| |
| |||||||
Log-Analyse und Auswertung: In Firefox öffnet sich neues Fenster ( mit Wikipedia )Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.02.2013, 20:10
| #1 |
| |  In Firefox öffnet sich neues Fenster ( mit Wikipedia ) Hi und guten Abend ! Nach den vorliegenden Anweisungen habe ich "gmer" laufen lassen und poste den Log-file. Das Problem ist, dass ( vermutlich nach einer Aktualisierung von Adobe Flash Player ) sich ein neues Browserfenster öffnet ( firefox ) und immer eine Wikipedia-Seite angezeigt wird. Vermutlich wird es nicht genügen den Flash Player zu deinstallieren, daher meine Bitte um Hilfe. Ich habe hier Windows 7 - 32 bit. Vielen Dnak natürlich im Voraus !! Hier der Log-File: GMER Logfile: Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-03 19:54:43
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000075 TOSHIBA_ rev.AX00 931,51GB
Running: neu_gmer.com.exe; Driver: C:\Users\ALF\AppData\Local\Temp\uwldrpow.sys
---- System - GMER 2.0 ----
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x92C3306E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x92C33936]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x913A30DA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x92C32AC4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x913A3CA6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x92C4E1C6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x92C335CE]
SSDT 923691B6 ZwCreateSection
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys ZwCreateThreadEx [0x912646C0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x92C3372C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x913A3EB8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x913A7714]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x913A7756]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x913A78FA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x92C5098A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x92C50E3C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0x92C52D18]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x913A3DCA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x913A3282]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x913A3482]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x913A35C2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x913A785E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x913A77A8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x913A77EA]
SSDT 923691C0 ZwRequestWaitReplyPort
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x913A7824]
SSDT 923691BB ZwSetContextThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x913A3F6A]
SSDT 923691C5 ZwSetSecurityObject
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x913A769C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x913A2FE6]
SSDT 923691CA ZwSystemDebugControl
SSDT 92369157 ZwTerminateProcess
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x913A2F46]
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 84274A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 842AE4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 842B5534 8 Bytes [6E, 30, C3, 92, 36, 39, C3, ...] {OUTS DX, BYTE [ESI]; XOR BL, AL; XCHG EDX, EAX; CMP EBX, EAX; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 842B5588 4 Bytes [DA, 30, 3A, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 842B55C8 4 Bytes [C4, 2A, C3, 92] {LES EBP, [EDX]; RET ; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 842B55E4 4 Bytes [A6, 3C, 3A, 91] {CMPSB ; CMP AL, 0x3a; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 842B55F4 4 Bytes [C6, E1, C4, 92]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93835000, 0x3617E0, 0xE8000020]
PAGE peauth.sys A8F5E02C 102 Bytes JMP 8577158A
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[976] ntdll.dll!KiUserApcDispatcher 76EC6F38 5 Bytes JMP 00414FF0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[976] WS2_32.dll!getaddrinfo 76474296 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[976] WS2_32.dll!gethostbyname 76487673 5 Bytes JMP 71AE0022
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1948] USER32.dll!GetUpdateRect + CF 7670A644 5 Bytes JMP 20CB9266 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2172] ntdll.dll!KiUserApcDispatcher 76EC6F38 5 Bytes JMP 0043A7C0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2172] WS2_32.dll!getaddrinfo 76474296 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2172] WS2_32.dll!gethostbyname 76487673 5 Bytes JMP 71AE0022
---- Kernel IAT/EAT - GMER 2.0 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [92C38592] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [92C37DA0] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [92C364F6] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [92C37F4A] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [92C37F4A] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [92C38592] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [92C37DA0] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [92C364F6] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [92C37F4A] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [92C364F6] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [92C38592] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [92C37DA0] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
---- User IAT/EAT - GMER 2.0 ----
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1948] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!RegisterWaitForSingleObject] [6F731F20] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1948] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6F7320F0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [712D24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [712B562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [712B56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [712D2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [712C85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [712C4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [712C5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [712C51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [712C6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [712C8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [712C8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [712C90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [712CE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [712C4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F0FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F0FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F0FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F0FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74F0FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\000272199da2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\000272199da2@347e39598841 0xE2 0x25 0xAA 0x9D ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\000272199da2@02bdada3574b 0xD2 0x44 0x63 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272199da2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272199da2@347e39598841 0x32 0x7E 0x20 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272199da2@e8e5d6a2163e 0x98 0x54 0x37 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272199da2@6ca780e4fd55 0x14 0x5D 0xA3 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\222222222222
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\000272199da2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\000272199da2@347e39598841 0x32 0x7E 0x20 0x4E ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\000272199da2@e8e5d6a2163e 0x98 0x54 0x37 0x7D ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\000272199da2@6ca780e4fd55 0x14 0x5D 0xA3 0x4C ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\222222222222 (not active ControlSet)
---- EOF - GMER 2.0 ----
|
|
04.02.2013, 01:45
| #2 |
| /// Helfer-Team  | In Firefox öffnet sich neues Fenster ( mit Wikipedia ) 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
04.02.2013, 16:10
| #3 |
| | In Firefox öffnet sich neues Fenster ( mit Wikipedia ) Hi t'John,
__________________Vielen Dank für Deine Antwort ! Hier schon 'mal der "Malware-log": Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.04.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 ALF :: ALF-PC [Administrator] Schutz: Aktiviert 04/02/2013 8:18:00 mbam-log-2013-02-04 (08-18-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 700557 Laufzeit: 7 Stunde(n), 48 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Und noch einmal "Hallo" t'John ! Hier nun der OTL-log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 04/02/2013 16:16:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALF\Desktop\Data In Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy 2,97 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 20,17% Memory free 5,93 Gb Paging File | 3,27 Gb Available in Paging File | 55,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 381,75 Gb Total Space | 287,31 Gb Free Space | 75,26% Space Free | Partition Type: NTFS Drive D: | 304,48 Gb Total Space | 279,62 Gb Free Space | 91,84% Space Free | Partition Type: NTFS Drive G: | 244,43 Gb Total Space | 170,31 Gb Free Space | 69,67% Space Free | Partition Type: NTFS Computer Name: ALF-PC | User Name: ALF | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\ALF\Desktop\Data In\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.) PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Archivos de programa\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software) PRC - C:\Archivos de programa\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Archivos de programa\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Archivos de programa\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Archivos de programa\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Archivos de programa\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Archivos de programa\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Archivos de programa\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Archivos de programa\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Archivos de programa\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Archivos de programa\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - c:\Archivos de programa\Ocster Backup\bin\backupService-ox.exe () PRC - c:\Archivos de programa\Ocster Backup\bin\oxHelper.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Archivos de programa\OpenOffice.org 3\program\swriter.exe (OpenOffice.org) PRC - C:\Archivos de programa\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Archivos de programa\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Windows\snuvcdsm.exe () PRC - C:\Archivos de programa\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Archivos de programa\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\Archivos de programa\Mozilla Firefox\mozjs.dll () MOD - C:\Archivos de programa\Mozilla Thunderbird\mozjs.dll () MOD - C:\Archivos de programa\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Archivos de programa\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Archivos de programa\Trusteer\Rapport\bin\js32.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll () MOD - C:\Archivos de programa\FileZilla FTP Client\fzshellext.dll () MOD - c:\Archivos de programa\Ocster Backup\bin\ox.dll () MOD - c:\Archivos de programa\Ocster Backup\bin\oxHelper.exe () MOD - c:\Archivos de programa\Ocster Backup\bin\wxmsw28u_xrc_vc_ox.dll () MOD - c:\Archivos de programa\Ocster Backup\bin\wxbase28u_xml_vc_ox.dll () MOD - c:\Archivos de programa\Ocster Backup\bin\wxmsw28u_html_vc_ox.dll () MOD - c:\Archivos de programa\Ocster Backup\bin\wxmsw28u_adv_vc_ox.dll () MOD - c:\Archivos de programa\Ocster Backup\bin\wxmsw28u_core_vc_ox.dll () MOD - c:\Archivos de programa\Ocster Backup\bin\wxbase28u_net_vc_ox.dll () MOD - c:\Archivos de programa\Ocster Backup\bin\wxbase28u_vc_ox.dll () MOD - C:\Archivos de programa\OpenOffice.org 3\program\libxslt.dll () MOD - C:\Archivos de programa\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\_socket.pyd () MOD - C:\Archivos de programa\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\snuvcdsm.exe () MOD - C:\Archivos de programa\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll () ========== Services (SafeList) ========== SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NitroReaderDriverReadSpool3) -- C:\Archivos de programa\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software) SRV - (SkypeUpdate) -- C:\Archivos de programa\Skype\Updater\Updater.exe (Skype Technologies) SRV - (RapportMgmtService) -- C:\Archivos de programa\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (AdobeARMservice) -- C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (vsmon) -- C:\Archivos de programa\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Archivos de programa\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) SRV - (TeamViewer7) -- C:\Archivos de programa\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SolutoService) -- C:\Archivos de programa\Soluto\SolutoService.exe (Soluto) SRV - (ocster_backup) -- c:\Archivos de programa\Ocster Backup\bin\backupService-ox.exe () SRV - (ServiceLayer) -- C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WefiEngSvc) -- D:\Program Files\WeFi\WeFi\WefiEngSvc.exe (WeFi) SRV - (TomTomHOMEService) -- C:\Archivos de programa\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.) SRV - (EPSON_EB_RPCV4_04) -- C:\Archivos de programa\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_04) -- C:\Archivos de programa\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION) SRV - (DfSdkS) -- C:\Archivos de programa\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe (mst software GmbH, Germany) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (ZTEusbwwan) -- system32\DRIVERS\ZTEusbwwan.sys File not found DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (ZTEusbMB) -- system32\DRIVERS\ZTEusbnmeaext2.sys File not found DRV - (USBZTECCID) -- system32\DRIVERS\ZTEusbccid.sys File not found DRV - (StarOpen) -- File not found DRV - (massfilter_hs) -- system32\drivers\massfilter_hs.