 22:55:19 GMT+0200"); Deleted : user_pref("CT2724386.ct2724407.GroupingLastErrorCode", ""); Deleted : user_pref("CT2724386.ct2724407.GroupingLastResponse", false); Deleted : user_pref("CT2724386.ct2724407.GroupingLastServerUpdateTime", "129403703522470000"); Deleted : user_pref("CT2724386.ct2724407.InvalidateCache", false); Deleted : user_pref("CT2724386.ct2724407.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:07:59 GMT+0200"); Deleted : user_pref("CT2724386.ct2724407.Locale", "de"); Deleted : user_pref("CT2724386.ct2724407.RadioLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100"); Deleted : user_pref("CT2724386.ct2724407.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2724386.ct2724407.RadioLastUpdateServer", "129249047784100000"); Deleted : user_pref("CT2724386.ct2724407.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...] Deleted : user_pref("CT2724386.ct2724407.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200"); Deleted : user_pref("CT2724386.ct2724407.SettingsLastCheckTime", "Fri Aug 03 2012 08:24:32 GMT+0200"); Deleted : user_pref("CT2724386.ct2724407.SettingsLastUpdate", "1340713641"); Deleted : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastCheck", "Sat Feb 05 2011 09:46:53 GMT+0100"); Deleted : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastUpdate", "1255348257"); Deleted : user_pref("CT2724386.ct2724407.globalFirstTimeInfoLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100[...] Deleted : user_pref("CT2724386.ct2724407.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:58 GMT+0200"[...] Deleted : user_pref("CT2724386.ct2724407.toolbarContextMenuLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100"[...] Deleted : user_pref("CT2724386.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2724386.globalFirstTimeInfoLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100"); Deleted : user_pref("CT2724386.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2724386.initDone", true); Deleted : user_pref("CT2724386.isAppTrackingManagerOn", false); Deleted : user_pref("CT2724386.myStuffEnabled", true); Deleted : user_pref("CT2724386.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2724386.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2724386.revertSettingsEnabled", false); Deleted : user_pref("CT2724386.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2724386.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2724386.testingCtid", ""); Deleted : user_pref("CT2724386.toolbarAppMetaDataLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100"); Deleted : user_pref("CT2724386.toolbarContextMenuLastCheckTime", "Sat Feb 05 2011 09:46:56 GMT+0100"); Deleted : user_pref("CT2724386.usagesFlag", 2); Deleted : user_pref("CT2801937..clientLogIsEnabled", false); Deleted : user_pref("CT2801937..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2801937..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2801937.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2801937.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2801937.AppTrackingLastCheckTime", "Mon May 07 2012 22:14:07 GMT+0200"); Deleted : user_pref("CT2801937.BrowserCompStateIsOpen_129799487489787934", true); Deleted : user_pref("CT2801937.BrowserCompStateIsOpen_129800116201456332", true); Deleted : user_pref("CT2801937.CTID", "CT2801937"); Deleted : user_pref("CT2801937.CurrentServerDate", "3-8-2012"); Deleted : user_pref("CT2801937.DSInstall", true); Deleted : user_pref("CT2801937.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2801937.DialogsGetterLastCheckTime", "Wed Aug 01 2012 16:09:50 GMT+0200"); Deleted : user_pref("CT2801937.DownloadReferralCookieData", ""); Deleted : user_pref("CT2801937.EMailNotifierPollDate", "Tue May 15 2012 13:57:01 GMT+0200"); Deleted : user_pref("CT2801937.EnableClickToSearchBox", false); Deleted : user_pref("CT2801937.EnableSearchHistory", false); Deleted : user_pref("CT2801937.EnableSearchSuggest", false); Deleted : user_pref("CT2801937.FirstServerDate", "7-5-2012"); Deleted : user_pref("CT2801937.FirstTime", true); Deleted : user_pref("CT2801937.FirstTimeFF3", true); Deleted : user_pref("CT2801937.FirstTimeHiddenVer", true); Deleted : user_pref("CT2801937.FixPageNotFoundErrors", false); Deleted : user_pref("CT2801937.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2801937.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2801937.HPChangedManually", true); Deleted : user_pref("CT2801937.HPInstall", true); Deleted : user_pref("CT2801937.HasUserGlobalKeys", true); Deleted : user_pref("CT2801937.HomePageProtectorEnabled", false); Deleted : user_pref("CT2801937.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=[...] Deleted : user_pref("CT2801937.Initialize", true); Deleted : user_pref("CT2801937.InitializeCommonPrefs", true); Deleted : user_pref("CT2801937.