|
Plagegeister aller Art und deren Bekämpfung: Trojaner - Gegen Gesetze der Bundesrepublik ... HellomotoWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.09.2012, 17:39 | #1 |
| Trojaner - Gegen Gesetze der Bundesrepublik ... Hellomoto habe seit gestern einen Trojaner der in einem Fenster mit der Meldung: "Gegen die Gesetze der Bundesrepublik Deutschland verstoßen habe..." Über einen weiteren User auf meinem Laptop konnte ich Malwarebytes installieren und die Übeltäter wurden indentifiziert: hellomoto\TujP.dat (Trojan.Ransom.FGen) hellomoto\BukF.dat (Trojan.Ransom.FGen) gelöscht und in Quarantäne gesteckt. Das Problem war nicht behoben. OTL habe ich nach Anleitung hier installiert und durchlaufen lassen. Anbei die OTL und Extras. vielen Dank schon im Voraus. OTL logfile created on: 13.09.2012 13:08:20 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Admin\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 29,42% Memory free 7,73 Gb Paging File | 4,23 Gb Available in Paging File | 54,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 249,25 Gb Free Space | 53,52% Space Free | Partition Type: NTFS Computer Name: PC7 | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days ========== Processes (SafeList) ========== PRC - [2012.09.13 13:06:17 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2012.09.13 07:14:11 | 001,592,208 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mikogo 4\M4-Capture.exe PRC - [2012.09.12 16:30:30 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.30 04:58:46 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.07.18 15:00:06 | 001,008,032 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mikogo 4\M4-Service.exe PRC - [2012.02.27 14:39:08 | 000,529,408 | ---- | M] () -- C:\Program Files (x86)\Kinoni\KinoniSvc.exe PRC - [2012.02.27 05:14:40 | 000,038,248 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe PRC - [2011.07.13 11:29:32 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.07 04:50:10 | 000,071,024 | ---- | M] () -- C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe PRC - [2011.04.07 04:44:16 | 000,011,120 | ---- | M] (Haufe Mediengruppe) -- C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe PRC - [2011.03.20 17:52:19 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.02.01 22:53:38 | 000,391,232 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.02.01 22:53:08 | 005,583,056 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2010.11.16 05:33:40 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.08.26 11:36:00 | 002,684,256 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.06.08 14:34:00 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2009.06.03 15:33:00 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe PRC - [2008.07.24 11:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe ========== Modules (No Company Name) ========== MOD - [2012.08.30 04:58:45 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll MOD - [2012.08.30 04:58:44 | 012,237,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll MOD - [2012.08.30 04:58:42 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll MOD - [2012.08.30 04:57:27 | 000,526,872 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libglesv2.dll MOD - [2012.08.30 04:57:26 | 000,104,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libegl.dll MOD - [2012.08.30 04:57:15 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avutil-51.dll MOD - [2012.08.30 04:57:13 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avformat-54.dll MOD - [2012.08.30 04:57:12 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll MOD - [2012.02.27 05:13:54 | 000,151,376 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2011.02.01 22:52:52 | 011,195,512 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.07.13 11:30:06 | 002,660,624 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV) SRV:64bit: - [2011.07.13 11:27:52 | 000,053,224 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv) SRV:64bit: - [2010.06.21 10:13:44 | 000,033,280 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2010.06.03 15:41:22 | 001,932,592 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.18 15:00:06 | 001,008,032 | ---- | M] () [Auto | Running] -- C:\Users\Rene\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.23 07:08:44 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.02.27 14:39:08 | 000,529,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Kinoni\KinoniSvc.exe -- (KinoniSvc) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.07 04:50:10 | 000,071,024 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService) SRV - [2011.03.20 17:52:19 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.02.01 22:53:54 | 001,112,736 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.12.13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.11.30 07:18:06 | 000,467,248 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.17 06:48:34 | 002,024,864 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE -- (msoidsvc) SRV - [2010.07.03 12:08:08 | 000,251,184 | ---- | M] (BUFFALO INC.) [Disabled | Stopped] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService) SRV - [2010.06.03 15:40:00 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2010.06.01 22:31:04 | 001,446,728 | ---- | M] (Wisair Ltd.) [Auto | Running] -- C:\Program Files (x86)\Wireless USB\Components\Association\CableAssociation.exe -- (CableAssociation) SRV - [2010.05.12 16:13:56 | 009,321,832 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.29 22:41:52 | 000,059,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService) SRV - [2009.11.04 13:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.04 13:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.10.28 10:54:36 | 000,444,416 | R--- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2009.10.20 10:02:10 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.07.30 21:20:00 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.12 17:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.27 14:38:16 | 002,782,848 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kinonivd.sys -- (kinonivd) DRV:64bit: - [2012.02.27 14:38:10 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kinonivad.sys -- (KINONI_Wave) DRV:64bit: - [2012.02.03 16:46:12 | 000,017,408 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.3.24903.0.sys -- (DisplayLinkUsbPort) DRV:64bit: - [2011.12.08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.12.08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.12.08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.24 15:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2011.03.20 17:52:20 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2011.03.20 17:52:18 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) DRV:64bit: - [2011.03.20 17:52:17 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2011.03.20 17:52:13 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2010.11.29 14:14:36 | 001,186,272 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf) DRV:64bit: - [2010.11.29 14:14:30 | 000,591,968 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3) DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.07.21 16:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010.07.21 16:58:50 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2010.07.01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2010.06.21 10:13:44 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.06.21 10:13:44 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2010.05.13 16:52:08 | 000,162,896 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (bdfm) DRV:64bit: - [2010.05.12 16:14:23 | 000,194,160 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd) DRV:64bit: - [2010.05.12 16:14:23 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr) DRV:64bit: - [2010.03.16 23:32:04 | 000,541,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_DWA.SYS -- (DWA) DRV:64bit: - [2010.03.16 23:31:34 | 000,911,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_HWA.SYS -- (hwa) DRV:64bit: - [2010.03.16 19:50:34 | 000,159,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_RCI.SYS -- (HWARadio) DRV:64bit: - [2010.03.03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.21 19:51:36 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_TBF.sys -- (DLCopyFilter) DRV:64bit: - [2010.01.28 06:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.01.21 18:32:48 | 000,046,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_USF.sys -- (WSR_USF) DRV:64bit: - [2010.01.19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (Bdvedisk) DRV:64bit: - [2009.11.27 13:38:22 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler) DRV:64bit: - [2009.11.27 13:38:14 | 000,019,504 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt) DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:64bit: - [2009.10.26 20:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.02 21:24:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.28 18:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.08.28 18:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.08.28 11:50:00 | 000,211,560 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd) DRV:64bit: - [2009.08.10 11:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.08.05 14:45:00 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2009.08.05 12:56:00 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd) DRV:64bit: - [2009.07.28 20:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom) DRV:64bit: - [2009.07.24 11:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.06.19 10:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid) DRV:64bit: - [2009.06.19 09:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp) DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2009.06.17 12:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte) DRV:64bit: - [2009.06.15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.04.07 14:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.01.09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV - [2011.11.23 19:38:16 | 000,101,380 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Deskshare\My Screen Recorder Pro 3\Beep.wav -- (Beep) DRV - [2010.08.20 18:42:04 | 000,099,408 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV - [2010.08.20 15:42:08 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Programme\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 25 4D 23 C3 0B CC 01 [binary data] IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0 FF - prefs.js..extensions.enabledAddons: firebug@software.joehewitt.com:1.9.2 FF - prefs.js..extensions.enabledAddons: software@loadtubes.com:1.01 FF - prefs.js..extensions.enabledAddons: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.13.0.6 FF - prefs.js..extensions.enabledAddons: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10 FF - prefs.js..extensions.enabledAddons: {b2509cd4-17cd-45ed-8146-a82af038f493}:2.02 FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3767 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.6 FF - prefs.js..extensions.enabledItems: {b2509cd4-17cd-45ed-8146-a82af038f493}:1.60 FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: netviewero2m@netviewero2m:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6&ctid=CT2319825&SearchSource=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT\ [2012.06.07 10:24:49 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDTBEXT\ [2012.06.07 10:24:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010.06.21 16:36:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012.06.07 10:24:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netviewero2m@netviewero2m: C:\Program Files (x86)\Netviewer\Meet\Plugin\FF plugin\NVFFMeet [2011.02.01 09:59:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.12.31 17:37:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.12.31 17:37:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.12 14:37:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.12 10:17:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012.06.07 10:24:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010.06.21 16:36:59 | 000,000,000 | ---D | M] [2012.08.02 18:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.08.02 18:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{847441a0-668c-4f1e-857f-7fb5fabebdb9} [2011.07.12 13:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2012.06.07 19:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions [2012.06.07 19:41:45 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012.04.11 13:20:38 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions\extension@preispilot.com [2012.01.17 23:48:30 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions\ffxtlbr@babylon.com [2012.04.11 13:20:12 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions\software@loadtubes.com [2012.04.11 13:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions\extension@preispilot.com\chrome [2012.06.07 19:25:53 | 001,335,949 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\q0ant5zg.default\extensions\firebug@software.joehewitt.com.xpi [2011.11.26 20:39:53 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\q0ant5zg.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012.01.09 13:17:18 | 000,038,752 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\q0ant5zg.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}.xpi [2012.02.22 10:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.18 16:36:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.12 14:37:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.11 20:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012.04.11 13:20:03 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.02.22 10:36:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.22 10:36:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.22 10:36:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.22 10:36:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.22 10:36:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.22 10:36:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Lync 2010 Meeting Join Plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Reallusion CT4Player for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Preispilot = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjpkhclkpogbajfopiejkndoipagbmgm\1.4.9_0\ CHR - Extension: Skype Click to Call = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Netviewer Meet) - {7F375858-2861-4FEC-88CF-FEE2D4E6D870} - C:\PROGRA~2\NETVIE~1\Meet\Plugin\IEPLUG~1\NVIEPL~1.DLL (Netviewer AG) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Preispilot) - {E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll (Ciuvo GmbH) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com) O3:64bit: - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.) O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2011\Antispam32\ietoolbar.dll (BitDefender S.R.L.