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (cpuz135) -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys File not found DRV - (connctfyMP) -- system32\DRIVERS\connctfy.sys File not found DRV - (connctfy) -- system32\DRIVERS\connctfy.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (RapportEI) -- C:\Archivos de programa\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.) DRV - (RapportKELL) -- C:\Windows\System32\drivers\RapportKELL.sys (Trusteer Ltd.) DRV - (RapportPG) -- C:\Archivos de programa\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ISWKL) -- C:\Archivos de programa\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (RapportCerberus_43926) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys (Trusteer Ltd.) DRV - (Soluto) -- C:\Windows\System32\drivers\Soluto.sys (Soluto LTD.) DRV - (PfFilter) -- D:\Program Files\Protected Folder\pffilter.sys (IObit Information Technology) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (SndTAudio) -- C:\Windows\System32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider) DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (MxEFUF) -- C:\Windows\System32\drivers\MxEFUF32.sys (Matrox Graphics Inc.) DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.) DRV - (GTUHSNDISIPXP) -- C:\Windows\System32\drivers\gtuhs51.sys (Option N.V.) DRV - (GTUHSBUS) -- C:\Windows\System32\drivers\gtuhsbus.sys (Option N.V.) DRV - (GTUHSSER) -- C:\Windows\System32\drivers\gtuhsser.sys (Option N.V.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (BTHprint) -- C:\Windows\System32\drivers\BTHPRINT.SYS (Microsoft Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (LMouFlt2) -- C:\Windows\System32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (L8042pr2) -- C:\Windows\System32\drivers\L8042pr2.Sys (Logitech, Inc.) DRV - (LHidFlt2) -- C:\Windows\System32\drivers\LHidFlt2.Sys (Logitech, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.generali.es/ IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://es.msn.com/ IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\SearchScopes,DefaultScope = {D869B938-C7F1-4C79-ADC3-38B3E3BC65F5} IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=111304&babsrc=SP_ss&mntrId=7a93f7d200000000000022234d6aafb3 IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\SearchScopes\{3D82539A-C356-4F03-8E2D-53518777EFE9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=kw&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYES&apn_uid=4ba848d7-eaca-443a-98a2-f3711779ac95&apn_sauid=D69D4D23-51CF-48BB-B6BE-50A44B1A3F6F IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2 IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\SearchScopes\{D869B938-C7F1-4C79-ADC3-38B3E3BC65F5}: "URL" = hxxp://www.google.com/search?hl=en&q={searchTerms} IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/" FF - prefs.js..extensions.enabledAddons: amin.eft_bmnotes%40gmail.com:2.7.9 FF - prefs.js..extensions.enabledAddons: browserprotect%40browserprotect.com:1.1.3 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4 FF - prefs.js..extensions.enabledAddons: simpletimer%40grbradt.org:1.13 FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2 FF - prefs.js..extensions.enabledAddons: stopwatch%40mercille.org:0.8.4 FF - prefs.js..extensions.enabledAddons: webmaster%40whoisdomain.net:3.0 FF - prefs.js..extensions.enabledAddons: %7B5546F97E-11A5-46b0-9082-32AD74AAA920%7D:0.6.3 FF - prefs.js..extensions.enabledAddons: %7B5C655500-E712-41e7-9349-CE462F844B19%7D:1.0 FF - prefs.js..extensions.enabledAddons: bossknb%40ttt-jl.blogspot.com:3.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.3 FF - prefs.js..extensions.enabledItems: {AA052FD6-366A-4771-A591-0D8DC551585D}:1.1.21 FF - prefs.js..extensions.enabledItems: spam@trashmail.net:2.5.4 FF - prefs.js..extensions.enabledItems: stopwatch@mercille.org:0.8.4 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {FBFB7597-9E32-46b4-A500-8B6B0412777F}:0.9 FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.9 FF - prefs.js..extensions.enabledItems: simpletimer@grbradt.org:1.10 FF - prefs.js..extensions.enabledItems: firedownload@mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {db131c55-60c8-4adc-84dc-9e76ab06e2dc}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 FF - prefs.js..extensions.enabledItems: amin.eft_bmnotes@gmail.com:2.5B FF - prefs.js..extensions.enabledItems: {9c905b42-976e-43c1-bc30-fc5937017909}:3.3.3.2 FF - prefs.js..extensions.enabledItems: support@free-hideip.com:1.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {0002ee26-8c11-49eb-9cdf-56eeffef664f}:3.3.3.2 FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: D:\Program Files\Nueva carpeta\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2010/07/21 17:58:38 | 000,000,000 | ---D | M] FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ALF\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ALF\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/26 13:39:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/26 13:39:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/06 17:30:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013/01/11 09:02:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013/01/23 16:07:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Developer Preview 3.7a4webm\extensions\\Components: C:\Program Files\Mozilla Developer Preview\components [2012/11/09 19:26:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Developer Preview 3.7a4webm\extensions\\Plugins: C:\Program Files\Mozilla Developer Preview\plugins [2013/01/30 19:00:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/25 14:29:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/30 19:00:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/25 14:29:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/30 19:00:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:01:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/09/28 19:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\Extensions [2011/09/28 19:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/11/06 18:57:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2010/08/22 18:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013/02/03 10:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\Firefox\Profiles\3xr45n3g.default\extensions [2010/03/26 19:34:58 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\ALF\AppData\Roaming\mozilla\Firefox\Profiles\3xr45n3g.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2013/01/11 21:18:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ALF\AppData\Roaming\mozilla\Firefox\Profiles\3xr45n3g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013/01/25 08:56:08 | 000,000,000 | ---D | M] (QuickFox Notes) -- C:\Users\ALF\AppData\Roaming\mozilla\Firefox\Profiles\3xr45n3g.default\extensions\amin.eft_bmnotes@gmail.com [2013/01/09 20:14:56 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\ALF\AppData\Roaming\mozilla\Firefox\Profiles\3xr45n3g.default\extensions\firefox@ghostery.com [2010/02/23 16:23:43 | 000,000,000 | ---D | M] (Stopwatch) -- C:\Users\ALF\AppData\Roaming\mozilla\Firefox\Profiles\3xr45n3g.default\extensions\stopwatch@mercille.org [2010/12/28 18:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\Sunbird\Profiles\bhxhqc22.default\extensions [2010/11/26 20:17:14 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\ALF\AppData\Roaming\mozilla\Sunbird\Profiles\bhxhqc22.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013/02/03 10:21:46 | 000,011,503 | ---- | M] () (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\firefox\profiles\3xr45n3g.default\extensions\bossknb@ttt-jl.blogspot.com.xpi [2011/07/07 15:36:31 | 000,047,822 | ---- | M] () (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\firefox\profiles\3xr45n3g.default\extensions\browserprotect@browserprotect.com.xpi [2012/11/02 19:54:06 | 000,156,725 | ---- | M] () (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\firefox\profiles\3xr45n3g.default\extensions\simpletimer@grbradt.org.xpi [2012/08/04 13:51:48 | 000,217,069 | ---- | M] () (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\firefox\profiles\3xr45n3g.default\extensions\spam@trashmail.net.xpi [2011/09/16 09:10:29 | 000,010,642 | ---- | M] () (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\firefox\profiles\3xr45n3g.default\extensions\webmaster@whoisdomain.net.xpi [2011/09/24 08:19:46 | 000,046,721 | ---- | M] () (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\firefox\profiles\3xr45n3g.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi [2012/12/26 16:00:51 | 000,151,038 | ---- | M] () (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\firefox\profiles\3xr45n3g.default\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2012/06/03 01:03:45 | 000,202,062 | ---- | M] () (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\firefox\profiles\3xr45n3g.default\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}.xpi [2012/12/11 20:53:58 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\ALF\AppData\Roaming\mozilla\firefox\profiles\3xr45n3g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2011/08/19 18:24:34 | 000,002,689 | ---- | M] () -- C:\Users\ALF\AppData\Roaming\mozilla\firefox\profiles\3xr45n3g.default\searchplugins\askcom.xml [2012/08/10 10:46:52 | 000,005,406 | ---- | M] () -- C:\Users\ALF\AppData\Roaming\mozilla\firefox\profiles\3xr45n3g.default\searchplugins\googlecom-in-english.xml [2010/02/25 20:33:30 | 000,002,149 | ---- | M] () -- C:\Users\ALF\AppData\Roaming\mozilla\firefox\profiles\3xr45n3g.default\searchplugins\MyStart Search.xml [2012/11/06 11:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions [2013/01/25 14:29:01 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/12/09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2013/01/25 14:28:56 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/08/10 10:46:52 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013/01/25 14:28:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/01/25 14:28:56 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2013/01/25 14:28:56 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2013/01/25 14:28:56 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2013/01/25 14:28:56 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== O1 HOSTS File: ([2011/02/03 20:37:29 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Archivos de programa\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Archivos de programa\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found. O3 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found. O3 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\Toolbar\WebBrowser: (no name) - {9C905B42-976E-43C1-BC30-FC5937017909} - No CLSID value found. O3 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Archivos de programa\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (Sonix Technology Co., Ltd.) O4 - HKLM..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe () O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (Sonix Technology Co., Ltd.) O4 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube Download - C:\Users\ALF\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ALF\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..Trusted Domains: desk.com ([otixo] http in Sitios de confianza) O15 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..Trusted Domains: gob.es ([agenciatributaria] https in Sitios de confianza) O15 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..Trusted Domains: nne.es ([intraneting] https in Sitios de confianza) O15 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..Trusted Domains: nne.es ([recomendador] https in Sitios de confianza) O15 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..Trusted Domains: nne.es ([servicios1] https in Sitios de confianza) O15 - HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\..Trusted Domains: nne.es ([serviciost1] https in Sitios de confianza) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Between%20the%20Worlds/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} https://www5.aeat.es/es13/h/tgvicab.cab (CtlTGVI Class) O16 - DPF: {7CBD657F-F647-40EE-BE7A-094704C1379D} https://serviciost1.nne.es/gic_esn/21215/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} https://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab (OAdedinet Class) O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.agenciatributaria.gob.es/es13/h/cactivex.cab (AeatCtl Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D78BEFF9-82FF-494D-8D9C-2814D9EB465C} https://serviciost1.nne.es/gic_esn/21215/applets/SiebelAx_Calendar.cab (Siebel Calendar) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE10B7F9-912B-4B55-BABC-8DAE4498517D}: DhcpNameServer = 80.58.61.250 80.58.61.