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2801937.InstallationId", "ConduitInstaller.exe"); Deleted : user_pref("CT2801937.InstallationType", "ConduitNSISIntegration"); Deleted : user_pref("CT2801937.InstalledDate", "Mon May 07 2012 18:53:18 GMT+0200"); Deleted : user_pref("CT2801937.InvalidateCache", false); Deleted : user_pref("CT2801937.IsAlertDBUpdated", true); Deleted : user_pref("CT2801937.IsGrouping", false); Deleted : user_pref("CT2801937.IsInitSetupIni", true); Deleted : user_pref("CT2801937.IsMulticommunity", false); Deleted : user_pref("CT2801937.IsOpenThankYouPage", false); Deleted : user_pref("CT2801937.IsOpenUninstallPage", true); Deleted : user_pref("CT2801937.IsProtectorsInit", true); Deleted : user_pref("CT2801937.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200"); Deleted : user_pref("CT2801937.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2801937.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2801937.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:22 GMT+0200"); Deleted : user_pref("CT2801937.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:24:35 GMT+0200"); Deleted : user_pref("CT2801937.LastLogin_3.14.1.0", "Fri Aug 03 2012 08:24:31 GMT+0200"); Deleted : user_pref("CT2801937.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT2801937.Locale", "de"); Deleted : user_pref("CT2801937.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2801937.MCDetectTooltipShow", false); Deleted : user_pref("CT2801937.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2801937.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2801937.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2801937.OriginalFirstVersion", "3.12.2.3"); Deleted : user_pref("CT2801937.RadioIsPodcast", false); Deleted : user_pref("CT2801937.RadioLastCheckTime", "Tue May 15 2012 13:57:01 GMT+0200"); Deleted : user_pref("CT2801937.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2801937.RadioLastUpdateServer", "129800256255330000"); Deleted : user_pref("CT2801937.RadioMediaID", "21560175"); Deleted : user_pref("CT2801937.RadioMediaType", "Media Player"); Deleted : user_pref("CT2801937.RadioMenuSelectedID", "EBRadioMenu_CT280193721560175"); Deleted : user_pref("CT2801937.RadioShrinkedFromSetup", false); Deleted : user_pref("CT2801937.RadioStationName", "GermanyFM%20Info"); Deleted : user_pref("CT2801937.RadioStationURL", "hxxp://www.1000mikes.com/audio/1000mikes.m3u?channelId=6680"[...] Deleted : user_pref("CT2801937.SavedHomepage", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc="[...] Deleted : user_pref("CT2801937.SearchBackToDefaultEngine", false); Deleted : user_pref("CT2801937.SearchCaption", "NCH DE Customized Web Search"); Deleted : user_pref("CT2801937.SearchEngineBeforeUnload", "WinZipBar_DE Customized Web Search"); Deleted : user_pref("CT2801937.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2801937.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...] Deleted : user_pref("CT2801937.SearchInNewTabEnabled", true); Deleted : user_pref("CT2801937.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2801937.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:52 GMT+0200"); Deleted : user_pref("CT2801937.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2801937.SearchInNewTabUserEnabled", false); Deleted : user_pref("CT2801937.SearchProtectorEnabled", false); Deleted : user_pref("CT2801937.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2801937.SendProtectorDataViaLogin", true); Deleted : user_pref("CT2801937.ServiceMapLastCheckTime", "Thu Aug 02 2012 23:07:52 GMT+0200"); Deleted : user_pref("CT2801937.SettingsLastCheckTime", "Fri Aug 03 2012 08:24:30 GMT+0200"); Deleted : user_pref("CT2801937.SettingsLastUpdate", "1343176950"); Deleted : user_pref("CT2801937.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13"); Deleted : user_pref("CT2801937.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2801937.ThirdPartyComponentsLastCheck", "Mon May 07 2012 18:53:16 GMT+0200"); Deleted : user_pref("CT2801937.ThirdPartyComponentsLastUpdate", "1331806000"); Deleted : user_pref("CT2801937.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2801937.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801937"); Deleted : user_pref("CT2801937.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2801937.UserID", "UN88242712545417888"); Deleted : user_pref("CT2801937.WeatherNetwork", ""); Deleted : user_pref("CT2801937.WeatherPollDate", "Tue May 15 2012 13:57:03 GMT+0200"); Deleted : user_pref("CT2801937.WeatherUnit", "C"); Deleted : user_pref("CT2801937.alertChannelId", "1194019"); Deleted : user_pref("CT2801937.approveUntrustedApps", false); Deleted : user_pref("CT2801937.autoDisableScopes", 0); Deleted : user_pref("CT2801937.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365"); Deleted : user_pref("CT2801937.