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (&Netviewer Meet) - {5D6FDD2C-2FED-43B9-8A9E-3F9FFA988E5D} - C:\PROGRA~2\NETVIE~1\Meet\Plugin\IEPLUG~1\NVIEPL~1.DLL (Netviewer AG) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - loadtbs\toolbar.dll File not found O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe (BitDefender S.R.L.) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe (Mindjet) O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [WirelessUSBManager] C:\Program Files (x86)\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000..\Run: [Facebook Update] C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000..\Run: [IBP] File not found O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8:64bit: - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63E2C96A-1F66-4239-B089-7F59975173D5}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68C7B3AC-E99F-43FC-91A4-97449652CB37}: NameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{866070F8-9C04-4FA6-880B-B18EB43CAEAA}: DhcpNameServer = 10.145.2.30 10.145.2.31 O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1841a632-7d0b-11df-b1dc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1841a632-7d0b-11df-b1dc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\LSNavi.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 7 Days ========== [2012.09.13 13:06:16 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.09.12 14:40:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2012.09.12 14:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.12 14:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.12 14:40:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.12 14:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.12 10:29:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.12 10:29:14 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 10:29:12 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 10:29:12 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.02.22 20:42:45 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files (x86)\Common Files\keyhelp.ocx [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 7 Days ========== [2012.09.13 13:06:17 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.09.13 10:22:11 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 10:22:11 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 09:06:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.13 08:51:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.13 08:28:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2469325173-3988751889-2746215870-1003UA.job [2012.09.13 07:41:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2469325173-3988751889-2746215870-1003UA.job [2012.09.13 07:36:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2469325173-3988751889-2746215870-1000UA.job [2012.09.13 07:16:09 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.13 07:16:05 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job [2012.09.13 07:14:10 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.09.13 07:13:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.13 07:13:36 | 3113,164,800 | -HS- | M] () -- C:\hiberfil.sys [2012.09.12 17:28:18 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2469325173-3988751889-2746215870-1003Core.job [2012.09.12 16:41:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2469325173-3988751889-2746215870-1003Core.job [2012.09.12 16:36:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2469325173-3988751889-2746215870-1000Core.job [2012.09.12 14:40:06 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.12 14:40:06 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.11 13:20:28 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2012.02.03 16:46:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll [2012.02.03 16:46:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll [2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.07.13 10:13:17 | 001,179,810 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.01.11 16:37:50 | 000,006,144 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.09 10:06:33 | 000,007,669 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2010.07.08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe [2010.07.01 20:17:32 | 000,002,768 | ---- | C] () -- C:\Users\Admin\dbSThumb.CFG [2010.06.21 18:36:29 | 000,000,025 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\bdfvconp.ini [2010.05.05 19:03:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat < End of report > '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' |
13.09.2012, 17:41 | #2 |
| Trojaner - Gegen Gesetze der Bundesrepublik ... Hellomoto Da nicht alles in den 1. Post passte hier die OTL.txtOTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 13.09.2012 13:08:20 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Admin\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 29,42% Memory free 7,73 Gb Paging File | 4,23 Gb Available in Paging File | 54,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 249,25 Gb Free Space | 53,52% Space Free | Partition Type: NTFS Computer Name: PC7 | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-2469325173-3988751889-2746215870-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01D35D9B-6A63-4600-8D37-E20F983030E4}" = lport=2869 | protocol=6 | dir=in | app=system | "{08C7A4D6-A0F7-4C35-A08D-DDC2B0399D43}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{08F91073-67ED-4C9C-9C2E-4140C6979C5E}" = lport=4481 | protocol=6 | dir=in | name=blackberry® desktop software remote media sync service data transfer | "{10D7ECFB-C109-48EF-BF45-07D63E3533BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{161B9B88-B478-49FB-B432-AB503D14EA3E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{23F19054-8F29-4F2F-8670-85106A5EF60D}" = lport=139 | protocol=6 | dir=in | app=system | "{26F95DBF-809C-4525-BC66-77309C828394}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2FA424D8-0871-4CF8-81F5-7CCAE530E721}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3321095A-51BD-4640-BDA6-467C89ED67E8}" = lport=2869 | protocol=6 | dir=in | app=system | "{4284BF72-E028-4662-B7CF-C5DF65236F09}" = lport=10243 | protocol=6 | dir=in | app=system | "{487FD567-D6B2-428E-9508-2FCE4192FD5D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{497544DF-B2DB-4857-B062-0697D34A6974}" = lport=4481 | protocol=17 | dir=in | name=blackberry® desktop software remote media sync service discovery | "{4B862E88-3904-45BD-ADA3-13D809FE2768}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5349F433-86B1-4762-9F9D-1EFA900C29A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{544A9288-A513-4616-BB43-22C9C14B2549}" = lport=4482 | protocol=6 | dir=in | name=blackberry® desktop software remote media sync service data transfer | "{65F22CFA-9CFB-472A-8173-7E0A3D0D93B1}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{6ED8EF14-979D-4D3C-86F5-554BA5FC953D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{73B13493-EB62-4124-AE9C-005859131940}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{7C5C630F-AA46-4614-B0A7-FB0477CEE89B}" = rport=445 | protocol=6 | dir=out | app=system | "{8740F5AA-ACF7-4B40-ACE0-7BCBB67848D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | "{8A99F36B-6A60-4226-A1E9-4D425ED0FC8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | "{8CEEA95C-D24E-4A9F-8569-FC41E9104B43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8EB2BBF0-F9EF-4A69-932D-E6AABDB1129D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | "{9028BC05-A169-4582-88A3-FEF5E86C640B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{93752C4A-FBDC-48E5-9A89-4146B1B9C05E}" = rport=2869 | protocol=6 | dir=out | app=system | "{99EBC150-F6CE-4AEA-A4ED-5367B70304F9}" = lport=4482 | protocol=17 | dir=in | name=blackberry® desktop software remote media sync service discovery | "{A19E2C56-D9E8-435B-B3D1-542CBD8F16D6}" = rport=139 | protocol=6 | dir=out | app=system | "{A3AF5344-A834-4A11-A62B-19071A20B4CA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B0E5DA7D-149B-482A-8F88-BE38F8991C2B}" = lport=445 | protocol=6 | dir=in | app=system | "{B740BA92-12A6-4E2B-98EB-74A82AFC3EEF}" = lport=5055 | protocol=6 | dir=in | name=kinonisvc | "{BD31EB90-BA1C-497C-8AF8-969F369574A3}" = rport=137 | protocol=17 | dir=out | app=system | "{C084F8A8-1DFB-4403-98CD-A65E2F840803}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{C4EB580B-78F9-47D8-BC2D-F08132E9249B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5F13C25-627C-4214-A885-8A5D2CA21C54}" = rport=10243 | protocol=6 | dir=out | app=system | "{CD91FDDA-DDA5-4BB2-A598-486743B815C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D8DC32D5-73DF-4928-95A2-5A7853FF624A}" = lport=137 | protocol=17 | dir=in | app=system | "{DECCC87A-35E4-43A0-8753-B15ED37DF843}" = rport=138 | protocol=17 | dir=out | app=system | "{E28993E1-A1C9-4221-BA7B-FB4135B86F84}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E6D32B14-F8B7-43BC-B3ED-9BDAE2D0E502}" = lport=138 | protocol=17 | dir=in | app=system | "{FAE44B71-3340-4A21-B37A-936221A8DA3B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{007D85A8-8A3C-4506-8170-375FBB043277}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0782BA59-89B7-4356-9717-30783FA857E5}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | "{183F08E1-594A-4D60-8454-84D8BDD1135F}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | "{1CC84DFF-B3ED-4D75-9546-B6482D694CB8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{1DD6D0FD-242D-452A-8EAF-C6B629EF9F44}" = protocol=6 | dir=in | app=c:\users\rene\appdata\roaming\dropbox\bin\dropbox.exe | "{23276B9A-8FF4-4481-A3ED-1E1B7994416F}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe | "{23C7DDE1-6544-4820-AD35-01F5434B7111}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2F902029-954D-48B0-A1C2-F083B4BFB772}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{3217BAF7-7E9A-4B61-9E39-8AAEE39C6FBD}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | "{35A7187C-F0AE-4227-B146-9C3614286B63}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{3848E2F8-F8B1-4FAF-9FE0-F19B0E444FEB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{3C47A89D-5A11-45A4-A2A0-36F847CA2B6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3F2D1F98-0BF0-4930-8F7A-10D3D93B0B71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4D55DB74-C1DE-4DC7-AF76-EC14EF22742F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{503CD8AD-6F9F-4BF6-ACC3-C4D71BB2EDE3}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | "{5C488621-FAB5-4ED7-BBCF-C682C7AF37F8}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | "{5C4B0874-9F09-424B-B2E7-5A39A0C85411}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{5C64E697-45A4-4BCD-9C7E-1EDE491C944A}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | "{5CB21E28-D3A5-431A-BB58-177B31E5B1D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5CE09FB0-D19A-454E-B3DB-0756D4A9233F}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | "{5EC4D16C-D173-442E-A72C-AE9A5E3DC426}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{6D79319C-4CEB-46AD-A9BD-62FA9394B5C7}" = protocol=6 | dir=out | app=system | "{6FDB0EFA-C9BC-4693-B708-47AA634F041D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{70E2290E-7FC0-4E15-BB32-81B65E3FF239}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{75A18C81-B844-4D97-8B14-7A2CCFFE5E75}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7978798A-427C-473A-B69D-E46D298C256D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{79B4F1FA-AD84-489D-84EC-EEDA99815C21}" = dir=in | app=c:\users\admin\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{80ECF49F-E7C4-4D57-AE18-F07AD0CD48B8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{861B2CD2-E092-4675-8E24-636ABEA65E2C}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | "{86A55B97-6DE8-46A3-8EBE-C3C168AC51BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{89B94F80-0020-43BE-A8C7-2376E389D0A5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{8AA3E38C-1F26-4A88-88E3-1B0B02D31484}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{8CCA25B8-F4AC-4E5D-81C7-68590005503E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{8ED2EA26-A4E5-43AE-B6A1-623788030B1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8F68DE73-F719-4594-86F2-867FB5BDCBAD}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{92121952-5A60-4A08-9416-64AE3227975E}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe | "{95B4ECEE-B6EF-4FE7-B22D-674197F1D093}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{9C748CA4-0F0B-4143-8820-958ED077EBD9}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A246E768-666B-40E9-BEBF-BB56FAFCF2E2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A30C25F1-678A-49D2-973C-F187B308AFB2}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | "{A395853F-DBC9-46DC-97D3-6C4A6B9AED81}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A6882DF6-DE79-4785-994E-0897D9FBCF7F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A952961C-0255-48DA-9A67-21B5A267C691}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{B0588A64-0478-4196-AC63-DFA3219F4C93}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{B0F484F5-2A7F-4901-9E1B-9715AF46B011}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C1C375D5-8BB7-4848-A952-3218EB2E3B3D}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{CB942057-1497-4D4D-9FB7-F579DD54B022}" = protocol=17 | dir=in | app=c:\users\rene\appdata\roaming\dropbox\bin\dropbox.exe | "{D5BD87A5-1895-4638-AABC-5812DCD42F84}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | "{D975098E-B267-45BE-A779-043D729A7FBF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DC7E7439-3FB3-498C-88E0-C9BA5381A4C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E16A40F5-3DB9-4B84-A7FE-EC1AB74F2909}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E1AAE8EE-BBC6-4575-AFC9-FEFB5FE4325A}" = dir=in | app=c:\program files (x86)\finalmediaplayer\fmpcheckforupdates.exe | "{E850B116-9058-430F-8246-E80A1DAE5121}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{EF0C102A-4FAD-4379-9EEA-FB46BBB23626}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | "{F3514A94-1083-459D-83DD-564E332F31F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FA60D9A4-A0D6-4825-9830-0587F9E904BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{FA9D1BBB-3FA7-4BDE-8249-FB7540FFD7CF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FE906F95-E793-48E9-8561-DC9BC425A669}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{FEAC6F09-4119-42EB-A262-AA507FC9CA75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{0F088EDB-8882-4734-88E3-A66305E5EDC7}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "TCP Query User{13C8C54A-0093-41EE-9178-C3FFE46A2E3F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{1659BCD9-5A3D-4375-A13D-895EFB83D1A8}C:\users\rene\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\rene\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{1BD96829-7CDF-4CDC-8B97-7328C5F6F0DF}C:\users\rene\appdata\local\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\users\rene\appdata\local\mozilla firefox\plugin-container.exe | "TCP Query User{7E3F9020-1481-4731-8C71-0BC0C164A6D2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{8C831FBD-E32D-4501-BC85-3CB84432DE6B}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "TCP Query User{AD66AC48-EE6D-4EF1-B836-66DFC73EF4BD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{EE59B8D8-8C86-4DFD-9508-448D0A76F49E}C:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "TCP Query User{F9E0E659-32BE-4D25-8D6F-04531EC7C905}C:\program files (x86)\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | "TCP Query User{FD17C012-D47E-4166-A8A8-302ABCDD6376}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | "UDP Query User{0FC65457-FF72-412D-B7F2-09809A9D9CF1}C:\program files (x86)\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | "UDP Query User{47D32779-1FEC-4858-B155-9A6BF63D48D4}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "UDP Query User{646F57EC-2342-4CF1-AB4A-43716D66BA79}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{71A55F25-1B00-409B-BFD9-A92AA0FDC8D1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{7A31522B-B506-42D1-AA66-86EF4979675D}C:\users\rene\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\rene\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{E2971692-0C8E-4388-843A-F208195BFBCA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{E5A43147-3E5A-4FD3-9276-E6F9B987E0EF}C:\users\rene\appdata\local\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\users\rene\appdata\local\mozilla firefox\plugin-container.exe | "UDP Query User{EEFAB799-1576-423C-9365-53633F33BA53}C:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "UDP Query User{F9C642FA-AF21-4F66-AA56-DCA51768609E}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | "UDP Query User{FE80D89D-46E1-4EC8-8874-A2524CD75C8D}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{2A7C98F0-6151-4F7C-84AC-8C4AAE1E290B}" = Dell Wireless HSPA Mini-Card Drivers "{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel "{42C44037-0ABF-4BEF-AEBE-CFB50835C5D8}" = DisplayLink Core Software "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0 "{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010 "{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam "{5D62CA9E-C68A-4BED-A1E9-7D38D9DDC2DB}" = Microsoft Online Services-Anmelde-Assistent "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{661DD62F-D0F2-4573-902B-DBCAAD8229AF}" = Validity Sensors DDK "{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = Wireless USB WinDrivers "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6CA7A3C-35FD-401F-9335-FFFD2BCD5FF3}" = BitDefender Total Security 2011 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät "{E9EAD4E3-8CC6-47EB-82C9-8CBBB90065A0}" = DisplayLink Graphics "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FC09380E-74BE-41F5-8353-E97113969040}" = DigitalPersona Personal 4.01 "26DF6674D7C1C08AE6A9F0AB0F04558F369FF15F" = Windows Driver Package - Broadcom Bluetooth (12/01/2009 6.2.0.9411) "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image (02/11/2010 ) "BitDefender" = BitDefender Total Security 2011 "DW WLAN Card Utility" = DW WLAN Card Utility "GPL Ghostscript 9.02" = GPL Ghostscript "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "PDF-XChange 3_is1" = PDF-XChange 3 "Redirection Port Monitor" = RedMon - Redirection Port Monitor [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup) "_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (JTLWAWI) "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011 "{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup) "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight "{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express "{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater "{1600A56F-253A-4D00-851F-6DCC9796FDC7}_is1" = dbSThumb - Bilderdatenbank "{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3 "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23 "{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5 "{36FF704D-C9E5-43AE-8896-0CCE13AA7B31}" = BlackBerry Desktop Software 6.0 "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40B59FB8-A703-45A9-9167-667CC65A865D}" = InLoox PM "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{5BDD15BE-EFF5-436E-B0C1-1E63665854B9}" = BMWi-Softwarepaket 9.3 "{5E7E00A7-2CF6-4171-9731-C9362F18824A}" = necsus PaintMap for MindManager "{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8231E7FB-EF2F-4866-95B3-C3C54A910049}" = Netviewer Meet "{84090C21-60FE-11E0-B14D-005056B12123}" = Haufe iDesk-Service "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe "{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C4A24F8-418C-4F48-A75C-1419A1492E3B}" = Critical Chain "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010 "{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1) "{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010 "{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1) "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1FD6060-8DF9-4C67-AF5E-7D25A54D1854}" = Mindjet MindManager 2012 "{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BB2B1599-8681-47EB-B6EC-627F7657810C}" = SetHolidays "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CE7F2CA3-ADA3-4907-9013-8B61C370B6E4}" = Haufe Formular-Manager "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT "{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE "{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7 "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{E3DC29BB-8F6F-4034-89B2-E317391F804F}" = BMWi Zukunftscheck Mittelstand "{E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8}" = Preispilot "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E6ABDF64-A573-4FE3-A7D5-965F4ADBF827}" = lexware excel im unternehmen "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEF3D4D1-E877-4B56-9734-C36BF3E31939}" = SmartPointer "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F22BADA9-D808-43B8-8BC9-A09AD451E577}" = OPTi-Addins "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR "{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Any Video Converter_is1" = Any Video Converter 3.1.1 "Artisteer 2" = Artisteer 2 "Artisteer 3" = Artisteer 3 "AudibleManager" = AudibleManager "BabylonToolbar" = Babylon toolbar on IE "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0 "Dell Webcam Central" = Dell Webcam Central "Digital Editions" = Adobe Digital Editions "ElsterFormular 11.5.1.4843" = ElsterFormular "FinalMediaPlayer_is1" = Final Media Player 2010 "FreePDF_XP" = FreePDF (Remove only) "Google Chrome" = Google Chrome "GPS-Track-Analyse.NET_is1" = 5.0.1 "hotpot_is1" = HotPotatoes v 6.3.0.4 "IBP11_is1" = IBP 11.9.1 "InLoox PM" = InLoox PM "InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23 "InstallShield_{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = Wireless USB WinDrivers "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IrfanView" = IrfanView (remove only) "JTL-Wawi_is1" = JTL-Wawi "KinoniDrivers" = KinoniDrivers 2.5 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "MPE" = MyPhoneExplorer "My Screen Recorder Pro DotNet_is1" = My Screen Recorder Pro 3.0 "Notepad++" = Notepad++ "Office14.PRJPROR" = Microsoft Project Professional 2010 "Office14.SingleImage" = Microsoft Office Professional 2010 "PAR_Bildschirmschoner" = PAR_Bildschirmschoner Screen Saver "PI11126_HPR_ProjMt" = Lexikon der Projektmanagement-Methoden "quandary2_is1" = Quandary v 2.4.1.0 "SmartToolsInhaltsverzeichnisv3.00" = SmartTools Publishing • Excel Inhaltsverzeichnis "softonic" = Softonic toolbar on IE and Chrome "SWiSH miniMax2" = SWiSH miniMax2 "UN060501" = BUFFALO NAS Navigator "UN080307" = BUFFALO LinkStation(LS-WTGL/R1) Setup Guide "VodafoneConnector" = Vodafone Connector "WinLiveSuite" = Windows Live Essentials "Winload Toolbar" = Winload Toolbar "XING Connector" = XING Connector 1.2 "yEd Graph Editor 3.6.1.1" = yEd Graph Editor 3.6.1.1 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12.09.2012 17:20:07 | Computer Name = PC7 | Source = MSSQL$JTLWAWI | ID = 8317 Description = Der 'First Counter'-Wert, der dem Registrierungsschlüssel 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$JTLWAWI\Performance' zugeordnet ist, kann nicht abgefragt werden. SQL Server-Leistungsindikatoren sind deaktiviert. Error - 12.09.2012 17:31:15 | Computer Name = PC7 | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.61.3 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 520 Startzeit: 01cd912c1c9d4559 Endzeit: 16 Anwendungspfad: C:\Users\Admin\Desktop\OTL.exe Berichts-ID: Error - 12.09.2012 17:33:20 | Computer Name = PC7 | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0 Error - 12.09.2012 17:33:39 | Computer Name = PC7 | Source = MSSQL$JTLWAWI | ID = 8317 Description = Der 'First Counter'-Wert, der dem Registrierungsschlüssel 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$JTLWAWI\Performance' zugeordnet ist, kann nicht abgefragt werden. SQL Server-Leistungsindikatoren sind deaktiviert. Error - 12.09.2012 17:36:32 | Computer Name = PC7 | Source = Bonjour Service | ID = 100 Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.) active for over two minutes. This places considerable burden on the network. Error - 13.09.2012 01:12:13 | Computer Name = PC7 | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0 Error - 13.09.2012 01:12:31 | Computer Name = PC7 | Source = MSSQL$JTLWAWI | ID = 8317 Description = Der 'First Counter'-Wert, der dem Registrierungsschlüssel 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$JTLWAWI\Performance' zugeordnet ist, kann nicht abgefragt werden. SQL Server-Leistungsindikatoren sind deaktiviert. Error - 13.09.2012 01:13:51 | Computer Name = PC7 | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0 Error - 13.09.2012 01:14:13 | Computer Name = PC7 | Source = MSSQL$JTLWAWI | ID = 8317 Description = Der 'First Counter'-Wert, der dem Registrierungsschlüssel 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$JTLWAWI\Performance' zugeordnet ist, kann nicht abgefragt werden. SQL Server-Leistungsindikatoren sind deaktiviert. Error - 13.09.2012 01:17:10 | Computer Name = PC7 | Source = Bonjour Service | ID = 100 Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.) active for over two minutes. This places considerable burden on the network. Error - 13.09.2012 01:21:07 | Computer Name = PC7 | Source = Microsoft-Windows-LoadPerf | ID = 3002 Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten. [ Media Center Events ] Error - 13.06.2012 09:29:58 | Computer Name = PC7 | Source = MCUpdate | ID = 0 Description = 15:29:58 - Fehler beim Herstellen der Internetverbindung. 15:29:58 - Serververbindung konnte nicht hergestellt werden.. Error - 13.06.2012 09:30:47 | Computer Name = PC7 | Source = MCUpdate | ID = 0 Description = 15:30:03 - Fehler beim Herstellen der Internetverbindung. 15:30:03 - Serververbindung konnte nicht hergestellt werden.. Error - 13.06.2012 10:33:11 | Computer Name = PC7 | Source = MCUpdate | ID = 0 Description = 16:33:11 - Fehler beim Herstellen der Internetverbindung. 16:33:11 - Serververbindung konnte nicht hergestellt werden.. Error - 13.06.2012 10:33:42 | Computer Name = PC7 | Source = MCUpdate | ID = 0 Description = 16:33:16 - Fehler beim Herstellen der Internetverbindung. 16:33:16 - Serververbindung konnte nicht hergestellt werden.. Error - 13.06.2012 16:27:54 | Computer Name = PC7 | Source = MCUpdate | ID = 0 Description = 22:27:53 - Fehler beim Herstellen der Internetverbindung. 22:27:54 - Serververbindung konnte nicht hergestellt werden.. Error - 13.06.2012 16:28:24 | Computer Name = PC7 | Source = MCUpdate | ID = 0 Description = 22:27:59 - Fehler beim Herstellen der Internetverbindung. 22:27:59 - Serververbindung konnte nicht hergestellt werden.. Error - 15.06.2012 05:37:16 | Computer Name = PC7 | Source = MCUpdate | ID = 0 Description = 11:37:16 - Fehler beim Herstellen der Internetverbindung. 11:37:16 - Serververbindung konnte nicht hergestellt werden.. Error - 15.06.2012 05:37:25 | Computer Name = PC7 | Source = MCUpdate | ID = 0 Description = 11:37:21 - Fehler beim Herstellen der Internetverbindung. 11:37:21 - Serververbindung konnte nicht hergestellt werden.. Error - 15.06.2012 06:37:30 | Computer Name = PC7 | Source = MCUpdate | ID = 0 Description = 12:37:30 - Fehler beim Herstellen der Internetverbindung. 12:37:30 - Serververbindung konnte nicht hergestellt werden.. Error - 15.06.2012 06:37:36 | Computer Name = PC7 | Source = MCUpdate | ID = 0 Description = 12:37:35 - Fehler beim Herstellen der Internetverbindung. 12:37:35 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 13.09.2012 01:13:02 | Computer Name = PC7 | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000 Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b Error - 13.09.2012 01:51:14 | Computer Name = PC7 | Source = ipnathlp | ID = 31004 Description = Error - 13.09.2012 02:02:44 | Computer Name = PC7 | Source = ipnathlp | ID = 31004 Description = Error - 13.09.2012 02:05:18 | Computer Name = PC7 | Source = ipnathlp | ID = 31004 Description = Error - 13.09.2012 02:06:58 | Computer Name = PC7 | Source = ipnathlp | ID = 31004 Description = Error - 13.09.2012 02:37:13 | Computer Name = PC7 | Source = ipnathlp | ID = 31004 Description = Error - 13.09.2012 02:50:14 | Computer Name = PC7 | Source = ipnathlp | ID = 31004 Description = Error - 13.09.2012 03:28:29 | Computer Name = PC7 | Source = ipnathlp | ID = 31004 Description = Error - 13.09.2012 05:14:14 | Computer Name = PC7 | Source = ipnathlp | ID = 31004 Description = Error - 13.09.2012 06:18:29 | Computer Name = PC7 | Source = ipnathlp | ID = 31004 Description = < End of report > |
27.09.2012, 13:43 | #3 |
/// Helfer-Team | Trojaner - Gegen Gesetze der Bundesrepublik ... HellomotoLeider hast du durch deine Antwort dein Thema vergraben. Ist das Problem noch aktuell?