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/03/20 16:42:25 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9d7c9365-eac9-11e0-bf8a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9d7c9365-eac9-11e0-bf8a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\MicroLauncher.exe O33 - MountPoints2\{ffe19bc7-8afd-11e1-9bbc-001eeccb697c}\Shell - "" = AutoRun O33 - MountPoints2\{ffe19bc7-8afd-11e1-9bbc-001eeccb697c}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/04 08:17:22 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/02/03 18:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/02/03 18:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013/02/03 18:28:58 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013/02/03 14:44:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013/02/03 14:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/03 14:03:40 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/02/03 14:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/02/02 15:06:31 | 000,000,000 | ---D | C] -- C:\Users\ALF\Documents\The Lonely Hearts Murders CE [2013/02/01 12:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Novel Games [2013/01/23 18:02:17 | 000,000,000 | ---D | C] -- C:\Users\ALF\Desktop\Tintin [2013/01/23 16:14:07 | 000,000,000 | ---D | C] -- C:\Users\ALF\Desktop\El Cambio [2013/01/23 16:10:56 | 000,000,000 | ---D | C] -- C:\Users\ALF\AppData\Roaming\DVDVideoSoftIEHelpers [2013/01/23 16:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013/01/23 16:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2013/01/23 16:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013/01/22 12:22:47 | 000,000,000 | ---D | C] -- C:\Users\ALF\AppData\Roaming\northern_tale_bfg_en [2013/01/19 16:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\SoulseekQt [2013/01/18 09:20:05 | 000,000,000 | ---D | C] -- C:\Users\ALF\AppData\Roaming\Nitro [2013/01/18 09:20:05 | 000,000,000 | ---D | C] -- C:\Users\ALF\AppData\Roaming\FileOpen [2013/01/18 09:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen [2013/01/18 09:19:41 | 000,027,152 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll [2013/01/18 09:19:41 | 000,018,448 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll [2013/01/18 09:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro [2013/01/18 09:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro [2013/01/18 09:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro [2013/01/18 09:18:05 | 000,000,000 | ---D | C] -- C:\Users\ALF\AppData\Roaming\Downloaded Installations [2013/01/17 13:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoner [2013/01/17 13:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Phoner [2013/01/15 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter [2013/01/15 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Free PDF to Word Doc Converter [2013/01/15 18:35:16 | 000,000,000 | ---D | C] -- C:\Users\ALF\AppData\Roaming\GrandMA Studios [2013/01/14 12:09:47 | 000,000,000 | ---D | C] -- C:\Users\ALF\Documents\Skype Voice Records [2013/01/14 12:09:47 | 000,000,000 | ---D | C] -- C:\Users\ALF\Documents\Clownfish Avatars [2013/01/14 12:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\Clownfish [2013/01/14 12:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2013/01/11 09:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2013/01/09 20:27:18 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013/01/09 20:27:15 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/01/09 20:26:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs [2013/01/09 20:26:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs [2013/01/09 20:26:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs [2013/01/09 20:26:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs [2013/01/09 20:26:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs [2013/01/09 20:26:19 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs [2013/01/09 20:26:19 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs [2013/01/09 20:26:19 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs [2013/01/09 20:26:19 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs [2013/01/09 20:26:18 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2013/01/09 20:26:18 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll [2013/01/09 20:26:18 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs [2013/01/09 20:26:15 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs [2013/01/09 20:26:15 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs [2013/01/09 20:26:15 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs [2013/01/09 20:26:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs [2013/01/09 20:25:21 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2013/01/09 20:25:21 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013/01/09 20:25:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013/01/09 20:25:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/09 20:25:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/09 20:25:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/09 20:25:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013/01/09 20:25:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013/01/09 20:25:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/09 20:25:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/09 20:25:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/09 20:25:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013/01/09 20:25:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/09 20:25:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013/01/09 20:25:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013/01/09 20:25:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013/01/09 20:25:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013/01/09 20:25:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/09 20:25:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013/01/09 20:25:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/09 20:25:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013/01/09 20:25:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013/01/09 20:25:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/09 20:25:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013/01/09 20:25:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013/01/09 20:25:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013/01/09 20:25:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013/01/09 20:25:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013/01/09 20:25:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013/01/09 20:25:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2013/01/09 20:19:33 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe [2013/01/09 15:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [3 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/04 15:52:04 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/04 08:17:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/02/04 08:02:15 | 000,022,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/04 08:02:15 | 000,022,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/04 07:53:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/04 07:53:18 | 2389,512,192 | -HS- | M] () -- C:\hiberfil.sys [2013/01/31 21:52:28 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/01/31 21:52:28 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/01/31 13:45:23 | 000,521,376 | ---- | M] () -- C:\Users\ALF\Desktop\CIF y co....pdf [2013/01/27 20:55:34 | 000,753,812 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2013/01/27 20:55:34 | 000,660,474 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/01/27 20:55:34 | 000,161,344 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2013/01/27 20:55:34 | 000,124,470 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/01/25 11:41:49 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/01/15 22:32:20 | 000,125,897 | ---- | M] () -- C:\Users\ALF\Desktop\manual_empregador_espa.pdf [2013/01/14 22:39:34 | 000,027,152 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll [2013/01/14 22:39:34 | 000,018,448 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll [2013/01/11 09:04:59 | 000,415,933 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2013/01/09 20:57:27 | 000,432,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/01/07 07:32:12 | 000,336,896 | ---- | M] () -- C:\Windows\System32\ZSHP2600.EXE [3 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/03 14:59:25 | 000,125,952 | ---- | C] () -- C:\Windows\System32\ZLhp2600.DLL [2013/01/31 21:05:11 | 000,000,838 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/31 13:45:23 | 000,521,376 | ---- | C] () -- C:\Users\ALF\Desktop\CIF y co....pdf [2013/01/18 09:19:29 | 000,002,517 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk [2013/01/15 22:32:20 | 000,125,897 | ---- | C] () -- C:\Users\ALF\Desktop\manual_empregador_espa.pdf [2013/01/07 07:32:12 | 000,336,896 | ---- | C] () -- C:\Windows\System32\ZSHP2600.EXE [2012/08/02 14:57:25 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012/05/20 11:22:33 | 000,021,125 | ---- | C] () -- C:\Windows\cdplayer.ini [2012/01/15 14:21:01 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2012/01/05 19:47:57 | 000,000,084 | ---- | C] () -- C:\Windows\winamp.ini [2011/09/21 16:10:07 | 001,766,784 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2011/09/21 16:10:07 | 000,034,048 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2011/09/21 16:10:07 | 000,030,080 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2011/09/21 16:10:06 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2011/08/03 18:44:10 | 003,119,571 | ---- | C] () -- C:\Program Files\lightning-1.0b5-sm_tb-windows.xpi [2011/08/02 16:43:41 | 000,000,041 | ---- | C] () -- C:\Users\ALF\AppData\Roaming\TheHunterSettings_local.cfg [2011/07/25 14:16:53 | 000,000,292 | ---- | C] () -- C:\Users\ALF\AppData\Local\HamsterBookConverter.cfg [2011/07/09 23:29:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011/07/08 10:41:32 | 000,571,824 | ---- | C] () -- C:\Windows\System32\sqlite3.dll [2011/06/29 10:27:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\adedinet.dll [2011/06/14 16:05:01 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011/06/13 06:41:06 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011/06/13 06:41:01 | 000,224,001 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011/06/08 16:48:12 | 000,258,506 | ---- | C] () -- C:\Windows\hpwins19.dat [2011/06/08 16:48:12 | 000,000,673 | ---- | C] () -- C:\Windows\hpwmdl19.dat [2011/06/03 12:05:04 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011/06/03 12:05:04 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011/06/03 12:05:04 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011/06/03 12:05:04 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011/06/03 12:05:04 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011/06/03 12:05:04 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011/06/03 12:05:04 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011/06/03 12:05:04 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011/06/03 12:05:04 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011/06/03 12:05:04 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011/06/03 12:05:04 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011/06/03 12:05:04 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011/06/03 12:05:04 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011/06/03 12:05:04 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011/06/03 12:05:04 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011/06/03 12:05:04 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011/06/03 12:05:04 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011/06/03 12:05:04 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011/06/03 12:05:04 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011/05/24 06:41:17 | 000,000,279 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2011/05/19 18:20:49 | 000,000,032 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini [2011/05/17 16:41:14 | 000,488,448 | ---- | C] () -- C:\Windows\System32\apdfprintmon.dll [2011/05/04 10:34:51 | 000,037,256 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys [2011/04/09 22:10:20 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini [2011/03/29 12:46:10 | 000,000,218 | ---- | C] () -- C:\Users\ALF\.recently-used.xbel [2011/03/25 11:23:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011/03/15 14:09:43 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011/03/12 11:39:02 | 000,063,978 | ---- | C] () -- C:\Users\ALF\.cxpg63spc.dat [2011/03/07 09:25:30 | 000,114,688 | R--- | C] () -- C:\Windows\System32\vshp2600.dll [2011/02/10 07:58:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/10/01 11:36:38 | 000,008,336 | ---- | C] () -- C:\Users\ALF\AppData\Roaming\605op5.xml [2010/10/01 11:33:23 | 000,000,779 | ---- | C] () -- C:\Users\ALF\AppData\Roaming\users.xml [2010/09/22 10:24:05 | 000,151,552 | ---- | C] () -- C:\Users\ALF\AppData\Roaming\SharedSettings.ccs [2010/08/28 17:11:15 | 000,007,609 | ---- | C] () -- C:\Users\ALF\AppData\Local\Resmon.ResmonCfg [2010/08/08 16:51:32 | 000,000,656 | RHS- | C] () -- C:\Users\ALF\ntuser.pol [2010/05/19 19:38:59 | 000,001,374 | ---- | C] () -- C:\Users\ALF\AppData\Roaming\fastcopy.ini [2010/03/18 19:42:30 | 000,000,042 | ---- | C] () -- C:\ProgramData\.SimImages [2010/03/03 15:59:09 | 000,013,824 | ---- | C] () -- C:\Users\ALF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/04/21 11:38:35 | 003,618,869 | ---- | C] () -- C:\Program Files\xpage6se.jar ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2012/08/21 14:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:B1381B34 @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:581C05D1 @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:A63C157F @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:78E0DF72 @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:B47F9D81 @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:07241935 @Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:B1CD2545 @Alternate Data Stream - 17 bytes -> C:\Users\ALF\ALFRED:zylomtr{000HQ7FF-AD7A-3FG5-FGLT-28R1BF9D2VUL} @Alternate Data Stream - 17 bytes -> C:\Users\ALF\ALFRED:zylomtr{000HQ7FF-AD7A-3FG5-EG1B-25KGP2UCCVUF} @Alternate Data Stream - 16 bytes -> C:\Users\ALF\ALFRED:zylomtr{000HQ7FF-AD7A-3FG4-0ANJ-25JQU97JCVVO} @Alternate Data Stream - 16 bytes -> C:\Users\ALF\ALFRED:zylomtr{00013KEU-UKQE-K6V0-OT7U-252VEQ1T6VVN} @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:5C5F2761 @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:53F09A92 @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:F7FFE8AF @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:319D783D @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:0410A323 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:E6B95E40 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:E87AB4E3 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:B65E763D @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:2F474C84 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:F7BF538D @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:F5E8CAE0 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E6BEADB7 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:9BB8C675 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7BE5BAAB @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:737160C1 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:012BC84F @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:F610C203 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:7BFFC6A9 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:43F5FA9D @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:40EE25BB @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:164561C8 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:FD7DCDA6 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:ED2D63E4 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E690114B @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DB76C881 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:C76CFF82 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:B0A727D1 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:AED4A2B7 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A8DFD30C @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A819A132 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3EC5BC08 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:140AD176 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:12D21A9A @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C48A983C @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:B54E4B5A @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:6CF828C2 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3D6B89CE @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:244E4E3A @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:12D9D48F @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0168CC60 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:00D99749 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:C7F08EA3 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:BD0A043E @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8AED9359 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:84C34762 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:774C075A @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:4E79C4F8 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:4244811A @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3F266659 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2F70C0B4 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0EC7A545 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:025DF3DE @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A05F750A @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:94B46CA2 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:3E8A3E87 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:FFC3922F @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DC0B1070 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:BE6B5FC3 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:6294B369 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5FC043A8 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:44B25519 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2495D97A @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:12383CAE @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:000D6A25 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F9689B72 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:9FD757A9 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:8DD20B4A @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5ECEFF17 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:474022C7 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:46283136 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:2636DE16 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0696EC8E @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:FC70A22A @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9195103F @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:89CF6F9C @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:7DC5D762 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:79875988 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:609CAC7C @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:56EE2CAF @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4D8FCBEF @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4C8FA829 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2AC146B9 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:16F4BC64 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:13019F4B @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E894A3ED @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D7D0B4AF @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D6D084A5 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:91DEEE71 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8855A119 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:7D04F8E2 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:795F6DEC @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:689AB7E9 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:32289BE8 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:041C0562 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:BCFEA004 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:A798AA1A @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:7BB584AA @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6E2D80C8 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:627153F1 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:4C3D5A8B @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:4B1195DD @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3AF262FC @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3969ACF7 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:26A148EB @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F41E22A9 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C6104C4F @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:BF6A2C54 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B8EB1B99 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A6F30843 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:9A7BF72D @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8BE7A048 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:512E1728 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:4AC7B5C1 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:18B5F839 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:17EB5BAE @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EFBD4447 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EC855C73 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E7B4296D @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:B6D84F71 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:6212DF7A @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5D10C56A @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5A9F1AE5 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:553056F1 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3E200C29 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:25249477 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F13867C6 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E6C6EB3B @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CCB49694 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C49A5AD1 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C3A047E3 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B3196E8D @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A0921B2C @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:99B20AD0 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:80F63EC3 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:54403233 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:120B3AFD @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F8F070C2 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:EE198B1F @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C37283B5 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C178954A @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BECA50FF @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A4241298 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:89C28CF6 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:80EA2EA3 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7E8EE1D0 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6247E766 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:42A3BDD7 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:3AD6342E @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2C86E2AD @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2AD33723 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E895790F @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C36B1175 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C2F24DB5 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B6E58523 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B36361EE @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A7CC0E50 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A76A1B1B @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:9A88B65D @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:9720EBEF @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:905BCB57 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4A448DB2 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:386B39C3 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2C84CA43 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1FA4C06F @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:18A6D2CC @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:14B2E0BD @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0E22C5DB @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E86124A0 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DC7EDF41 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D9656460 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C0893153 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:BBCB4421 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:B3A5945E @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6ED8B881 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:68A41423 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:55E1514E @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F89F2593 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F52DB269 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:DE875C30 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A5584049 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9F3CEEE6 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7ADB695A @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4F7FE589 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:378824DE @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2C678471 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2AE74FF9 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1D6B18F1 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1C201DEB @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:F8DE80DB @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E4E83517 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D8D58038 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C82CA1C0 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:9FF06C79 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:9F81E94D @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:997DA6D7 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:96372A73 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:943971F5 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7BB20DE8 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:6ECE93A8 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:697DDE2B @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:52C24010 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:2E3F04BC @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:1604D047 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:008586AE @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:FD6D11C9 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:CA0CE093 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9B721CFF @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:90C320E1 