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365"); Deleted : user_pref("CT2801937.backendstorage.xing_app_marketplace_app_lang", "656E"); Deleted : user_pref("CT2801937.backendstorage.xing_app_marketplace_gadget_height_normal", "353639"); Deleted : user_pref("CT2801937.backendstorage.xing_app_marketplace_gadget_height_short", "343135"); Deleted : user_pref("CT2801937.backendstorage.xing_app_marketplace_gadget_width", "333533"); Deleted : user_pref("CT2801937.components.1000034", false); Deleted : user_pref("CT2801937.components.1000080", false); Deleted : user_pref("CT2801937.components.1000082", false); Deleted : user_pref("CT2801937.components.1000234", false); Deleted : user_pref("CT2801937.components.129306877459819678", false); Deleted : user_pref("CT2801937.components.129306877459975929", false); Deleted : user_pref("CT2801937.components.129306877468568933", false); Deleted : user_pref("CT2801937.components.129799474422717075", false); Deleted : user_pref("CT2801937.components.129799482871194470", false); Deleted : user_pref("CT2801937.components.129799483853381569", false); Deleted : user_pref("CT2801937.components.129799487489787934", false); Deleted : user_pref("CT2801937.components.129799494588344200", false); Deleted : user_pref("CT2801937.components.129800116201456332", false); Deleted : user_pref("CT2801937.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2801937.globalFirstTimeInfoLastCheckTime", "Mon May 07 2012 18:53:19 GMT+0200"); Deleted : user_pref("CT2801937.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2801937.initDone", true); Deleted : user_pref("CT2801937.isAppTrackingManagerOn", true); Deleted : user_pref("CT2801937.isFirstRadioInstallation", false); Deleted : user_pref("CT2801937.isSearchProtectorNotifyChanges", false); Deleted : user_pref("CT2801937.myStuffEnabled", true); Deleted : user_pref("CT2801937.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2801937.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2801937.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2801937.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2801937.navigateToUrlOnSearch", false); Deleted : user_pref("CT2801937.revertSettingsEnabled", true); Deleted : user_pref("CT2801937.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2801937.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2801937.testingCtid", ""); Deleted : user_pref("CT2801937.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:53 GMT+0200"); Deleted : user_pref("CT2801937.toolbarContextMenuLastCheckTime", "Mon May 07 2012 18:53:21 GMT+0200"); Deleted : user_pref("CT2801937.usageEnabled", false); Deleted : user_pref("CT2801937.usagesFlag", 2); Deleted : user_pref("CT2856415..clientLogIsEnabled", false); Deleted : user_pref("CT2856415..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2856415..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2856415.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2856415.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2856415.BrowserCompStateIsOpen_129502651137682069", true); Deleted : user_pref("CT2856415.BrowserCompStateIsOpen_129560745131733767", true); Deleted : user_pref("CT2856415.BrowserCompStateIsOpen_129683315081957463", true); Deleted : user_pref("CT2856415.CT2856415", "CT2856415"); Deleted : user_pref("CT2856415.CurrentServerDate", "21-7-2012"); Deleted : user_pref("CT2856415.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2856415.DialogsGetterLastCheckTime", "Fri Jul 20 2012 08:45:28 GMT+0200"); Deleted : user_pref("CT2856415.DownloadReferralCookieData", ""); Deleted : user_pref("CT2856415.FirstServerDate", "8-1-2011"); Deleted : user_pref("CT2856415.FirstTime", true); Deleted : user_pref("CT2856415.FirstTimeFF3", true); Deleted : user_pref("CT2856415.FixPageNotFoundErrors", false); Deleted : user_pref("CT2856415.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2856415.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2856415.HasUserGlobalKeys", true); Deleted : user_pref("CT2856415.Initialize", true); Deleted : user_pref("CT2856415.InitializeCommonPrefs", true); Deleted : user_pref("CT2856415.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2856415.InstallationType", "Unknown"); Deleted : user_pref("CT2856415.InstalledDate", "Sat Jan 08 2011 10:42:24 GMT+0100"); Deleted : user_pref("CT2856415.IsGrouping", false); Deleted : user_pref("CT2856415.IsMulticommunity", false); Deleted : user_pref("CT2856415.IsOpenThankYouPage", true); Deleted : user_pref("CT2856415.IsOpenUninstallPage", true); Deleted : user_pref("CT2856415.LanguagePackLastCheckTime", "Fri Jul 20 2012 08:45:25 GMT+0200"); Deleted : user_pref("CT2856415.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2856415.