__________________ |
27.09.2012, 13:55 | #4 |
| Trojaner - Gegen Gesetze der Bundesrepublik ... Hellomoto Ich habe die Malewarebytes Software mehrmals drüber laufen lassen. Auf einmal hatte ich wieder Zugriff. Ich traue dem Frieden aber nicht. Wie kann ich testen, ob er nicht im Untergrund weiterarbeitet? Ist dieser Trojaner für Underground-Arbeit ausgelegt? Gibt es Erfahrungen? vielen Dank im Voraus an das Trojaner-Board-Team für die tolle Arbeit hier. René |
27.09.2012, 14:26 | #5 |
/// Helfer-Team | Trojaner - Gegen Gesetze der Bundesrepublik ... Hellomoto Bitte das Malwarebytes Logfile posten! (Reiter Logberichte) Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0 FF - prefs.js..extensions.enabledAddons: firebug@software.joehewitt.com:1.9.2 FF - prefs.js..extensions.enabledAddons: software@loadtubes.com:1.01 FF - prefs.js..extensions.enabledAddons: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.13.0.6 FF - prefs.js..extensions.enabledAddons: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10 FF - prefs.js..extensions.enabledAddons: {b2509cd4-17cd-45ed-8146-a82af038f493}:2.02 FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3767 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.6 FF - prefs.js..extensions.enabledItems: {b2509cd4-17cd-45ed-8146-a82af038f493}:1.60 FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: netviewero2m@netviewero2m:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6&ctid=CT2319825&SearchSource=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - loadtbs\toolbar.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKU\S-1-5-21-2469325173-3988751889-2746215870-1000..\Run: [IBP] File not found O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1841a632-7d0b-11df-b1dc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1841a632-7d0b-11df-b1dc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\LSNavi.exe [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2012.01.17 23:48:30 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions\ffxtlbr@babylon.com [2012.02.22 10:36:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.22 10:36:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.22 10:36:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.22 10:36:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.22 10:36:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.22 10:36:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml [2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe :Files C:\ProgramData\*.exe C:\ProgramData\TEMP C:\Users\Admin\*.tmp C:\Users\Admin\AppData\Local\{*} C:\Users\Admin\AppData\Local\Temp\*.exe C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk ipconfig /flushdns /c :Commands [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
|
27.09.2012, 15:26 | #6 |
| Trojaner - Gegen Gesetze der Bundesrepublik ... Hellomoto Hier der Code aus dem OTL Logfile 1. Schritt René Code:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully. C:\Program Files (x86)\Winload\prxtbWinl.dll moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-2469325173-3988751889-2746215870-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found. File C:\Program Files (x86)\Winload\prxtbWinl.dll not found. HKEY_USERS\S-1-5-21-2469325173-3988751889-2746215870-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2469325173-3988751889-2746215870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-2469325173-3988751889-2746215870-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: ffxtlbr@babylon.com:1.2.0 removed from extensions.enabledAddons Prefs.js: firebug@software.joehewitt.com:1.9.2 removed from extensions.enabledAddons Prefs.js: software@loadtubes.com:1.01 removed from extensions.enabledAddons Prefs.js: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.13.0.6 removed from extensions.enabledAddons Prefs.js: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10 removed from extensions.enabledAddons Prefs.js: {b2509cd4-17cd-45ed-8146-a82af038f493}:2.02 removed from extensions.enabledAddons Prefs.js: otis@digitalpersona.com:5.0.0.3767 removed from extensions.enabledItems Prefs.js: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 removed from extensions.enabledItems Prefs.js: firebug@software.joehewitt.com:1.6.2 removed from extensions.enabledItems Prefs.js: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.6 removed from extensions.enabledItems Prefs.js: {b2509cd4-17cd-45ed-8146-a82af038f493}:1.60 removed from extensions.enabledItems Prefs.js: FFToolbar@bitdefender.com:2.0 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems Prefs.js: netviewero2m@netviewero2m:1.0 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6&ctid=CT2319825&SearchSource=2&q=" removed from keyword.URL 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found. File C:\Program Files (x86)\Winload\prxtbWinl.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully. C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found. File C:\Program Files (x86)\Winload\prxtbWinl.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ deleted successfully. C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-2469325173-3988751889-2746215870-1000\Software\Microsoft\Windows\CurrentVersion\Run\\IBP deleted successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutorunSetting deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1841a632-7d0b-11df-b1dc-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1841a632-7d0b-11df-b1dc-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1841a632-7d0b-11df-b1dc-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1841a632-7d0b-11df-b1dc-806e6f6e6963}\ not found. File D:\LSNavi.exe not found. C:\Windows\SysNative\bda7AD3.tmp deleted successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions\ffxtlbr@babylon.com\content folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions\ffxtlbr@babylon.com\components folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\q0ant5zg.default\extensions\ffxtlbr@babylon.com folder moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully. C:\Windows\MusiccityDownload.exe moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\Admin\*.tmp not found. C:\Users\Admin\AppData\Local\{30CD70D3-9EBA-4E1E-8C2B-34AE86533BD9} folder moved successfully. C:\Users\Admin\AppData\Local\{6936B99C-2538-4542-95DA-67066DD6D440} folder moved successfully. C:\Users\Admin\AppData\Local\{6CDD08D2-4502-44F0-9753-3D5B10261DFE} folder moved successfully. C:\Users\Admin\AppData\Local\{9993C096-B2F2-4422-A34E-E9D7D6A07DD0} folder moved successfully. C:\Users\Admin\AppData\Local\{A649B276-18F8-42F9-93D2-5347FC65ED2B} folder moved successfully. C:\Users\Admin\AppData\Local\{B824CD34-8630-49AF-8F5D-BADF718B04F8} folder moved successfully. C:\Users\Admin\AppData\Local\{C8111813-1F36-4813-A99E-6863ADDBF33C} folder moved successfully. C:\Users\Admin\AppData\Local\{D2B93B31-A725-4060-A0DF-B0D80DE9FB10} folder moved successfully. C:\Users\Admin\AppData\Local\{D477C589-B01C-4AB8-9C83-26923AED32A9} folder moved successfully. C:\Users\Admin\AppData\Local\Temp\conduitinstaller.exe moved successfully. C:\Users\Admin\AppData\Local\Temp\dbSThumbUpd.exe moved successfully. C:\Users\Admin\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe moved successfully. C:\Users\Admin\AppData\Local\Temp\par_golf.exe moved successfully. C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Admin\Desktop\cmd.bat deleted successfully. C:\Users\Admin\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 30741036 bytes ->FireFox cache emptied: 212151396 bytes ->Google Chrome cache emptied: 123307010 bytes ->Flash cache emptied: 24043 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 68422958 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Geli ->Temp folder emptied: 125543736 bytes ->Temporary Internet Files folder emptied: 263240639 bytes ->Java cache emptied: 1 bytes ->FireFox cache emptied: 182966712 bytes ->Google Chrome cache emptied: 9640862 bytes ->Flash cache emptied: 7902 bytes User: PM User ->Temp folder emptied: 5021736 bytes ->Temporary Internet Files folder emptied: 16990751 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 94273780 bytes ->Flash cache emptied: 1218 bytes User: Public User: Rene ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 14450600191 bytes ->Java cache emptied: 148765444 bytes ->FireFox cache emptied: 143456274 bytes ->Google Chrome cache emptied: 407692504 bytes ->Flash cache emptied: 525 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1340785489 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 76633 bytes RecycleBin emptied: 784460 bytes Total Files Cleaned = 16.808,00 mb OTL by OldTimer - Version 3.2.61.3 log created on 09272012_160003 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\hsperfdata_PC7$\2472 not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... |
27.09.2012, 19:25 | #7 |
/// Helfer-Team | Trojaner - Gegen Gesetze der Bundesrepublik ... Hellomoto Schritt 2, 3, 4? |
27.09.2012, 21:23 | #8 |
| Trojaner - Gegen Gesetze der Bundesrepublik ... Hellomoto Malewarebytes läuft noch. Ich werde morgen früh das Ergebnis mailen. vielen Dank Hier die Logdatei von Adwcleaner. Eine Logdatei von Malewarebytes finde ich nicht bzw. die im Programm beinhaltet nur 2 Zeilen Logfile --> Adwcleaner # AdwCleaner v2.003 - Datei am 09/28/2012 um 08:43:51 erstellt # Aktualisiert am 23/09/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Admin - PC7 # Bootmodus : Normal # Ausgeführt unter : C:\Users\Admin\Downloads\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\user.js Datei Gefunden : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\searchplugins\Conduit.xml Ordner Gefunden : C:\Program Files (x86)\BabylonToolbar Ordner Gefunden : C:\Program Files (x86)\Conduit Ordner Gefunden : C:\Program Files (x86)\Softonic Ordner Gefunden : C:\Program Files (x86)\Winload Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\Users\Admin\AppData\Local\Babylon Ordner Gefunden : C:\Users\Admin\AppData\Local\Conduit Ordner Gefunden : C:\Users\Admin\AppData\Local\Temp\BabylonToolbar Ordner Gefunden : C:\Users\Admin\AppData\Local\Temp\CT2319825 Ordner Gefunden : C:\Users\Admin\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Babylon Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0ant5zg.default\ConduitCommon Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0ant5zg.default\CT2319825 Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0ant5zg.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} Ordner Gefunden : C:\Users\PM User\AppData\LocalLow\BabylonToolbar Ordner Gefunden : C:\Users\PM User\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\PM User\AppData\LocalLow\Softonic Ordner Gefunden : C:\Users\PM User\AppData\LocalLow\Winload Ordner Gefunden : C:\Users\Rene\AppData\Local\Temp\Softonic Ordner Gefunden : C:\Users\Rene\AppData\LocalLow\Winload Ordner Gefunden : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\Conduit Ordner Gefunden : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\ConduitCommon Ordner Gefunden : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\CT244760 Ordner Gefunden : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\extensions\{7a82fdd4-918d-4d50-b3db-341eeaa939f1} Ordner Gefunden : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\extensions\engine@conduit.com Ordner Gefunden : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\extensions\ffxtlbra@softonic.com Ordner Gefunden : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\extensions\staged ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Winload Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar Schlüssel Gefunden : HKCU\Software\BabylonToolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\Software\BabylonToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.dskBnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SoftonicApp.appCore Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc Schlüssel Gefunden : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\Software\Freeze.com Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF} Schlüssel Gefunden : HKLM\Software\Softonic Schlüssel Gefunden : HKLM\Software\Winload Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9977E00D-EDFA-4ADD-99A9-2A91B9F94CC5} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F32FDCC8-5CCF-47F5-9C52-9B54ABF024AC} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v11.0 (de) Profilname : default Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0ant5zg.default\prefs.js Gefunden : user_pref("CT2319825..clientLogIsEnabled", false); Gefunden : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Gefunden : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Gefunden : user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Gefunden : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gefunden : user_pref("CT2319825.CTID", "CT2319825"); Gefunden : user_pref("CT2319825.CurrentServerDate", "27-9-2012"); Gefunden : user_pref("CT2319825.DSInstall", false); Gefunden : user_pref("CT2319825.DialogsAlignMode", "LTR"); Gefunden : user_pref("CT2319825.DialogsGetterLastCheckTime", "Thu Sep 27 2012 15:43:38 GMT+0200"); Gefunden : user_pref("CT2319825.DownloadReferralCookieData", ""); Gefunden : user_pref("CT2319825.EMailNotifierPollDate", "Thu Sep 27 2012 16:25:37 GMT+0200"); Gefunden : user_pref("CT2319825.FeedPollDate11908299", "Thu Sep 27 2012 16:20:37 GMT+0200"); Gefunden : user_pref("CT2319825.FirstServerDate", "8-5-2012"); Gefunden : user_pref("CT2319825.FirstTime", true); Gefunden : user_pref("CT2319825.FirstTimeFF3", true); Gefunden : user_pref("CT2319825.FixPageNotFoundErrors", true); Gefunden : user_pref("CT2319825.GroupingServerCheckInterval", 1440); Gefunden : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gefunden : user_pref("CT2319825.HPInstall", false); Gefunden : user_pref("CT2319825.HasUserGlobalKeys", true); Gefunden : user_pref("CT2319825.HomePageProtectorEnabled", false); Gefunden : user_pref("CT2319825.