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5E73E1C2 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:53DF4438 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5080697C @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:31C9BA96 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:302ECBD6 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:10CB85CA @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:07D9FF25 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:02172F27 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FB4262DE @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E40D7F76 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D3A89E47 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C0BCE04B @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:AED33A42 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A9056F42 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A88BE334 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9F38BF31 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:98982C88 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:85E06CCA @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:71612023 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:71112705 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2B885D7E @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:067F588D @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DE6EED8B @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D999FFD5 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C5E2BAEE @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C0A9B815 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BD34FFC5 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B845F669 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B30D9A49 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9EE6560D @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:700B9342 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5FFC2819 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5FA4CB99 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2E636DD9 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:1A5207FA @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:EBF0842B @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:DD04902E @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:DBC3D477 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D621CFB8 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C7973317 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B8791731 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:9E00596C @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:927EC486 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:70BDB805 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4CD3F344 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:3DB6F365 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1B7E2022 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0E684AC9 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:EE2DD6CC @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E51234A9 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E2CFA9CD @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CA23BCFD @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B1786630 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:AA0017FD @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:95079543 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:71AEFFEB @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:678C1866 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4B3648ED @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:19474103 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:084612C9 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:02CC0035 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BF2E2F0E @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B4258C5D @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8E5EA40F @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:710768C7 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2871B698 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:1CDEDE11 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:12258D63 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D4558A0B @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AFC732F7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AECF4772 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A57500CB @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A4AF8D0D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A02025CE @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8924043A @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8318A814 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:67CF910D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5133A494 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:F26F5952 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ED51D3ED @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E3615992 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C30487EE @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9D06FB9C @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:981456CB @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:73AFBB96 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:6AF6BB0E @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:65AB2A58 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5539129F @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4D551822 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:397D67BA @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3086B95F @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:268BA8AB @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:206470A5 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1B389835 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:070D9534 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E29063FF @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9C3AAD57 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:870649A4 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:72A1B66A @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6F0B6A5A @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:56FBA78D @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2B9555D8 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2211E7A0 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:14A1BBE3 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F84B8DB5 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:ED0B32CA @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:AAA06E15 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:AA0BC725 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A60D0FA6 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6425A235 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:63210866 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5EF1AD34 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:405D842B @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:1ECED34B @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F5B51004 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F1C8B957 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EF0C5444 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E3B5F2D1 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CDCDE97C @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BF6C81B2 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B190BE3A @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ADE2C1A6 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:709E81D4 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:35501BA4 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F360FB3 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:20EB6823 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1CB4A530 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1416AAA6 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:05321270 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CD9109D4 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CC4C59B4 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A774141A @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7FCB9D0D @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:65137F0D @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5ACE199E @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:48862C37 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:46CBC45C @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:371060CE @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:370E4EFB @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2B40A7DB @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:041ED421 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F6A0889A @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F57D2F43 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E5496666 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C78DADEA @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C368C9EA @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A8185163 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8075370B @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:78AFAE94 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:774A0E14 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:75798D9A @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6BFA43EB @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2F1D743F @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2AF322BF @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2979C892 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:26499772 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:11590865 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:92806EDF @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E5B07840 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B0456F0C @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:65B8AF94 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FC2D0F32 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:961B84C5 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9491C9C7 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:834585BE @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:71F04C26 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:55E3C0E0 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3B454A5C @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:26EDB636 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:53B8C5D2 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:DD6F157A @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C5DC2B0C @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:91A12471 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4EFA2FC7 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2B1EA607 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F568DD7B @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C48905F4 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:75CC0165 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:50636E35 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:1F67CD26 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3595B780 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:124B94C0 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:E32966C0 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:90D89144 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D8C96088 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:090FB735 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:ABC43604 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:109734F6 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:CFF21EA7 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A19A9C88 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F55478C5 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:12C2EF8D @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DBEF355E @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A91EC54E @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:95198126 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:22D48BE5 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:F076D78C @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:047D0F14 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:D853F961 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:38BFF11F @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:27D1368B < End of report > Soweit ich das gesehen habe, ist da nix... |
|
04.02.2013, 16:52
| #4 |
| | In Firefox öffnet sich neues Fenster ( mit Wikipedia ) Und der OTL-log 2...OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 04/02/2013 16:16:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALF\Desktop\Data In
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy
2,97 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 20,17% Memory free
5,93 Gb Paging File | 3,27 Gb Available in Paging File | 55,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 381,75 Gb Total Space | 287,31 Gb Free Space | 75,26% Space Free | Partition Type: NTFS
Drive D: | 304,48 Gb Total Space | 279,62 Gb Free Space | 91,84% Space Free | Partition Type: NTFS
Drive G: | 244,43 Gb Total Space | 170,31 Gb Free Space | 69,67% Space Free | Partition Type: NTFS
Computer Name: ALF-PC | User Name: ALF | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2694443895-2394037030-1619875523-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- Reg Error: Value error.
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- Reg Error: Value error.