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2856415.LastLogin_3.12.0.7", "Wed Apr 25 2012 08:39:48 GMT+0200"); Deleted : user_pref("CT2856415.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:16 GMT+0200"); Deleted : user_pref("CT2856415.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:24:35 GMT+0200"); Deleted : user_pref("CT2856415.LastLogin_3.14.1.0", "Sat Jul 21 2012 00:45:29 GMT+0200"); Deleted : user_pref("CT2856415.LastLogin_3.3.0.19", "Sat Jan 08 2011 10:42:24 GMT+0100"); Deleted : user_pref("CT2856415.LatestVersion", "3.13.0.6"); Deleted : user_pref("CT2856415.Locale", "en"); Deleted : user_pref("CT2856415.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2856415.MCDetectTooltipShow", false); Deleted : user_pref("CT2856415.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2856415.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2856415.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2856415.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT2856415.SavedHomepage", "hxxp://mystart.incredimail.com/"); Deleted : user_pref("CT2856415.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2856415.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...] Deleted : user_pref("CT2856415.SearchInNewTabEnabled", true); Deleted : user_pref("CT2856415.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2856415.SearchInNewTabLastCheckTime", "Fri Jul 20 2012 08:45:26 GMT+0200"); Deleted : user_pref("CT2856415.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2856415.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2856415.SearchProtectorToolbarDisabled", true); Deleted : user_pref("CT2856415.ServiceMapLastCheckTime", "Fri Jul 20 2012 08:45:25 GMT+0200"); Deleted : user_pref("CT2856415.SettingsLastCheckTime", "Fri Jul 20 2012 22:09:58 GMT+0200"); Deleted : user_pref("CT2856415.SettingsLastUpdate", "1341830141"); Deleted : user_pref("CT2856415.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2856415.ThirdPartyComponentsLastCheck", "Sat Jan 08 2011 10:42:22 GMT+0100"); Deleted : user_pref("CT2856415.ThirdPartyComponentsLastUpdate", "1246790578"); Deleted : user_pref("CT2856415.ToolbarDisabled", false); Deleted : user_pref("CT2856415.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2856415"); Deleted : user_pref("CT2856415.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2856415.UserID", "UN90125898018839251"); Deleted : user_pref("CT2856415.ValidationData_Toolbar", 2); Deleted : user_pref("CT2856415.alertChannelId", "1248439"); Deleted : user_pref("CT2856415.approveUntrustedApps", true); Deleted : user_pref("CT2856415.backendstorage.cbfirsttime", "547565204A756E20313220323031322030383A35313A33372[...] Deleted : user_pref("CT2856415.backendstorage.sf_just_installed", "46414C5345"); Deleted : user_pref("CT2856415.backendstorage.sf_status", "454E41424C4544"); Deleted : user_pref("CT2856415.backendstorage.sf_user_id", "6369645F31323632303132383531333833323830353238"); Deleted : user_pref("CT2856415.backendstorage.shoppingapp.gk.exipres", "546875204A756E20323820323031322031303A[...] Deleted : user_pref("CT2856415.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79"); Deleted : user_pref("CT2856415.components.1000080", false); Deleted : user_pref("CT2856415.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2856415.globalFirstTimeInfoLastCheckTime", "Sat Jan 08 2011 10:42:24 GMT+0100"); Deleted : user_pref("CT2856415.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2856415.initDone", true); Deleted : user_pref("CT2856415.isAppTrackingManagerOn", false); Deleted : user_pref("CT2856415.myStuffEnabled", true); Deleted : user_pref("CT2856415.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2856415.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2856415.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2856415.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2856415.revertSettingsEnabled", true); Deleted : user_pref("CT2856415.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2856415.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2856415.testingCtid", ""); Deleted : user_pref("CT2856415.toolbarAppMetaDataLastCheckTime", "Fri Jul 20 2012 08:45:28 GMT+0200"); Deleted : user_pref("CT2856415.toolbarContextMenuLastCheckTime", "Sat Jan 08 2011 10:42:24 GMT+0100"); Deleted : user_pref("CT2856415.usagesFlag", 2); Deleted : user_pref("CT3192727..clientLogIsEnabled", false); Deleted : user_pref("CT3192727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3192727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3192727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT3192727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3192727.CTID", "CT3192727"); Deleted : user_pref("CT3192727.CurrentServerDate", "3-8-2012"); Deleted : user_pref("CT3192727.DSInstall", true); Deleted : user_pref("CT3192727.