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties"); Gefunden : user_pref("CT2319825.Initialize", true); Gefunden : user_pref("CT2319825.InitializeCommonPrefs", true); Gefunden : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3); Gefunden : user_pref("CT2319825.InstallationId", "ConduitNSISIntegration"); Gefunden : user_pref("CT2319825.InstallationType", "ConduitXPEIntegration"); Gefunden : user_pref("CT2319825.InstalledDate", "Tue May 08 2012 19:09:38 GMT+0200"); Gefunden : user_pref("CT2319825.InvalidateCache", false); Gefunden : user_pref("CT2319825.IsAlertDBUpdated", true); Gefunden : user_pref("CT2319825.IsGrouping", false); Gefunden : user_pref("CT2319825.IsInitSetupIni", true); Gefunden : user_pref("CT2319825.IsMulticommunity", false); Gefunden : user_pref("CT2319825.IsOpenThankYouPage", false); Gefunden : user_pref("CT2319825.IsOpenUninstallPage", true); Gefunden : user_pref("CT2319825.LanguagePackLastCheckTime", "Thu Sep 27 2012 15:43:36 GMT+0200"); Gefunden : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440); Gefunden : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Gefunden : user_pref("CT2319825.LastLogin_3.10.0.455", "Thu Jun 07 2012 19:26:04 GMT+0200"); Gefunden : user_pref("CT2319825.LastLogin_3.13.0.6", "Thu Sep 13 2012 13:05:29 GMT+0200"); Gefunden : user_pref("CT2319825.LastLogin_3.15.1.0", "Thu Sep 27 2012 15:43:36 GMT+0200"); Gefunden : user_pref("CT2319825.LatestVersion", "3.15.1.0"); Gefunden : user_pref("CT2319825.Locale", "de"); Gefunden : user_pref("CT2319825.MCDetectTooltipHeight", "83"); Gefunden : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gefunden : user_pref("CT2319825.MCDetectTooltipWidth", "295"); Gefunden : user_pref("CT2319825.MyStuffEnabledAtInstallation", true); Gefunden : user_pref("CT2319825.OriginalFirstVersion", "3.10.0.455"); Gefunden : user_pref("CT2319825.RadioIsPodcast", false); Gefunden : user_pref("CT2319825.RadioLastCheckTime", "Thu Sep 27 2012 15:43:32 GMT+0200"); Gefunden : user_pref("CT2319825.RadioLastUpdateIPServer", "3"); Gefunden : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000"); Gefunden : user_pref("CT2319825.RadioMediaID", "11949532"); Gefunden : user_pref("CT2319825.RadioMediaType", "Media Player"); Gefunden : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532"); Gefunden : user_pref("CT2319825.RadioShrinkedFromSetup", false); Gefunden : user_pref("CT2319825.RadioStationName", "1Live"); Gefunden : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...] Gefunden : user_pref("CT2319825.SearchCaption", "Winload Customized Web Search"); Gefunden : user_pref("CT2319825.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Gefunden : user_pref("CT2319825.SearchFromAddressBarIsInit", true); Gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6[...] Gefunden : user_pref("CT2319825.SearchInNewTabEnabled", true); Gefunden : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440); Gefunden : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Thu Sep 27 2012 15:43:30 GMT+0200"); Gefunden : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Gefunden : user_pref("CT2319825.SearchProtectorEnabled", false); Gefunden : user_pref("CT2319825.SearchProtectorToolbarDisabled", false); Gefunden : user_pref("CT2319825.SendProtectorDataViaLogin", true); Gefunden : user_pref("CT2319825.ServiceMapLastCheckTime", "Thu Sep 27 2012 15:43:31 GMT+0200"); Gefunden : user_pref("CT2319825.SettingsLastCheckTime", "Thu Sep 27 2012 15:43:29 GMT+0200"); Gefunden : user_pref("CT2319825.SettingsLastUpdate", "1348495115"); Gefunden : user_pref("CT2319825.TBHomePageUrl", "hxxp://search.conduit.com/?SSPV=FFOB6&ctid=CT2319825&SearchSou[...] Gefunden : user_pref("CT2319825.ThirdPartyComponentsInterval", 504); Gefunden : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Wed Sep 12 2012 14:41:15 GMT+0200"); Gefunden : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1331806000"); Gefunden : user_pref("CT2319825.ToolbarShrinkedFromSetup", false); Gefunden : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825"); Gefunden : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Gefunden : user_pref("CT2319825.UserID", "UN97219850009179682"); Gefunden : user_pref("CT2319825.ValidationData_Search", 0); Gefunden : user_pref("CT2319825.ValidationData_Toolbar", 0); Gefunden : user_pref("CT2319825.WeatherNetwork", ""); Gefunden : user_pref("CT2319825.WeatherPollDate", "Thu Sep 27 2012 16:20:38 GMT+0200"); Gefunden : user_pref("CT2319825.WeatherUnit", "C"); Gefunden : user_pref("CT2319825.alertChannelId", "715912"); Gefunden : user_pref("CT2319825.autoDisableScopes", -1); Gefunden : user_pref("CT2319825.backendstorage.id", "3433303238363936"); Gefunden : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Gefunden : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Thu Sep 27 2012 15:43:36 GMT+0200"); Gefunden : user_pref("CT2319825.homepageProtectorEnableByLogin", true); Gefunden : user_pref("CT2319825.initDone", true); Gefunden : user_pref("CT2319825.isAppTrackingManagerOn", false); Gefunden : user_pref("CT2319825.isFirstRadioInstallation", false); Gefunden : user_pref("CT2319825.myStuffEnabled", true); Gefunden : user_pref("CT2319825.myStuffPublihserMinWidth", 400); Gefunden : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Gefunden : user_pref("CT2319825.myStuffServiceIntervalMM", 1440); Gefunden : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Gefunden : user_pref("CT2319825.navigateToUrlOnSearch", false); Gefunden : user_pref("CT2319825.oldAppsList", "128898076802619665,128898076802619666,111,1000082,12976905385255[...] Gefunden : user_pref("CT2319825.revertSettingsEnabled", true); Gefunden : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10); Gefunden : user_pref("CT2319825.searchProtectorEnableByLogin", true); Gefunden : user_pref("CT2319825.testingCtid", ""); Gefunden : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Thu Sep 27 2012 15:43:36 GMT+0200"); Gefunden : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Thu Sep 27 2012 15:43:36 GMT+0200"); Gefunden : user_pref("CT2319825.usagesFlag", 2); Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"")[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"e58[...] Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Admin\\AppData\\Roaming\\Mozilla\\F[...] Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0"); Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2319825"); Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825"); Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2319825"); Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Sep 27 2012 15:43:31 GMT+0200"); Gefunden : user_pref("CommunityToolbar.globalUserId", "2303110d-4c77-4957-b3fb-ac7ce422d869"); Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825"); Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Sep 27 2012 15:43:3[...] Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Sep 27 2012 15:43:39 GMT+020[...] Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gefunden : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true); Gefunden : user_pref("CommunityToolbar.notifications.locale", "en"); Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Sep 27 2012 15:43:32 GMT+0200"); Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Gefunden : user_pref("CommunityToolbar.notifications.userId", "4d94ae7e-a227-436f-8a40-9ee03a55131e"); Gefunden : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); Gefunden : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] Gefunden : user_pref("extensions.BabylonToolbar.admin", false); Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Gefunden : user_pref("extensions.BabylonToolbar.babExt", ""); Gefunden : user_pref("extensions.BabylonToolbar.babTrack", "affID=108298"); Gefunden : user_pref("extensions.BabylonToolbar.bbDpng", 27); Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Gefunden : user_pref("extensions.BabylonToolbar.dfltSrch", false); Gefunden : user_pref("extensions.BabylonToolbar.hmpg", false); Gefunden : user_pref("extensions.BabylonToolbar.id", "92835fc0000000000000c44619e637b4"); Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15356"); Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Gefunden : user_pref("extensions.BabylonToolbar.lastDP", 27); Gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1722:48:30"); Gefunden : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0"); Gefunden : user_pref("extensions.BabylonToolbar.newTab", true); Gefunden : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP"); Gefunden : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Gefunden : user_pref("extensions.BabylonToolbar.propectorlck", 87313703); Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Gefunden : user_pref("extensions.BabylonToolbar.ptch_0717", true); Gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "azb"); Gefunden : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Gefunden : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1722:48:30"); Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", ""); Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298"); Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "92835fc0000000000000c44619e637b4"); Gefunden : user_pref("extensions.BabylonToolbar_i.id", "92835fc0000000000000c44619e637b4"); Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15356"); Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false); Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:48:30"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6&ctid=CT2319825&Search[...] Profilname : default Datei : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\prefs.js Gefunden : user_pref("CT244760..clientLogIsEnabled", false); Gefunden : user_pref("CT244760..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Gefunden : user_pref("CT244760..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Gefunden : user_pref("CT244760.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Gefunden : user_pref("CT244760.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gefunden : user_pref("CT244760.AppTrackingLastCheckTime", "Fri Sep 21 2012 10:13:41 GMT+0200"); Gefunden : user_pref("CT244760.CTID", "CT244760"); Gefunden : user_pref("CT244760.CurrentServerDate", "21-9-2012"); Gefunden : user_pref("CT244760.DialogsAlignMode", "LTR"); Gefunden : user_pref("CT244760.DialogsGetterLastCheckTime", "Fri Sep 21 2012 10:11:54 GMT+0200"); Gefunden : user_pref("CT244760.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Banne[...] Gefunden : user_pref("CT244760.FeedLastCount127855917420860202", 0); Gefunden : user_pref("CT244760.FeedLastCount127856146726441149", 0); Gefunden : user_pref("CT244760.FeedPollDate127855917420860202", "Fri Sep 21 2012 10:11:54 GMT+0200"); Gefunden : user_pref("CT244760.FeedPollDate128321220698981304", "Fri Sep 21 2012 10:11:45 GMT+0200"); Gefunden : user_pref("CT244760.FeedPollDate128321220698981305", "Fri Sep 21 2012 10:11:45 GMT+0200"); Gefunden : user_pref("CT244760.FeedPollDate128321220698981306", "Fri Sep 21 2012 10:11:54 GMT+0200"); Gefunden : user_pref("CT244760.FirstServerDate", "6-7-2010"); Gefunden : user_pref("CT244760.FirstTime", true); Gefunden : user_pref("CT244760.FirstTimeFF3", true); Gefunden : user_pref("CT244760.FirstTimeSettingsDone", true); Gefunden : user_pref("CT244760.FixPageNotFoundErrors", true); Gefunden : user_pref("CT244760.GroupingServerCheckInterval", 1440); Gefunden : user_pref("CT244760.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gefunden : user_pref("CT244760.HasUserGlobalKeys", true); Gefunden : user_pref("CT244760.HomePageProtectorEnabled", false); Gefunden : user_pref("CT244760.HomepageBeforeUnload", "hxxp://www.google.de/"); Gefunden : user_pref("CT244760.Initialize", true); Gefunden : user_pref("CT244760.InitializeCommonPrefs", true); Gefunden : user_pref("CT244760.InstallationAndCookieDataSentCount", 3); Gefunden : user_pref("CT244760.InstalledDate", "Tue Jul 06 2010 18:00:34 GMT+0200"); Gefunden : user_pref("CT244760.InvalidateCache", false); Gefunden : user_pref("CT244760.IsAlertDBUpdated", true); Gefunden : user_pref("CT244760.IsGrouping", false); Gefunden : user_pref("CT244760.IsMulticommunity", false); Gefunden : user_pref("CT244760.IsOpenThankYouPage", true); Gefunden : user_pref("CT244760.IsOpenUninstallPage", true); Gefunden : user_pref("CT244760.LanguagePackLastCheckTime", "Fri Sep 21 2012 10:11:53 GMT+0200"); Gefunden : user_pref("CT244760.LanguagePackReloadIntervalMM", 1440); Gefunden : user_pref("CT244760.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"[...] Gefunden : user_pref("CT244760.LastLogin_2.7.1.3", "Wed Nov 10 2010 20:38:21 GMT+0100"); Gefunden : user_pref("CT244760.LastLogin_3.10.0.1", "Fri Jun 22 2012 10:21:37 GMT+0200"); Gefunden : user_pref("CT244760.LastLogin_3.13.0.6", "Wed Aug 08 2012 11:42:26 GMT+0200"); Gefunden : user_pref("CT244760.LastLogin_3.14.1.0", "Fri Sep 21 2012 10:11:48 GMT+0200"); Gefunden : user_pref("CT244760.LastLogin_3.2.3.3", "Mon Dec 20 2010 20:10:11 GMT+0100"); Gefunden : user_pref("CT244760.LastLogin_3.2.5.2", "Fri Apr 15 2011 11:13:36 GMT+0200"); Gefunden : user_pref("CT244760.LastLogin_3.3.3.2", "Thu Jun 23 2011 18:24:13 GMT+0200"); Gefunden : user_pref("CT244760.LastLogin_3.5.0.12", "Mon Aug 01 2011 00:32:14 GMT+0200"); Gefunden : user_pref("CT244760.LastLogin_3.6.0.10", "Sun Oct 09 2011 19:37:11 GMT+0200"); Gefunden : user_pref("CT244760.LastLogin_3.7.0.6", "Thu Oct 13 2011 12:23:32 GMT+0200"); Gefunden : user_pref("CT244760.LastLogin_3.8.0.8", "Sat Dec 24 2011 12:35:27 GMT+0100"); Gefunden : user_pref("CT244760.LastLogin_3.8.1.0", "Tue Feb 07 2012 11:04:26 GMT+0100"); Gefunden : user_pref("CT244760.LastLogin_3.9.0.3", "Thu Mar 08 2012 11:20:31 GMT+0100"); Gefunden : user_pref("CT244760.LatestVersion", "3.14.1.0"); Gefunden : user_pref("CT244760.Locale", "de"); Gefunden : user_pref("CT244760.LoginCache", 4); Gefunden : user_pref("CT244760.MCDetectTooltipHeight", "83"); Gefunden : user_pref("CT244760.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gefunden : user_pref("CT244760.MCDetectTooltipWidth", "295"); Gefunden : user_pref("CT244760.MyStuffEnabledAtInstallation", true); Gefunden : user_pref("CT244760.RadioIsPodcast", false); Gefunden : user_pref("CT244760.RadioLastCheckTime", "Fri Sep 21 2012 10:11:48 GMT+0200"); Gefunden : user_pref("CT244760.RadioLastUpdateIPServer", "3"); Gefunden : user_pref("CT244760.RadioLastUpdateServer", "0"); Gefunden : user_pref("CT244760.RadioMediaID", "hxxp://www.jazzfm.com/listen/?play=default"); Gefunden : user_pref("CT244760.RadioMediaType", "Media Player"); Gefunden : user_pref("CT244760.RadioMenuSelectedID", "EBRadioMenu_CT244760_RECENThxxp://www.jazzfm.com/listen/?