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18F15FD6-0DB9-4AB4-BC6F-0310A6B81B74}" = lport=137 | protocol=17 | dir=in | app=system |
"{1A3CD42F-0ABA-4540-AFEF-705B50861633}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B6F0270-F95C-4A9F-B588-4AE6D9CD0EB3}" = lport=138 | protocol=17 | dir=in | app=system |
"{2DC8253C-A411-4AC4-82E0-A96BDD9E6EC9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32843417-98B0-46B6-8F0C-524EA494B072}" = rport=10243 | protocol=6 | dir=out | app=system |
"{41C58813-7CE7-4F45-A036-415464EB3819}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4507448F-65BD-40C2-92F4-F33987170F00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{491FADEA-776B-4D66-8ABF-47FD81156CE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C8E7E5A-8AC1-4CFB-8702-369B56A26DB5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5D2410BC-E153-41F8-83D4-D0F0EB95CAEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6315DC09-37F4-4577-9117-18B735921AF5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{680321CA-5CC6-4A32-BCC9-796A651DC174}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{685ABD01-4E33-45A0-8D8D-A1335EC85EFD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73949364-4459-4C45-A975-C75C93A4ADF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87DDF16D-A17B-4C20-9ECC-A06511E84380}" = rport=138 | protocol=17 | dir=out | app=system |
"{89F7BEDC-7048-4A86-9260-59EC8356DEC6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9199036D-1DE6-4D1D-A1FF-9E8840AEFCF3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{95771878-9508-408D-907D-4B23BA5575D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97E54136-7399-4DE4-801F-5450A2CF441B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D7878DD-3E32-446B-BA53-582563136A56}" = rport=137 | protocol=17 | dir=out | app=system |
"{9F10301C-5899-4E19-A7F2-060F5256A56A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5C5191E-FDF4-47F5-89A5-D6965119B350}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0C1C279-F1F7-4178-BFA7-22480BAC073B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C80472F9-F03D-401E-B54C-092E8F028EC4}" = lport=139 | protocol=6 | dir=in | app=system |
"{CBB32FD0-EC2D-44D8-9309-26539B1FE2E2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{CD5CD9D9-5DEB-4441-ABA0-4A0A11D80330}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D17C15EE-D7E3-4D32-923E-764F5C9DE6D8}" = rport=445 | protocol=6 | dir=out | app=system |
"{D4CCB699-EE35-401A-B282-95C4099C8EE8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F30C3431-789A-4E6D-AE04-27E91B50D421}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3A7BCC2-F561-4E57-8BB0-26022E0AB990}" = lport=445 | protocol=6 | dir=in | app=system |
"{F8AF11A7-400C-423D-9F53-B2E2A7BB1AE4}" = rport=139 | protocol=6 | dir=out | app=system |
"{FC25292E-D336-43C5-A426-6FB8A0D02D61}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050014BC-42F7-410F-AEC5-628614B92FD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0A4C9A14-588E-402B-A480-FC342497BFFA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{0A5101E5-4FF0-4177-BD06-B290760E3181}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{0DAF0353-0D17-416D-8FD9-DC8F441394E9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{12FCCFCE-E9B7-4A40-BBA2-65D304ECED23}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{2B5B6147-2970-4EDD-BC2D-337EADD25375}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{2DB39A89-EF46-4EBF-B1E7-881588A62615}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{445B4418-ADD7-4036-AC52-906B894C83E0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{47EC70D2-31FD-4C62-99DD-95D7173A5F83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E26DFD0-210B-4A28-8CEB-CD59B2B379BB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{5E7FFC78-C1BB-4E38-9166-87C435B206A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{65EA8FC5-8A59-47C0-92CF-62BB4B8368C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{747F9B80-09F3-4118-98D9-376EB683E445}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{76AC80F7-C876-4F4C-A3D1-6F27D714B0A8}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7B3559D5-85BF-496D-9BC6-50791A5608BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D14FBA3-2A32-41EE-9208-B4A69C4AE976}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{8D849996-B62F-4B16-AF92-5367DF915C51}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8F564957-E1E2-4C11-BD18-7E5088A6E1EB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{908D25B1-D35D-493E-BBB0-CCE0E7ACED02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{94E2BE31-1AAF-418C-A3FE-E7BC555C0EC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97E54719-39DF-4F91-BA23-C6ED831BF609}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9811F6F1-61E8-465B-8AEB-5357DC9F06A2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{9C20FC28-6D4A-4255-A56A-560A14AEBF3A}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{9EE04066-40B4-4B86-9E31-BB7D7FBD0DA4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A45F9B51-5B6A-457F-A3B0-84FBD6C979B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7A1DC42-B9C0-4655-8B40-EFEF1934A02A}" = protocol=6 | dir=in | app=d:\program files\the hunter\launcher\launcher.exe |
"{B4933E0A-6FB8-4392-A615-EDE2CE599B41}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{B85AD340-BE25-4002-B1B6-F55D6506A5DC}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{B90082A6-6B4C-47D0-B7E1-9F455F70BD8A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B92A19C1-DE78-4CE0-BC10-AB3A9FA5E974}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{BD9A0F70-6764-46F3-ADC0-300364DFE97B}" = protocol=17 | dir=in | app=d:\program files\the hunter\launcher\launcher.exe |
"{C38241B1-5B2B-4F4A-95B3-B96AF872E374}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{C4AEDE52-BBB4-441A-BEA5-17F07A4B9BFB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C7C0A79E-71A3-4288-8369-1778E72A027A}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{CFE5A19F-04E7-47BD-800E-6FFD3DC86A28}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D6B31D99-73D3-4E73-9AA3-E4073B9DB803}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB0F3DC0-9F94-4011-8D6E-18804456F7E2}" = protocol=6 | dir=out | app=system |
"{DB60FDE0-6750-44FC-8652-516EA8F969D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{DC53C1A6-6699-4372-B763-E3FC321A1E58}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E52F1902-2166-4121-90DA-20FDFC942AAB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA4250B4-15EC-4BE2-BB99-07995B21F718}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EBE8399D-C7F7-4562-A0EE-4688F21CD3A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE2A80BB-C8F2-4CC5-B82F-D3EDEAF06513}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{EF9CB869-5322-4BED-95DA-472E322EB085}" = dir=in | app=d:\program files\itunes\itunes.exe |
"{F681E8A8-FCF4-45AE-9B60-7F26FD2121C9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{F7622E45-55B4-4E7F-9A00-323BCB54BEB8}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{F7A76BA3-7486-4296-A8AD-DEE5DC243BD1}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{FC2FDA33-3CE6-4588-8A02-9F69C26CF593}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{08F895F6-6713-4BDD-9714-3CA3BF931685}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{12864C7B-983E-4EF2-B13E-3F5B3B3332F0}D:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=d:\program files\shareaza\shareaza.exe |
"TCP Query User{202CB055-7F05-41CE-93F9-367AC3774963}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{259D81E7-A0F4-44CC-B908-F0272C2D901C}D:\program files\nueva carpeta\mediago.exe" = protocol=6 | dir=in | app=d:\program files\nueva carpeta\mediago.exe |
"TCP Query User{29291EEE-D71D-4133-BDA4-BBBA1DDD07B8}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{36639666-8684-44CD-A49E-95BF491A490F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{3AA8B70B-91DF-4E3C-B641-CB53DFFED6E6}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe |
"TCP Query User{572F96DA-5311-4C89-A013-E57A536CAAEB}C:\users\alf\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\alf\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{8D4D7F4E-A4FF-4586-8A01-83464E437418}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{9D9902FC-B06D-481D-A0FD-F8E51CFAE11C}C:\users\alf\desktop\slsk.exe" = protocol=6 | dir=in | app=c:\users\alf\desktop\slsk.exe |
"TCP Query User{A7A32C06-C32B-4D2B-878F-D1B3AA191A8A}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{B2290224-DA1F-4681-8289-FB7F0E9DC0CF}C:\program files\klebezettel ng\klebez.exe" = protocol=6 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"TCP Query User{B308335A-E191-4F63-A5A1-52E654DF2FE7}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{C81362D4-DE93-4A5B-9C05-7847737BA5E7}C:\users\alf\desktop\slsk.exe" = protocol=6 | dir=in | app=c:\users\alf\desktop\slsk.exe |
"TCP Query User{C9895B4D-76B8-4108-958F-A789063FE449}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{D2636161-4D01-4383-A7EB-669DF776BA1A}C:\program files\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.2.5-gtk2\freeciv-server.exe |
"TCP Query User{DB9E11F1-97A4-4EA6-895A-DE3EE89F56CE}C:\program files\pcscan\remotescan.exe" = protocol=6 | dir=in | app=c:\program files\pcscan\remotescan.exe |