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3192727.DialogsGetterLastCheckTime", "Wed Aug 01 2012 16:09:53 GMT+0200"); Deleted : user_pref("CT3192727.DownloadReferralCookieData", ""); Deleted : user_pref("CT3192727.EMailNotifierPollDate", "Tue May 15 2012 17:14:20 GMT+0200"); Deleted : user_pref("CT3192727.FirstServerDate", "15-5-2012"); Deleted : user_pref("CT3192727.FirstTime", true); Deleted : user_pref("CT3192727.FirstTimeFF3", true); Deleted : user_pref("CT3192727.FirstTimeHiddenVer", true); Deleted : user_pref("CT3192727.FixPageNotFoundErrors", true); Deleted : user_pref("CT3192727.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3192727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3192727.HPInstall", true); Deleted : user_pref("CT3192727.HasUserGlobalKeys", true); Deleted : user_pref("CT3192727.HomePageProtectorEnabled", true); Deleted : user_pref("CT3192727.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=[...] Deleted : user_pref("CT3192727.Initialize", true); Deleted : user_pref("CT3192727.InitializeCommonPrefs", true); Deleted : user_pref("CT3192727.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3192727.InstallationId", "ConduitNSISIntegration"); Deleted : user_pref("CT3192727.InstallationType", "ConduitNSISIntegration"); Deleted : user_pref("CT3192727.InstalledDate", "Tue May 15 2012 13:57:03 GMT+0200"); Deleted : user_pref("CT3192727.IsAlertDBUpdated", true); Deleted : user_pref("CT3192727.IsGrouping", false); Deleted : user_pref("CT3192727.IsInitSetupIni", true); Deleted : user_pref("CT3192727.IsMulticommunity", false); Deleted : user_pref("CT3192727.IsOpenThankYouPage", false); Deleted : user_pref("CT3192727.IsOpenUninstallPage", false); Deleted : user_pref("CT3192727.IsProtectorsInit", true); Deleted : user_pref("CT3192727.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:08:01 GMT+0200"); Deleted : user_pref("CT3192727.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3192727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3192727.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:24 GMT+0200"); Deleted : user_pref("CT3192727.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:31:38 GMT+0200"); Deleted : user_pref("CT3192727.LastLogin_3.14.1.0", "Fri Aug 03 2012 08:24:37 GMT+0200"); Deleted : user_pref("CT3192727.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT3192727.Locale", "de"); Deleted : user_pref("CT3192727.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3192727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3192727.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3192727.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT3192727.OriginalFirstVersion", "3.12.2.3"); Deleted : user_pref("CT3192727.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13"); Deleted : user_pref("CT3192727.SearchCaption", "WinZipBar_DE Customized Web Search"); Deleted : user_pref("CT3192727.SearchEngineBeforeUnload", "WinZipBar_DE Customized Web Search"); Deleted : user_pref("CT3192727.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3192727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...] Deleted : user_pref("CT3192727.SearchInNewTabEnabled", true); Deleted : user_pref("CT3192727.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3192727.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200"); Deleted : user_pref("CT3192727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3192727.SearchProtectorEnabled", true); Deleted : user_pref("CT3192727.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT3192727.SendProtectorDataViaLogin", true); Deleted : user_pref("CT3192727.ServiceMapLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200"); Deleted : user_pref("CT3192727.SettingsLastCheckTime", "Fri Aug 03 2012 08:24:33 GMT+0200"); Deleted : user_pref("CT3192727.SettingsLastUpdate", "1342354864"); Deleted : user_pref("CT3192727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=13"); Deleted : user_pref("CT3192727.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3192727.ThirdPartyComponentsLastCheck", "Tue May 15 2012 13:57:02 GMT+0200"); Deleted : user_pref("CT3192727.ThirdPartyComponentsLastUpdate", "1331806000"); Deleted : user_pref("CT3192727.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT3192727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3192727"); Deleted : user_pref("CT3192727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3192727.UserID", "UN10847091490668015"); Deleted : user_pref("CT3192727.alertChannelId", "1606848"); Deleted : user_pref("CT3192727.autoDisableScopes", 0); Deleted : user_pref("CT3192727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3192727.globalFirstTimeInfoLastCheckTime", "Tue May 15 2012 13:57:06 GMT+0200"); Deleted : user_pref("CT3192727.