[...] Gefunden : user_pref("CT244760.RadioShrinked", "expanded"); Gefunden : user_pref("CT244760.RadioStationName", "Jazz%20London"); Gefunden : user_pref("CT244760.RadioStationURL", "hxxp://www.jazzfm.com/listen/jazz_1.asx"); Gefunden : user_pref("CT244760.RadioVolume", "25"); Gefunden : user_pref("CT244760.SHRINK_TOOLBAR", 1); Gefunden : user_pref("CT244760.SearchEngine", "Google.de||hxxp://www.google.de/search?q=UCM_SEARCH_TERM"); Gefunden : user_pref("CT244760.SearchEngineBeforeUnload", "Golfresort Gut Ringhofen Customized Web Search"); Gefunden : user_pref("CT244760.SearchFromAddressBarIsInit", true); Gefunden : user_pref("CT244760.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2447[...] Gefunden : user_pref("CT244760.SearchInNewTabEnabled", true); Gefunden : user_pref("CT244760.SearchInNewTabIntervalMM", 1440); Gefunden : user_pref("CT244760.SearchInNewTabLastCheckTime", "Fri Sep 21 2012 10:11:45 GMT+0200"); Gefunden : user_pref("CT244760.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TO[...] Gefunden : user_pref("CT244760.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usag[...] Gefunden : user_pref("CT244760.SearchProtectorEnabled", true); Gefunden : user_pref("CT244760.SearchProtectorToolbarDisabled", false); Gefunden : user_pref("CT244760.ServiceMapLastCheckTime", "Fri Sep 21 2012 10:11:45 GMT+0200"); Gefunden : user_pref("CT244760.SettingsCheckIntervalMin", 120); Gefunden : user_pref("CT244760.SettingsLastCheckTime", "Fri Sep 21 2012 10:11:44 GMT+0200"); Gefunden : user_pref("CT244760.SettingsLastUpdate", "1347287073"); Gefunden : user_pref("CT244760.ThirdPartyComponentsInterval", 504); Gefunden : user_pref("CT244760.ThirdPartyComponentsLastCheck", "Fri Sep 21 2012 10:11:44 GMT+0200"); Gefunden : user_pref("CT244760.ThirdPartyComponentsLastUpdate", "1331806000"); Gefunden : user_pref("CT244760.TrusteLinkUrl", "hxxp://trust.conduit.com/CT244760"); Gefunden : user_pref("CT244760.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client[...] Gefunden : user_pref("CT244760.UserID", "UN24635254514684146"); Gefunden : user_pref("CT244760.ValidationData_Search", 2); Gefunden : user_pref("CT244760.ValidationData_Toolbar", 2); Gefunden : user_pref("CT244760.alertChannelId", "18727"); Gefunden : user_pref("CT244760.clientLogIsEnabled", true); Gefunden : user_pref("CT244760.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx[...] Gefunden : user_pref("CT244760.components.1000082", true); Gefunden : user_pref("CT244760.components.127856002708985953", true); Gefunden : user_pref("CT244760.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.co[...] Gefunden : user_pref("CT244760.globalFirstTimeInfoLastCheckTime", "Fri Sep 21 2012 10:11:53 GMT+0200"); Gefunden : user_pref("CT244760.homepageProtectorEnableByLogin", true); Gefunden : user_pref("CT244760.initDone", true); Gefunden : user_pref("CT244760.isAppTrackingManagerOn", false); Gefunden : user_pref("CT244760.myStuffEnabled", true); Gefunden : user_pref("CT244760.myStuffPublihserMinWidth", 400); Gefunden : user_pref("CT244760.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOri[...] Gefunden : user_pref("CT244760.myStuffServiceIntervalMM", 1440); Gefunden : user_pref("CT244760.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Com[...] Gefunden : user_pref("CT244760.oldAppsList", "128329605397750097,127856389617032236,111,127856135601705571,1278[...] Gefunden : user_pref("CT244760.revertSettingsEnabled", true); Gefunden : user_pref("CT244760.searchProtectorDialogDelayInSec", 10); Gefunden : user_pref("CT244760.searchProtectorEnableByLogin", true); Gefunden : user_pref("CT244760.testingCtid", ""); Gefunden : user_pref("CT244760.toolbarAppMetaDataLastCheckTime", "Fri Sep 21 2012 10:11:53 GMT+0200"); Gefunden : user_pref("CT244760.toolbarContextMenuLastCheckTime", "Fri Sep 21 2012 10:11:53 GMT+0200"); Gefunden : user_pref("CT244760.undefined", "Wed Nov 10 2010 23:17:51 GMT+0100"); Gefunden : user_pref("CT244760.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Regi[...] Gefunden : user_pref("CT244760.usagesFlag", 2); Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT244760/CT244760",[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/18727/18364/DE", "\"0\""); Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT244760", "[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT244760", [...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63438026930213[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT244760&octid=C[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/?ctid=CT244760&octid=CT2[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT244760/CT244760",[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"6c9[...] Gefunden : user_pref("CommunityToolbar.EngineOwner", ""); Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "{7a82fdd4-918d-4d50-b3db-341eeaa939f1}"); Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "golfresort_gut_ringhofen"); Gefunden : user_pref("CommunityToolbar.IsEngineShown", true); Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Rene\\AppData\\Roaming\\Mozilla\\Fi[...] Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0"); Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "CT244760"); Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{7a82fdd4-918d-4d50-b3db-341eeaa939f1}"); Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "golfresort_gut_ringhofen"); Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT244760"); Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT244760"); Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 16 2011 14:02:21 GMT+02[...] Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 06 2011 20:37:46 GMT+0200"); Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gefunden : user_pref("CommunityToolbar.alert.locale", "en"); Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 18:24:12 GMT+0200"); Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false); Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Gefunden : user_pref("CommunityToolbar.alert.userId", "{debe4943-eae6-4e77-b414-67898804e89b}"); Gefunden : user_pref("CommunityToolbar.globalUserId", "b1beb59a-2be1-4e1b-b9b5-998ba0647f79"); Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT244760"); Gefunden : user_pref("CommunityToolbar.killedEngine", true); Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Sep 21 2012 10:11:5[...] Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Sep 21 2012 10:12:01 GMT+020[...] Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gefunden : user_pref("CommunityToolbar.notifications.locale", "en"); Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Sep 21 2012 10:11:53 GMT+0200"); Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Gefunden : user_pref("CommunityToolbar.notifications.userId", "bac2edd0-9afd-436d-9c7a-04db3a9dcfb2"); Gefunden : user_pref("CommunityToolbar.undefined", ""); Gefunden : user_pref("browser.search.defaultthis.engineName", "Golfresort Gut Ringhofen Customized Web Search")[...] Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT244760&Sear[...] Gefunden : user_pref("browser.search.selectedEngine", "Golfresort Gut Ringhofen Customized Web Search"); Gefunden : user_pref("extensions.enabledAddons", "ffxtlbra@softonic.com:1.5.1,firebug@software.joehewitt.com:1.[...] Gefunden : user_pref("extensions.engine@conduit.com.install-event-fired", true); Gefunden : user_pref("extensions.ffxtlbra@softonic.com.install-event-fired", true); Gefunden : user_pref("extensions.softonic.admin", false); Gefunden : user_pref("extensions.softonic.aflt", "SD"); Gefunden : user_pref("extensions.softonic.cntry", "DE"); Gefunden : user_pref("extensions.softonic.cv", "cv5"); Gefunden : user_pref("extensions.softonic.dfltLng", "DE"); Gefunden : user_pref("extensions.softonic.dfltSrch", false); Gefunden : user_pref("extensions.softonic.envrmnt", "production"); Gefunden : user_pref("extensions.softonic.excTlbr", false); Gefunden : user_pref("extensions.softonic.hdrMd5", "53DDFF15D808875012E3B02D2C8A204C"); Gefunden : user_pref("extensions.softonic.hmpg", false); Gefunden : user_pref("extensions.softonic.id", "92835fc0000000000000c44619e637b4"); Gefunden : user_pref("extensions.softonic.instlDay", "15386"); Gefunden : user_pref("extensions.softonic.instlRef", "MON00016"); Gefunden : user_pref("extensions.softonic.lastVrsnTs", "1.5.11.59:43:16"); Gefunden : user_pref("extensions.softonic.mntrvrsn", "1.3.0"); Gefunden : user_pref("extensions.softonic.newTab", false); Gefunden : user_pref("extensions.softonic.noFFXTlbr", false); Gefunden : user_pref("extensions.softonic.prdct", "softonic"); Gefunden : user_pref("extensions.softonic.prtnrId", "softonic"); Gefunden : user_pref("extensions.softonic.sg", "az"); Gefunden : user_pref("extensions.softonic.smplGrp", "eng7"); Gefunden : user_pref("extensions.softonic.tlbrId", "base"); Gefunden : user_pref("extensions.softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSource[...] Gefunden : user_pref("extensions.softonic.updateRunOnce", true); Gefunden : user_pref("extensions.softonic.updateRunOnce1", true); Gefunden : user_pref("extensions.softonic.vrsn", "1.5.11.5"); Gefunden : user_pref("extensions.softonic.vrsnTs", "1.5.11.59:43:16"); Gefunden : user_pref("extensions.softonic.vrsni", "1.5.11.5"); Gefunden : user_pref("extensions.softonic_i.aflt", "SD"); Gefunden : user_pref("extensions.softonic_i.dfltLng", "de"); Gefunden : user_pref("extensions.softonic_i.excTlbr", false); Gefunden : user_pref("extensions.softonic_i.id", "92835fc0000000000000c44619e637b4"); Gefunden : user_pref("extensions.softonic_i.instlDay", "15386"); Gefunden : user_pref("extensions.softonic_i.instlRef", "MON00016"); Gefunden : user_pref("extensions.softonic_i.newTab", false); Gefunden : user_pref("extensions.softonic_i.prdct", "softonic"); Gefunden : user_pref("extensions.softonic_i.prtnrId", "softonic"); Gefunden : user_pref("extensions.softonic_i.smplGrp", "eng7"); Gefunden : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault_chrome"); Gefunden : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSour[...] Gefunden : user_pref("extensions.softonic_i.vrsn", "1.5.11.5"); Gefunden : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.59:43:16"); Gefunden : user_pref("extensions.softonic_i.vrsni", "1.5.11.5"); Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT244760&q="); Profilname : default Datei : C:\Users\Geli\AppData\Roaming\Mozilla\Firefox\Profiles\mbe2hbig.default\prefs.js [OK] Die Datei ist sauber. Profilname : default Datei : C:\Users\PM User\AppData\Roaming\Mozilla\Firefox\Profiles\bn0ji5z5.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. Datei : C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. Datei : C:\Users\Geli\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [52674 octets] - [28/09/2012 08:43:51] ########## EOF - C:\AdwCleaner[R1].txt - [52735 octets] ########## vile Grüße Rene So Schritt 4 abgeschlossen: Ist nun allesvorbei Gruß René Hier die Datei # AdwCleaner v2.003 - Datei am 09/28/2012 um 08:57:30 erstellt # Aktualisiert am 23/09/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Admin - PC7 # Bootmodus : Normal # Ausgeführt unter : C:\Users\Rene\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\user.js Datei Gelöscht : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\searchplugins\Conduit.xml Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar Ordner Gelöscht : C:\Program Files (x86)\Conduit Ordner Gelöscht : C:\Program Files (x86)\Softonic Ordner Gelöscht : C:\Program Files (x86)\Winload Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\Users\Admin\AppData\Local\Babylon Ordner Gelöscht : C:\Users\Admin\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\BabylonToolbar Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\CT2319825 Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0ant5zg.default\ConduitCommon Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0ant5zg.default\CT2319825 Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0ant5zg.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} Ordner Gelöscht : C:\Users\PM User\AppData\LocalLow\BabylonToolbar Ordner Gelöscht : C:\Users\PM User\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\PM User\AppData\LocalLow\Softonic Ordner Gelöscht : C:\Users\PM User\AppData\LocalLow\Winload Ordner Gelöscht : C:\Users\Rene\AppData\Local\Temp\Softonic Ordner Gelöscht : C:\Users\Rene\AppData\LocalLow\Winload Ordner Gelöscht : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\Conduit Ordner Gelöscht : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\ConduitCommon Ordner Gelöscht : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\CT244760 Ordner Gelöscht : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\extensions\{7a82fdd4-918d-4d50-b3db-341eeaa939f1} Ordner Gelöscht : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\extensions\engine@conduit.com Ordner Gelöscht : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\extensions\ffxtlbra@softonic.com Ordner Gelöscht : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\extensions\staged ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\BabylonToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\BabylonToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\Freeze.com Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF} Schlüssel Gelöscht : HKLM\Software\Softonic Schlüssel Gelöscht : HKLM\Software\Winload Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9977E00D-EDFA-4ADD-99A9-2A91B9F94CC5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F32FDCC8-5CCF-47F5-9C52-9B54ABF024AC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v11.0 (de) Profilname : default Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0ant5zg.default\prefs.js C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0ant5zg.default\user.js ... Gelöscht ! Gelöscht : user_pref("CT2319825..clientLogIsEnabled", false); Gelöscht : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Gelöscht : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Gelöscht : user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Gelöscht : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gelöscht : user_pref("CT2319825.CTID", "CT2319825"); Gelöscht : user_pref("CT2319825.CurrentServerDate", "28-9-2012"); Gelöscht : user_pref("CT2319825.DSInstall", false); Gelöscht : user_pref("CT2319825.DialogsAlignMode", "LTR"); Gelöscht : user_pref("CT2319825.DialogsGetterLastCheckTime", "Thu Sep 27 2012 15:43:38 GMT+0200"); Gelöscht : user_pref("CT2319825.DownloadReferralCookieData", ""); Gelöscht : user_pref("CT2319825.EMailNotifierPollDate", "Fri Sep 28 2012 08:49:38 GMT+0200"); Gelöscht : user_pref("CT2319825.FeedPollDate11908299", "Fri Sep 28 2012 08:39:37 GMT+0200"); Gelöscht : user_pref("CT2319825.FirstServerDate", "8-5-2012"); Gelöscht : user_pref("CT2319825.FirstTime", true); Gelöscht : user_pref("CT2319825.FirstTimeFF3", true); Gelöscht : user_pref("CT2319825.FixPageNotFoundErrors", true); Gelöscht : user_pref("CT2319825.GroupingServerCheckInterval", 1440); Gelöscht : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gelöscht : user_pref("CT2319825.HPInstall", false); Gelöscht : user_pref("CT2319825.HasUserGlobalKeys", true); Gelöscht : user_pref("CT2319825.HomePageProtectorEnabled", false); Gelöscht : user_pref("CT2319825.