"TCP Query User{DCF13530-2A14-4808-8BAC-35057A27AF95}C:\program files\klebezettel ng\klebez.exe" = protocol=6 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"UDP Query User{0F111E0E-643D-4B54-8049-D53E96F2991A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{1C5C0354-9CE0-404B-9F60-489ABF3806C0}C:\program files\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.2.5-gtk2\freeciv-server.exe |
"UDP Query User{3A1237C2-4B1C-4534-9E77-A020618E162C}C:\users\alf\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\alf\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{4952B4E4-F715-4323-BCA7-298165AEFFE7}C:\program files\klebezettel ng\klebez.exe" = protocol=17 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"UDP Query User{54894E30-5668-44CE-B5A6-A4273E655449}C:\program files\pcscan\remotescan.exe" = protocol=17 | dir=in | app=c:\program files\pcscan\remotescan.exe |
"UDP Query User{7FC1FAB1-2A81-4A3D-9F41-DB8BE76B7EB9}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"UDP Query User{844B8F81-4C03-4239-848E-0B83C24028A7}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{86763A4F-17EA-4D96-9B04-597790145989}C:\program files\klebezettel ng\klebez.exe" = protocol=17 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"UDP Query User{91394187-C481-467F-BC00-147D526DA576}D:\program files\nueva carpeta\mediago.exe" = protocol=17 | dir=in | app=d:\program files\nueva carpeta\mediago.exe |
"UDP Query User{A19728FD-2AAE-4745-8F36-03E754D1D8AD}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B78B9F57-FF57-47DF-8C2B-572AB2BF2B6F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B86D4655-9751-4EBA-8184-5A5A3F3E49D5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{BB515B62-BA0C-40F8-8630-D8E807C1E594}D:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=d:\program files\shareaza\shareaza.exe |
"UDP Query User{D2227104-59F3-4CFE-87EF-A092CED3DE24}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{DB8AFA86-E41D-467D-96E2-F6852F15CD0C}C:\users\alf\desktop\slsk.exe" = protocol=17 | dir=in | app=c:\users\alf\desktop\slsk.exe |
"UDP Query User{ED66CDBF-87D0-4AE6-BE08-532357129252}C:\users\alf\desktop\slsk.exe" = protocol=17 | dir=in | app=c:\users\alf\desktop\slsk.exe |
"UDP Query User{F2650B25-A28D-429B-B2DE-5128C06C6011}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"UDP Query User{FFA0041E-6C45-49E4-90FE-47A0594A9A0F}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1857AAB1-77E0-40FF-91C5-9E415F248F36}" = MartView
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.0
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D122AF9-1E02-4035-8003-334D378C1B62}_is1" = PDF OCR 4.0
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{441AC599-200D-4E04-B274-C6B7B50C281D}_is1" = Hamster Free EbookConverter
"{45212F71-750F-4B98-8931-2F35DBE6B661}" = Paint.NET v3.5.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F81901F-3655-4340-8227-F687F69A3C79}}_is1" = Klebezettel NG (Version 2.9.12)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.9
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AD4488A-4E1F-417A-970A-F7C3D4C15086}_is1" = Skype Recorder
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.114.12060
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87DE00A9-EA45-4A6E-A7BC-3CA04A77D8EF}" = OpenOffice.org 3.2 Language Pack (German)
"{88617473-6EA7-4939-85FE-E31F9BF3980F}" = Nitro Reader 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4B64A1-27B6-11E0-BB60-005056C00008}" = Paragon Drive Copy™ 11 Compact
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95B012AD-3A4A-31D7-9167-5D07D2A71F47}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB562530-921D-11DE-A208-005056C00008}" = Paragon Backup & Recovery™ 10.2 Free Edition
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.05.26
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD32654E-90CF-42F2-8CB3-88DA6F1AA11A}" = ZoneAlarm Security
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B433B7D6-0A97-4ED4-BE64-863A0B3A0776}_is1" = YouFreeTV Version 0.02
"{B4B6D789-EF42-39D5-B36B-A1282951E0D5}" = Microsoft .NET Framework 4 Extended ESN Language Pack
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.44
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 4.0.280
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E11448F2-0B44-4239-B04E-D88FE743E929}" = Officejet J4500 Series
"{E25ED28D-3F3F-4707-8DFA-66CA75FB9329}" = ZoneAlarm Firewall
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
"{ED8BB1CA-535A-408D-85C9-ED1986D2B85E}" = eReader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6DC2328-1FA4-4F7A-954C-C733363266EE}" = Soluto
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Paquete de controladores de Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Paquete de controladores de Windows - Nokia Modem (02/25/2011 7.01.0.9)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AllDup_is1" = AllDup 3.2.10
"Artensoft Photo Mosaic Wizard_is1" = Artensoft Photo Mosaic Wizard
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Mystery Case Files - Huntsville - Detective Training" = Mystery Case Files: Huntsville - Detective Training
"Blocks 5_is1" = Blocks 5
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"Clownfish" = Clownfish for Skype
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComicRack" = ComicRack v0.9.134
"Defraggler" = Defraggler
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DMX5_is1" = DriverMax 6
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Paquete de controladores de Windows - Nokia Modem (02/25/2011 4.7)
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX300F_TX300F Manual de usuario" = EPSON Stylus Office BX300F_TX300F Manual
"FileZilla Client" = FileZilla Client 3.5.3
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Studio_is1" = Free Studio version 5.9.0.1212
"Glary Undelete_is1" = Glary Undelete 1.8.0.468
"Horlands PCScan_is1" = Horland's PCScan
"HP Document Manager" = HP Document Manager 2.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"HPOCR" = OCR Software by I.R.I.S. 13.0
"iCare Card Recovery Pro_is1" = iCare Card Recovery Pro 2.0
"iCare Format Recovery_is1" = iCare Format Recovery 4.6.3.3
"Inca Ball_is1" = Inca Ball
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"IrfanView" = IrfanView (remove only)
"JPG2PDF_is1" = JPG2PDF 2.2
"Last Conundrum of Da Vinci_is1" = Last Conundrum of Da Vinci
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MartView" = MartView
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Extended ESN
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Developer Preview (3.7a4webm)" = Mozilla Developer Preview (3.7a4webm)
"Mozilla Firefox 18.0.1 (x86 en-GB)" = Mozilla Firefox 18.0.1 (x86 en-GB)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Nokia PC Suite" = Nokia PC Suite
"Ocster Backup" = Ocster Backup Pro
"OpenAL" = OpenAL
"PDF Protector Splitter and Merger v1.0" = PDF Protector Splitter and Merger v1.0
"Phoner_is1" = Phoner 2.80
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"PhotoStitch" = Canon Utilities PhotoStitch
"Pingus" = Pingus
"Protected Folder_is1" = Protected Folder
"Rapport_msi" = Rapport
"RealPlayer 15.0" = RealPlayer
"Recovery Toolbox for CD Free_is1" = Recovery Toolbox for CD Free 1.0
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.92
"Software Informer_is1" = Software Informer 1.1
"Soulseek2" = SoulSeek 157 NS 13e
"SoulseekQt" = SoulseekQt
"TeamViewer 7" = TeamViewer 7
"Tom's eTextReader" = Tom's eTextReader
"TomTom HOME" = TomTom HOME 2.7.5.2014
"VLC media player" = VLC media player 1.1.9
"WeFi" = WeFi 4.0.1.0
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2694443895-2394037030-1619875523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MusicManager" = Music Manager
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29/01/2013 19:33:11 | Computer Name = ALF-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activación para "c:\program files\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". No se encontró el ensamblado dependiente
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnóstico detallado.
Error - 30/01/2013 19:33:43 | Computer Name = ALF-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activación para "c:\program files\innovative
solutions\drivermax\DPInst\amd64\dpinst.exe". No se encontró el ensamblado dependiente
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnóstico detallado.
Error - 30/01/2013 19:33:43 | Computer Name = ALF-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activación para "c:\program files\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". No se encontró el ensamblado dependiente
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnóstico detallado.
Error - 31/01/2013 19:34:13 | Computer Name = ALF-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activación para "c:\program files\innovative
solutions\drivermax\DPInst\amd64\dpinst.exe". No se encontró el ensamblado dependiente
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnóstico detallado.
Error - 31/01/2013 19:34:13 | Computer Name = ALF-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activación para "c:\program files\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". No se encontró el ensamblado dependiente
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnóstico detallado.
Error - 01/02/2013 13:40:51 | Computer Name = ALF-PC | Source = Application Hang | ID = 1002
Description = El programa firefox.exe, versión 18.0.1.4764, dejó de interactuar
con Windows y se cerró. Para ver si hay más información disponible acerca del problema,
compruebe el historial de problemas en el panel de control Centro de actividades.