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3192727.initDone", true); Deleted : user_pref("CT3192727.isAppTrackingManagerOn", true); Deleted : user_pref("CT3192727.myStuffEnabled", true); Deleted : user_pref("CT3192727.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3192727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3192727.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3192727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3192727.navigateToUrlOnSearch", false); Deleted : user_pref("CT3192727.revertSettingsEnabled", true); Deleted : user_pref("CT3192727.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3192727.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3192727.testingCtid", ""); Deleted : user_pref("CT3192727.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:59 GMT+0200"); Deleted : user_pref("CT3192727.toolbarContextMenuLastCheckTime", "Tue May 15 2012 13:57:06 GMT+0200"); Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801937&Search[...] Deleted : user_pref("CommunityToolbar.ConduitSearchList", "NCH DE Customized Web Search,WinZipBar_DE Customize[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801937/CT2801937[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2856415/CT2856415[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3192727/CT3192727[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2724407/CT2724386[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116652/1112356/DE", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194019/1189696/DE", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1248439/1244112/DE", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801937", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2856415", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3192727", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724407", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801937",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2856415",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3192727",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2724386/CT2724386[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2856415/CT2856415[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2724407/CT2724386[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...] Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false); Deleted : user_pref("CommunityToolbar.EngineOwner", ""); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1"); Deleted : user_pref("CommunityToolbar.IsEngineShown", false); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\heiko&sabine\\AppData\\Roaming\\Moz[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2856415"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/?loc=ff_a[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2856415,CT2724386,CT2438727,CT2801937,CT3192727"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2856415,CT2724386,CT2438727,CT2801937,CT3192727"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2438727,CT2801937,CT3192727"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 14 2011 09:10:48 GMT+02[...] Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true); Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 14 2011 21:37:29 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 26 2011 19:49:33 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "c368d400-187b-469d-93b1-41b10686de52"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100"); Deleted : user_pref("CommunityToolbar.globalUserId", "595a5e57-69f6-4487-80d2-bf98f765e757"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3192727"); Deleted : user_pref("CommunityToolbar.killedEngine", true); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 15 2012 13:57:0[...] Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true); Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue May 15 2012 13:57:09 GMT+020[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 15 2012 13:57:01 GMT+0200"); Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "dbb9b87c-b8b0-4af5-9cde-657df270fb67"); Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.incredimail.com"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google"); Deleted : user_pref("CommunityToolbar.undefined", ""); Deleted : user_pref("extensions.Softonic.admin", false); Deleted : user_pref("extensions.Softonic.aflt", "orgnl"); Deleted : user_pref("extensions.Softonic.autoRvrt", "false"); Deleted : user_pref("extensions.Softonic.dfltLng", ""); Deleted : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)"); Deleted : user_pref("extensions.Softonic.dspOld", "Google"); Deleted : user_pref("extensions.Softonic.excTlbr", false); Deleted : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc[...] Deleted : user_pref("extensions.Softonic.hpOld", "hxxp://mystart.incredimail.com?a=1ex6s2xHUou"); Deleted : user_pref("extensions.Softonic.id", "a08e748300000000000000242ba0c3ef"); Deleted : user_pref("extensions.Softonic.instlDay", "15467"); Deleted : user_pref("extensions.Softonic.instlRef", "MON00001"); Deleted : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=[...] Deleted : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...] Deleted : user_pref("extensions.Softonic.prdct", "Softonic"); Deleted : user_pref("extensions.Softonic.prtnrId", "softonic"); Deleted : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...] Deleted : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Deleted : user_pref("extensions.Softonic.tlbrId", "base"); Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...] Deleted : user_pref("extensions.Softonic.vrsn", "1.5.21.0"); Deleted : user_pref("extensions.Softonic.vrsni", "1.5.21.0"); Deleted : user_pref("extensions.Softonic_i.dfltSrch", true); Deleted : user_pref("extensions.Softonic_i.dnsErr", true); Deleted : user_pref("extensions.Softonic_i.hmpg", true); Deleted : user_pref("extensions.Softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...] Deleted : user_pref("extensions.Softonic_i.newTab", false); Deleted : user_pref("extensions.Softonic_i.smplGrp", "none"); Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.018:18:49"); Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...] Deleted : user_pref("extensions.enabledAddons", "toolbar-ff@payback.de:1.1.9.99,adapter@babylontc.com:1.0.0.1,[...] Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q=[...] -\\ Google Chrome v21.0.1180.60 File : C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "name" : "Search Results", Deleted : "search_url" : "hxxp://dts.search-results.com/sr?src=crb&appid=703&systemid=2&sr=0&q={search[...] -\\ Opera v [Unable to get version] File : C:\Users\heiko&sabine\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [59516 octets] - [31/07/2012 22:11:34] AdwCleaner[R2].txt - [61933 octets] - [02/08/2012 23:49:59] AdwCleaner[R3].txt - [61994 octets] - [03/08/2012 15:06:37] AdwCleaner[S1].txt - [63322 octets] - [03/08/2012 15:06:48] ########## EOF - C:\AdwCleaner[S1].txt - [63451 octets] ########## Emsisoft Anti-Malware v. 6.6.0.4 (C) 2003-2012 Emsisoft - Emsisoft Anti-Malware - Best antivirus and firewall to protect from viruses, bots, spyware, keyloggers, trojans, scareware and rootkits ID Object 0 D:\HEIKO_SABINE-PC\Backup Set 2012-07-31 123932\Backup Files 2012-07-31 123932\Backup files 22.zip Exploit.Java.CVE-2012-0507!E2 1 C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Adware.Win32.Toolbar.Dealio.AMN!E1 2 C:\Users\heiko&sabine\Downloads\PDFCreator-1_2_3_setup.exe Riskware.Win32.Toolbar.Widgi.AMN!E1 3 c:\program files\etoro\ Trace.File.etoro!E1 4 Value: hkey_local_machine\software\classes\clsid\{42c9ccda-4485-47b8-a9e5-e8006de9e100}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1 5 Value: hkey_classes_root\clsid\{29e269fc-2f9b-4bcd-8975-fff13240c4d5}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1 6 Value: hkey_classes_root\clsid\{1dd35ae6-8472-4151-ac2d-96b2ad3f7f82}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1 7 Value: hkey_classes_root\clsid\{281ad869-b22b-4249-b1a1-aa6be0012ae5}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1 8 Value: hkey_local_machine\software\classes\clsid\{281ad869-b22b-4249-b1a1-aa6be0012ae5}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1 9 Key: hkey_local_machine\software\etoro Trace.Registry.etoro!E1 10 Value: hkey_local_machine\software\classes\clsid\{65e67583-931c-4039-b3df-385256eea001}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1 11 Value: hkey_classes_root\clsid\{42c9ccda-4485-47b8-a9e5-e8006de9e100}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1 12 Value: hkey_local_machine\software\classes\clsid\{29e269fc-2f9b-4bcd-8975-fff13240c4d5}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1 13 Value: hkey_local_machine\software\classes\clsid\{1dd35ae6-8472-4151-ac2d-96b2ad3f7f82}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1 14 Value: hkey_classes_root\clsid\{65e67583-931c-4039-b3df-385256eea001}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1 15 Key: hkey_current_user\software\etoro Trace.Registry.etoro!E1 |
|
03.08.2012, 16:58
| #15 |
| /// Helfer-Team | GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) Sehr gut! Lasse die Funde loeschen, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
| Themen zu GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) |
| aktiviert, anleitung, antivir, cftmon.lnk, gefunde, go_0molg.pad, gvu trojaner, gvu trojaner 2.07, gvu trojaner entfernen, gvu trojaner mit webcam, gvu-trojaner mit webcam, inter, interne, laptop, melden, nichts, nichts geht mehr, online, problem, reveton.c, sperrbildschirm, trojaner, update, webcam, webcam gvu trojaner, webcamfenster, weiterhelfen |
Linear-Darstellung