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties"); Gelöscht : user_pref("CT2319825.Initialize", true); Gelöscht : user_pref("CT2319825.InitializeCommonPrefs", true); Gelöscht : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3); Gelöscht : user_pref("CT2319825.InstallationId", "ConduitNSISIntegration"); Gelöscht : user_pref("CT2319825.InstallationType", "ConduitXPEIntegration"); Gelöscht : user_pref("CT2319825.InstalledDate", "Tue May 08 2012 19:09:38 GMT+0200"); Gelöscht : user_pref("CT2319825.InvalidateCache", false); Gelöscht : user_pref("CT2319825.IsAlertDBUpdated", true); Gelöscht : user_pref("CT2319825.IsGrouping", false); Gelöscht : user_pref("CT2319825.IsInitSetupIni", true); Gelöscht : user_pref("CT2319825.IsMulticommunity", false); Gelöscht : user_pref("CT2319825.IsOpenThankYouPage", false); Gelöscht : user_pref("CT2319825.IsOpenUninstallPage", true); Gelöscht : user_pref("CT2319825.LanguagePackLastCheckTime", "Thu Sep 27 2012 15:43:36 GMT+0200"); Gelöscht : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440); Gelöscht : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Gelöscht : user_pref("CT2319825.LastLogin_3.10.0.455", "Thu Jun 07 2012 19:26:04 GMT+0200"); Gelöscht : user_pref("CT2319825.LastLogin_3.13.0.6", "Thu Sep 13 2012 13:05:29 GMT+0200"); Gelöscht : user_pref("CT2319825.LastLogin_3.15.1.0", "Fri Sep 28 2012 08:39:37 GMT+0200"); Gelöscht : user_pref("CT2319825.LatestVersion", "3.15.1.0"); Gelöscht : user_pref("CT2319825.Locale", "de"); Gelöscht : user_pref("CT2319825.MCDetectTooltipHeight", "83"); Gelöscht : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gelöscht : user_pref("CT2319825.MCDetectTooltipWidth", "295"); Gelöscht : user_pref("CT2319825.MyStuffEnabledAtInstallation", true); Gelöscht : user_pref("CT2319825.OriginalFirstVersion", "3.10.0.455"); Gelöscht : user_pref("CT2319825.RadioIsPodcast", false); Gelöscht : user_pref("CT2319825.RadioLastCheckTime", "Thu Sep 27 2012 15:43:32 GMT+0200"); Gelöscht : user_pref("CT2319825.RadioLastUpdateIPServer", "3"); Gelöscht : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000"); Gelöscht : user_pref("CT2319825.RadioMediaID", "11949532"); Gelöscht : user_pref("CT2319825.RadioMediaType", "Media Player"); Gelöscht : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532"); Gelöscht : user_pref("CT2319825.RadioShrinkedFromSetup", false); Gelöscht : user_pref("CT2319825.RadioStationName", "1Live"); Gelöscht : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...] Gelöscht : user_pref("CT2319825.SearchCaption", "Winload Customized Web Search"); Gelöscht : user_pref("CT2319825.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Gelöscht : user_pref("CT2319825.SearchFromAddressBarIsInit", true); Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6[...] Gelöscht : user_pref("CT2319825.SearchInNewTabEnabled", true); Gelöscht : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440); Gelöscht : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Thu Sep 27 2012 15:43:30 GMT+0200"); Gelöscht : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Gelöscht : user_pref("CT2319825.SearchProtectorEnabled", false); Gelöscht : user_pref("CT2319825.SearchProtectorToolbarDisabled", false); Gelöscht : user_pref("CT2319825.SendProtectorDataViaLogin", true); Gelöscht : user_pref("CT2319825.ServiceMapLastCheckTime", "Thu Sep 27 2012 15:43:31 GMT+0200"); Gelöscht : user_pref("CT2319825.SettingsLastCheckTime", "Fri Sep 28 2012 08:39:35 GMT+0200"); Gelöscht : user_pref("CT2319825.SettingsLastUpdate", "1348763560"); Gelöscht : user_pref("CT2319825.TBHomePageUrl", "hxxp://search.conduit.com/?SSPV=FFOB6&ctid=CT2319825&SearchSou[...] Gelöscht : user_pref("CT2319825.ThirdPartyComponentsInterval", 504); Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Wed Sep 12 2012 14:41:15 GMT+0200"); Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1331806000"); Gelöscht : user_pref("CT2319825.ToolbarShrinkedFromSetup", false); Gelöscht : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825"); Gelöscht : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Gelöscht : user_pref("CT2319825.UserID", "UN97219850009179682"); Gelöscht : user_pref("CT2319825.ValidationData_Search", 0); Gelöscht : user_pref("CT2319825.ValidationData_Toolbar", 0); Gelöscht : user_pref("CT2319825.WeatherNetwork", ""); Gelöscht : user_pref("CT2319825.WeatherPollDate", "Fri Sep 28 2012 08:39:37 GMT+0200"); Gelöscht : user_pref("CT2319825.WeatherUnit", "C"); Gelöscht : user_pref("CT2319825.alertChannelId", "715912"); Gelöscht : user_pref("CT2319825.autoDisableScopes", -1); Gelöscht : user_pref("CT2319825.backendstorage.id", "3433303238363936"); Gelöscht : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Gelöscht : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Thu Sep 27 2012 15:43:36 GMT+0200"); Gelöscht : user_pref("CT2319825.homepageProtectorEnableByLogin", true); Gelöscht : user_pref("CT2319825.initDone", true); Gelöscht : user_pref("CT2319825.isAppTrackingManagerOn", false); Gelöscht : user_pref("CT2319825.isFirstRadioInstallation", false); Gelöscht : user_pref("CT2319825.myStuffEnabled", true); Gelöscht : user_pref("CT2319825.myStuffPublihserMinWidth", 400); Gelöscht : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Gelöscht : user_pref("CT2319825.myStuffServiceIntervalMM", 1440); Gelöscht : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Gelöscht : user_pref("CT2319825.navigateToUrlOnSearch", false); Gelöscht : user_pref("CT2319825.oldAppsList", "128898076802619665,128898076802619666,111,1000082,12976905385255[...] Gelöscht : user_pref("CT2319825.revertSettingsEnabled", true); Gelöscht : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10); Gelöscht : user_pref("CT2319825.searchProtectorEnableByLogin", true); Gelöscht : user_pref("CT2319825.testingCtid", ""); Gelöscht : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Thu Sep 27 2012 15:43:36 GMT+0200"); Gelöscht : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Thu Sep 27 2012 15:43:36 GMT+0200"); Gelöscht : user_pref("CT2319825.usagesFlag", 2); Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"")[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"e58[...] Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Admin\\AppData\\Roaming\\Mozilla\\F[...] Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0"); Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2319825"); Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825"); Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2319825"); Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Sep 27 2012 15:43:31 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.globalUserId", "2303110d-4c77-4957-b3fb-ac7ce422d869"); Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825"); Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Sep 27 2012 15:43:3[...] Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Sep 27 2012 15:43:39 GMT+020[...] Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gelöscht : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true); Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en"); Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Sep 27 2012 15:43:32 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Gelöscht : user_pref("CommunityToolbar.notifications.userId", "4d94ae7e-a227-436f-8a40-9ee03a55131e"); Gelöscht : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] Gelöscht : user_pref("extensions.BabylonToolbar.admin", false); Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Gelöscht : user_pref("extensions.BabylonToolbar.babExt", ""); Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=108298"); Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 27); Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", false); Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false); Gelöscht : user_pref("extensions.BabylonToolbar.id", "92835fc0000000000000c44619e637b4"); Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15356"); Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 27); Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1722:48:30"); Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0"); Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true); Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP"); Gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 87313703); Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true); Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "azb"); Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1722:48:30"); Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", ""); Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298"); Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "92835fc0000000000000c44619e637b4"); Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "92835fc0000000000000c44619e637b4"); Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15356"); Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false); Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:48:30"); Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6&ctid=CT2319825&Search[...] Profilname : default Datei : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\prefs.js C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\fz2x3jed.default\user.js ... Gelöscht ! Gelöscht : user_pref("CT244760..clientLogIsEnabled", false); Gelöscht : user_pref("CT244760..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Gelöscht : user_pref("CT244760..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Gelöscht : user_pref("CT244760.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Gelöscht : user_pref("CT244760.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gelöscht : user_pref("CT244760.AppTrackingLastCheckTime", "Fri Sep 21 2012 10:13:41 GMT+0200"); Gelöscht : user_pref("CT244760.CTID", "CT244760"); Gelöscht : user_pref("CT244760.CurrentServerDate", "21-9-2012"); Gelöscht : user_pref("CT244760.DialogsAlignMode", "LTR"); Gelöscht : user_pref("CT244760.DialogsGetterLastCheckTime", "Fri Sep 21 2012 10:11:54 GMT+0200"); Gelöscht : user_pref("CT244760.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Banne[...] Gelöscht : user_pref("CT244760.FeedLastCount127855917420860202", 0); Gelöscht : user_pref("CT244760.FeedLastCount127856146726441149", 0); Gelöscht : user_pref("CT244760.FeedPollDate127855917420860202", "Fri Sep 21 2012 10:11:54 GMT+0200"); Gelöscht : user_pref("CT244760.FeedPollDate128321220698981304", "Fri Sep 21 2012 10:11:45 GMT+0200"); Gelöscht : user_pref("CT244760.FeedPollDate128321220698981305", "Fri Sep 21 2012 10:11:45 GMT+0200"); Gelöscht : user_pref("CT244760.FeedPollDate128321220698981306", "Fri Sep 21 2012 10:11:54 GMT+0200"); Gelöscht : user_pref("CT244760.FirstServerDate", "6-7-2010"); Gelöscht : user_pref("CT244760.FirstTime", true); Gelöscht : user_pref("CT244760.FirstTimeFF3", true); Gelöscht : user_pref("CT244760.FirstTimeSettingsDone", true); Gelöscht : user_pref("CT244760.FixPageNotFoundErrors", true); Gelöscht : user_pref("CT244760.GroupingServerCheckInterval", 1440); Gelöscht : user_pref("CT244760.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gelöscht : user_pref("CT244760.HasUserGlobalKeys", true); Gelöscht : user_pref("CT244760.HomePageProtectorEnabled", false); Gelöscht : user_pref("CT244760.HomepageBeforeUnload", "hxxp://www.google.de/"); Gelöscht : user_pref("CT244760.Initialize", true); Gelöscht : user_pref("CT244760.InitializeCommonPrefs", true); Gelöscht : user_pref("CT244760.InstallationAndCookieDataSentCount", 3); Gelöscht : user_pref("CT244760.InstalledDate", "Tue Jul 06 2010 18:00:34 GMT+0200"); Gelöscht : user_pref("CT244760.InvalidateCache", false); Gelöscht : user_pref("CT244760.IsAlertDBUpdated", true); Gelöscht : user_pref("CT244760.IsGrouping", false); Gelöscht : user_pref("CT244760.IsMulticommunity", false); Gelöscht : user_pref("CT244760.IsOpenThankYouPage", true); Gelöscht : user_pref("CT244760.IsOpenUninstallPage", true); Gelöscht : user_pref("CT244760.LanguagePackLastCheckTime", "Fri Sep 21 2012 10:11:53 GMT+0200"); Gelöscht : user_pref("CT244760.LanguagePackReloadIntervalMM", 1440); Gelöscht : user_pref("CT244760.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"[...] Gelöscht : user_pref("CT244760.LastLogin_2.7.1.3", "Wed Nov 10 2010 20:38:21 GMT+0100"); Gelöscht : user_pref("CT244760.LastLogin_3.10.0.1", "Fri Jun 22 2012 10:21:37 GMT+0200"); Gelöscht : user_pref("CT244760.LastLogin_3.13.0.6", "Wed Aug 08 2012 11:42:26 GMT+0200"); Gelöscht : user_pref("CT244760.LastLogin_3.14.1.0", "Fri Sep 21 2012 10:11:48 GMT+0200"); Gelöscht : user_pref("CT244760.LastLogin_3.2.3.3", "Mon Dec 20 2010 20:10:11 GMT+0100"); Gelöscht : user_pref("CT244760.LastLogin_3.2.5.2", "Fri Apr 15 2011 11:13:36 GMT+0200"); Gelöscht : user_pref("CT244760.LastLogin_3.3.3.2", "Thu Jun 23 2011 18:24:13 GMT+0200"); Gelöscht : user_pref("CT244760.LastLogin_3.5.0.12", "Mon Aug 01 2011 00:32:14 GMT+0200"); Gelöscht : user_pref("CT244760.LastLogin_3.6.0.10", "Sun Oct 09 2011 19:37:11 GMT+0200"); Gelöscht : user_pref("CT244760.LastLogin_3.7.0.6", "Thu Oct 13 2011 12:23:32 GMT+0200"); Gelöscht : user_pref("CT244760.LastLogin_3.8.0.8", "Sat Dec 24 2011 12:35:27 GMT+0100"); Gelöscht : user_pref("CT244760.LastLogin_3.8.1.0", "Tue Feb 07 2012 11:04:26 GMT+0100"); Gelöscht : user_pref("CT244760.LastLogin_3.9.0.3", "Thu Mar 08 2012 11:20:31 GMT+0100"); Gelöscht : user_pref("CT244760.LatestVersion", "3.14.1.0"); Gelöscht : user_pref("CT244760.Locale", "de"); Gelöscht : user_pref("CT244760.LoginCache", 4); Gelöscht : user_pref("CT244760.MCDetectTooltipHeight", "83"); Gelöscht : user_pref("CT244760.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gelöscht : user_pref("CT244760.MCDetectTooltipWidth", "295"); Gelöscht : user_pref("CT244760.MyStuffEnabledAtInstallation", true); Gelöscht : user_pref("CT244760.RadioIsPodcast", false); Gelöscht : user_pref("CT244760.RadioLastCheckTime", "Fri Sep 21 2012 10:11:48 GMT+0200"); Gelöscht : user_pref("CT244760.RadioLastUpdateIPServer", "3"); Gelöscht : user_pref("CT244760.RadioLastUpdateServer", "0"); Gelöscht : user_pref("CT244760.RadioMediaID", "hxxp://www.jazzfm.com/listen/?play=default"); Gelöscht : user_pref("CT244760.RadioMediaType", "Media Player"); Gelöscht : user_pref("CT244760.RadioMenuSelectedID", "EBRadioMenu_CT244760_RECENThxxp://www.jazzfm.com/listen/?[...] Gelöscht : user_pref("CT244760.RadioShrinked", "expanded"); Gelöscht : user_pref("CT244760.RadioStationName", "Jazz%20London"); Gelöscht : user_pref("CT244760.RadioStationURL", "hxxp://www.jazzfm.com/listen/jazz_1.asx"); Gelöscht : user_pref("CT244760.RadioVolume", "25"); Gelöscht : user_pref("CT244760.SHRINK_TOOLBAR", 1); Gelöscht : user_pref("CT244760.SearchEngine", "Google.de||hxxp://www.google.de/search?q=UCM_SEARCH_TERM"); Gelöscht : user_pref("CT244760.SearchEngineBeforeUnload", "Golfresort Gut Ringhofen Customized Web Search"); Gelöscht : user_pref("CT244760.SearchFromAddressBarIsInit", true); Gelöscht : user_pref("CT244760.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2447[...] Gelöscht : user_pref("CT244760.SearchInNewTabEnabled", true); Gelöscht : user_pref("CT244760.SearchInNewTabIntervalMM", 1440); Gelöscht : user_pref("CT244760.SearchInNewTabLastCheckTime", "Fri Sep 21 2012 10:11:45 GMT+0200"); Gelöscht : user_pref("CT244760.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TO[...] Gelöscht : user_pref("CT244760.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usag[...] Gelöscht : user_pref("CT244760.SearchProtectorEnabled", true); Gelöscht : user_pref("CT244760.SearchProtectorToolbarDisabled", false); Gelöscht : user_pref("CT244760.ServiceMapLastCheckTime", "Fri Sep 21 2012 10:11:45 GMT+0200"); Gelöscht : user_pref("CT244760.SettingsCheckIntervalMin", 120); Gelöscht : user_pref("CT244760.SettingsLastCheckTime", "Fri Sep 21 2012 10:11:44 GMT+0200"); Gelöscht : user_pref("CT244760.SettingsLastUpdate", "1347287073"); Gelöscht : user_pref("CT244760.ThirdPartyComponentsInterval", 504); Gelöscht : user_pref("CT244760.ThirdPartyComponentsLastCheck", "Fri Sep 21 2012 10:11:44 GMT+0200"); Gelöscht : user_pref("CT244760.ThirdPartyComponentsLastUpdate", "1331806000"); Gelöscht : user_pref("CT244760.TrusteLinkUrl", "hxxp://trust.conduit.com/CT244760"); Gelöscht : user_pref("CT244760.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client[...] Gelöscht : user_pref("CT244760.UserID", "UN24635254514684146"); Gelöscht : user_pref("CT244760.ValidationData_Search", 2); Gelöscht : user_pref("CT244760.ValidationData_Toolbar", 2); Gelöscht : user_pref("CT244760.alertChannelId", "18727"); Gelöscht : user_pref("CT244760.clientLogIsEnabled", true); Gelöscht : user_pref("CT244760.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx[...] Gelöscht : user_pref("CT244760.components.1000082", true); Gelöscht : user_pref("CT244760.components.127856002708985953", true); Gelöscht : user_pref("CT244760.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.co[...] Gelöscht : user_pref("CT244760.globalFirstTimeInfoLastCheckTime", "Fri Sep 21 2012 10:11:53 GMT+0200"); Gelöscht : user_pref("CT244760.homepageProtectorEnableByLogin", true); Gelöscht : user_pref("CT244760.initDone", true); Gelöscht : user_pref("CT244760.isAppTrackingManagerOn", false); Gelöscht : user_pref("CT244760.myStuffEnabled", true); Gelöscht : user_pref("CT244760.myStuffPublihserMinWidth", 400); Gelöscht : user_pref("CT244760.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOri[...] Gelöscht : user_pref("CT244760.myStuffServiceIntervalMM", 1440); Gelöscht : user_pref("CT244760.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Com[...] Gelöscht : user_pref("CT244760.oldAppsList", "128329605397750097,127856389617032236,111,127856135601705571,1278[...] Gelöscht : user_pref("CT244760.revertSettingsEnabled", true); Gelöscht : user_pref("CT244760.searchProtectorDialogDelayInSec", 10); Gelöscht : user_pref("CT244760.searchProtectorEnableByLogin", true); Gelöscht : user_pref("CT244760.testingCtid", ""); Gelöscht : user_pref("CT244760.toolbarAppMetaDataLastCheckTime", "Fri Sep 21 2012 10:11:53 GMT+0200"); Gelöscht : user_pref("CT244760.toolbarContextMenuLastCheckTime", "Fri Sep 21 2012 10:11:53 GMT+0200"); Gelöscht : user_pref("CT244760.undefined", "Wed Nov 10 2010 23:17:51 GMT+0100"); Gelöscht : user_pref("CT244760.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Regi[...] Gelöscht : user_pref("CT244760.usagesFlag", 2); Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT244760/CT244760",[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/18727/18364/DE", "\"0\""); Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT244760", "[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT244760", [...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63438026930213[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT244760&octid=C[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/?ctid=CT244760&octid=CT2[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT244760/CT244760",[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"6c9[...] Gelöscht : user_pref("CommunityToolbar.EngineOwner", ""); Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{7a82fdd4-918d-4d50-b3db-341eeaa939f1}"); Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "golfresort_gut_ringhofen"); Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true); Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Rene\\AppData\\Roaming\\Mozilla\\Fi[...] Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0"); Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT244760"); Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{7a82fdd4-918d-4d50-b3db-341eeaa939f1}"); Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "golfresort_gut_ringhofen"); Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT244760"); Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT244760"); Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 16 2011 14:02:21 GMT+02[...] Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 06 2011 20:37:46 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gelöscht : user_pref("CommunityToolbar.alert.locale", "en"); Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 18:24:12 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false); Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Gelöscht : user_pref("CommunityToolbar.alert.userId", "{debe4943-eae6-4e77-b414-67898804e89b}"); Gelöscht : user_pref("CommunityToolbar.globalUserId", "b1beb59a-2be1-4e1b-b9b5-998ba0647f79"); Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT244760"); Gelöscht : user_pref("CommunityToolbar.killedEngine", true); Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Sep 21 2012 10:11:5[...] Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Sep 21 2012 10:12:01 GMT+020[...] Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en"); Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Sep 21 2012 10:11:53 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Gelöscht : user_pref("CommunityToolbar.notifications.userId", "bac2edd0-9afd-436d-9c7a-04db3a9dcfb2"); Gelöscht : user_pref("CommunityToolbar.undefined", ""); Gelöscht : user_pref("browser.search.defaultthis.engineName", "Golfresort Gut Ringhofen Customized Web Search")[...] Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT244760&Sear[...] Gelöscht : user_pref("browser.search.selectedEngine", "Golfresort Gut Ringhofen Customized Web Search"); Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbra@softonic.com:1.5.1,firebug@software.joehewitt.com:1.[...] Gelöscht : user_pref("extensions.engine@conduit.com.install-event-fired", true); Gelöscht : user_pref("extensions.ffxtlbra@softonic.com.install-event-fired", true); Gelöscht : user_pref("extensions.softonic.admin", false); Gelöscht : user_pref("extensions.softonic.aflt", "SD"); Gelöscht : user_pref("extensions.softonic.cntry", "DE"); Gelöscht : user_pref("extensions.softonic.cv", "cv5"); Gelöscht : user_pref("extensions.softonic.dfltLng", "DE"); Gelöscht : user_pref("extensions.softonic.dfltSrch", false); Gelöscht : user_pref("extensions.softonic.envrmnt", "production"); Gelöscht : user_pref("extensions.softonic.excTlbr", false); Gelöscht : user_pref("extensions.softonic.hdrMd5", "53DDFF15D808875012E3B02D2C8A204C"); Gelöscht : user_pref("extensions.softonic.hmpg", false); Gelöscht : user_pref("extensions.softonic.id", "92835fc0000000000000c44619e637b4"); Gelöscht : user_pref("extensions.softonic.instlDay", "15386"); Gelöscht : user_pref("extensions.softonic.instlRef", "MON00016"); Gelöscht : user_pref("extensions.softonic.lastVrsnTs", "1.5.11.59:43:16"); Gelöscht : user_pref("extensions.softonic.mntrvrsn", "1.3.0"); Gelöscht : user_pref("extensions.softonic.newTab", false); Gelöscht : user_pref("extensions.softonic.noFFXTlbr", false); Gelöscht : user_pref("extensions.softonic.prdct", "softonic"); Gelöscht : user_pref("extensions.softonic.prtnrId", "softonic"); Gelöscht : user_pref("extensions.softonic.sg", "az"); Gelöscht : user_pref("extensions.softonic.smplGrp", "eng7"); Gelöscht : user_pref("extensions.softonic.tlbrId", "base"); Gelöscht : user_pref("extensions.softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSource[...] Gelöscht : user_pref("extensions.softonic.updateRunOnce", true); Gelöscht : user_pref("extensions.softonic.updateRunOnce1", true); Gelöscht : user_pref("extensions.softonic.vrsn", "1.5.11.5"); Gelöscht : user_pref("extensions.softonic.vrsnTs", "1.5.11.59:43:16"); Gelöscht : user_pref("extensions.softonic.vrsni", "1.5.11.5"); Gelöscht : user_pref("extensions.softonic_i.aflt", "SD"); Gelöscht : user_pref("extensions.softonic_i.dfltLng", "de"); Gelöscht : user_pref("extensions.softonic_i.excTlbr", false); Gelöscht : user_pref("extensions.softonic_i.id", "92835fc0000000000000c44619e637b4"); Gelöscht : user_pref("extensions.softonic_i.instlDay", "15386"); Gelöscht : user_pref("extensions.softonic_i.instlRef", "MON00016"); Gelöscht : user_pref("extensions.softonic_i.newTab", false); Gelöscht : user_pref("extensions.softonic_i.prdct", "softonic"); Gelöscht : user_pref("extensions.softonic_i.prtnrId", "softonic"); Gelöscht : user_pref("extensions.softonic_i.smplGrp", "eng7"); Gelöscht : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault_chrome"); Gelöscht : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSour[...] Gelöscht : user_pref("extensions.softonic_i.vrsn", "1.5.11.5"); Gelöscht : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.59:43:16"); Gelöscht : user_pref("extensions.softonic_i.vrsni", "1.5.11.5"); Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT244760&q="); Profilname : default Datei : C:\Users\Geli\AppData\Roaming\Mozilla\Firefox\Profiles\mbe2hbig.default\prefs.js [OK] Die Datei ist sauber. Profilname : default Datei : C:\Users\PM User\AppData\Roaming\Mozilla\Firefox\Profiles\bn0ji5z5.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. Datei : C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. Datei : C:\Users\Geli\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [52747 octets] - [28/09/2012 08:43:51] AdwCleaner[R2].txt - [52805 octets] - [28/09/2012 08:55:25] AdwCleaner[S2].txt - [53649 octets] - [28/09/2012 08:57:30] ########## EOF - C:\AdwCleaner[S2].txt - [53710 octets] ########## |
28.09.2012, 10:42 | #9 |
/// Helfer-Team | Trojaner - Gegen Gesetze der Bundesrepublik ... Hellomoto Bitte das Malwarebytes Logfile posten! (Reiter Logberichte) |
28.09.2012, 11:42 | #10 |
| Trojaner - Gegen Gesetze der Bundesrepublik ... Hellomoto Hallo t´john, hier der Logfile Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.27.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Admin :: PC7 [Administrator] 27.09.2012 16:29:00 mbam-log-2012-09-27 (22-10-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1054738 Laufzeit: 4 Stunde(n), 40 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Admin\AppData\Local\Temp\ltsilentio\npm.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Admin\AppData\Local\Temp\ltsilentio\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Admin\AppData\Local\Temp\ltsilentio\loadtbs\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. (Ende) In der Quarantäne habe ich Löschen ausgeführt. |
28.09.2012, 14:28 | #11 |
/// Helfer-Team | Trojaner - Gegen Gesetze der Bundesrepublik ... Hellomoto Sehr gut! Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
28.09.2012, 15:11 | #12 |
| Trojaner - Gegen Gesetze der Bundesrepublik ... Hellomoto sehr sehr vorsichtig ;-) Ist schwer einzuschätzen, da man bei jedem Husten jetzt sofort eine Grippe vermutet. Auf jeden Fall ein ganz dickes Lob und vielen Dank an euer Team. René |
Themen zu Trojaner - Gegen Gesetze der Bundesrepublik ... Hellomoto |
adobe, association, babylon toolbar, babylontoolbar, bho, bonjour, cdburnerxp, conduit, defender, document, explorer, firefox, firewall, flash player, format, ftp, google, gruppe, helper, homepage, limited.com/facebook, logfile, plug-in, problem, realtek, registry, scan, security, server, software, trojaner, usb, windows, winload toolbar, wlan |