Identificador
de proceso: bc4 Hora de inicio: 01cdffeed1939956 Hora de finalización: 196 Ruta de
acceso de la aplicación: C:\Program Files\Mozilla Firefox\firefox.exe Identificador
de informe: 824bf27d-6c96-11e2-9bcb-001eeccb697c
Error - 01/02/2013 19:32:53 | Computer Name = ALF-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activación para "c:\program files\innovative
solutions\drivermax\DPInst\amd64\dpinst.exe". No se encontró el ensamblado dependiente
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnóstico detallado.
Error - 01/02/2013 19:32:53 | Computer Name = ALF-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activación para "c:\program files\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". No se encontró el ensamblado dependiente
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnóstico detallado.
Error - 03/02/2013 7:34:17 | Computer Name = ALF-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activación para "c:\program files\innovative
solutions\drivermax\DPInst\amd64\dpinst.exe". No se encontró el ensamblado dependiente
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnóstico detallado.
Error - 03/02/2013 7:34:17 | Computer Name = ALF-PC | Source = SideBySide | ID = 16842785
Description = Error al generar el contexto de activación para "c:\program files\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". No se encontró el ensamblado dependiente
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use
sxstrace.exe para obtener un diagnóstico detallado.
[ System Events ]
Error - 04/02/2013 2:56:13 | Computer Name = ALF-PC | Source = Service Control Manager | ID = 7001
Description = El servicio Administrador de conexión de acceso remoto depende del
servicio Telefonía, el cual no pudo iniciarse debido al siguiente error: %%1058
Error - 04/02/2013 2:56:14 | Computer Name = ALF-PC | Source = Service Control Manager | ID = 7001
Description = El servicio Administrador de conexión de acceso remoto depende del
servicio Telefonía, el cual no pudo iniciarse debido al siguiente error: %%1058
Error - 04/02/2013 2:56:16 | Computer Name = ALF-PC | Source = Service Control Manager | ID = 7001
Description = El servicio Administrador de conexión de acceso remoto depende del
servicio Telefonía, el cual no pudo iniciarse debido al siguiente error: %%1058
Error - 04/02/2013 2:56:16 | Computer Name = ALF-PC | Source = Service Control Manager | ID = 7001
Description = El servicio Administrador de conexión de acceso remoto depende del
servicio Telefonía, el cual no pudo iniciarse debido al siguiente error: %%1058
Error - 04/02/2013 2:56:17 | Computer Name = ALF-PC | Source = Service Control Manager | ID = 7001
Description = El servicio Administrador de conexión de acceso remoto depende del
servicio Telefonía, el cual no pudo iniciarse debido al siguiente error: %%1058
Error - 04/02/2013 2:57:14 | Computer Name = ALF-PC | Source = Service Control Manager | ID = 7001
Description = El servicio Administrador de conexión de acceso remoto depende del
servicio Telefonía, el cual no pudo iniciarse debido al siguiente error: %%1058
Error - 04/02/2013 2:57:15 | Computer Name = ALF-PC | Source = Service Control Manager | ID = 7001
Description = El servicio Administrador de conexión de acceso remoto depende del
servicio Telefonía, el cual no pudo iniciarse debido al siguiente error: %%1058
Error - 04/02/2013 4:29:04 | Computer Name = ALF-PC | Source = Service Control Manager | ID = 7001
Description = El servicio Administrador de conexión de acceso remoto depende del
servicio Telefonía, el cual no pudo iniciarse debido al siguiente error: %%1058
Error - 04/02/2013 4:29:04 | Computer Name = ALF-PC | Source = Service Control Manager | ID = 7001
Description = El servicio Administrador de conexión de acceso remoto depende del
servicio Telefonía, el cual no pudo iniciarse debido al siguiente error: %%1058
Error - 04/02/2013 4:29:04 | Computer Name = ALF-PC | Source = Service Control Manager | ID = 7001
Description = El servicio Administrador de conexión de acceso remoto depende del
servicio Telefonía, el cual no pudo iniciarse debido al siguiente error: %%1058
< End of report >
|
|
05.02.2013, 03:09
| #5 |
| /// Helfer-Team | In Firefox öffnet sich neues Fenster ( mit Wikipedia ) Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. danach: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
danach: Downloade Dir bitte  SecurityCheck und:
|
|
05.02.2013, 11:34
| #6 |
| | In Firefox öffnet sich neues Fenster ( mit Wikipedia ) Guten Tag t'John, Hier der asw-log: aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-05 10:08:54 ----------------------------- 10:08:54.474 OS Version: Windows 6.1.7601 Service Pack 1 10:08:54.474 Number of processors: 2 586 0x301 10:08:54.474 ComputerName: ALF-PC UserName: ALF 10:09:01.955 Initialize success 10:10:49.657 AVAST engine defs: 13020401 10:11:52.100 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000075 10:11:52.100 Disk 0 Vendor: TOSHIBA_ AX00 Size: 953869MB BusType: 11 10:11:52.132 Disk 0 MBR read successfully 10:11:52.147 Disk 0 MBR scan 10:11:52.210 Disk 0 Windows 7 default MBR code 10:11:52.225 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 868 MB offset 2048 10:11:52.272 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 311785 MB offset 1779712 10:11:52.335 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 390914 MB offset 640315392 10:11:52.382 Disk 0 Partition - 00 0F Extended LBA 250299 MB offset 1440909312 10:11:52.413 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 250298 MB offset 1440911360 10:11:52.476 Disk 0 scanning sectors +1953521664 10:11:52.601 Disk 0 scanning C:\Windows\system32\drivers 10:12:25.002 Service scanning 10:13:27.016 Modules scanning 10:13:45.287 Disk 0 trace - called modules: 10:13:45.349 ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys halmacpi.dll storport.sys amdsata.sys 10:13:45.365 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87895030] 10:13:45.381 3 CLASSPNP.SYS[8c7dc59e] -> nt!IofCallDriver -> [0x869b67f0] 10:13:45.396 5 amdxata.sys[8c59e7f3] -> nt!IofCallDriver -> [0x87622140] 10:13:45.412 7 ACPI.sys[8c3b43d4] -> nt!IofCallDriver -> \Device\00000075[0x87791030] 10:13:47.568 AVAST engine scan C:\Windows 10:13:53.907 AVAST engine scan C:\Windows\system32 10:21:43.223 AVAST engine scan C:\Windows\system32\drivers 10:22:22.575 AVAST engine scan C:\Users\ALF 11:21:57.085 AVAST engine scan C:\ProgramData 11:27:52.733 Scan finished successfully 11:28:37.694 Disk 0 MBR has been saved successfully to "C:\Users\ALF\Desktop\MBR.dat" 11:28:37.710 The log file has been saved successfully to "C:\Users\ALF\Desktop\aswMBR.txt" aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-05 10:08:54 ----------------------------- 10:08:54.474 OS Version: Windows 6.1.7601 Service Pack 1 10:08:54.474 Number of processors: 2 586 0x301 10:08:54.474 ComputerName: ALF-PC UserName: ALF 10:09:01.955 Initialize success 10:10:49.657 AVAST engine defs: 13020401 10:11:52.100 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000075 10:11:52.100 Disk 0 Vendor: TOSHIBA_ AX00 Size: 953869MB BusType: 11 10:11:52.132 Disk 0 MBR read successfully 10:11:52.147 Disk 0 MBR scan 10:11:52.210 Disk 0 Windows 7 default MBR code 10:11:52.225 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 868 MB offset 2048 10:11:52.272 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 311785 MB offset 1779712 10:11:52.335 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 390914 MB offset 640315392 10:11:52.382 Disk 0 Partition - 00 0F Extended LBA 250299 MB offset 1440909312 10:11:52.413 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 250298 MB offset 1440911360 10:11:52.476 Disk 0 scanning sectors +1953521664 10:11:52.601 Disk 0 scanning C:\Windows\system32\drivers 10:12:25.002 Service scanning 10:13:27.016 Modules scanning 10:13:45.287 Disk 0 trace - called modules: 10:13:45.349 ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys halmacpi.dll storport.sys amdsata.sys 10:13:45.365 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87895030] 10:13:45.381 3 CLASSPNP.SYS[8c7dc59e] -> nt!IofCallDriver -> [0x869b67f0] 10:13:45.396 5 amdxata.sys[8c59e7f3] -> nt!IofCallDriver -> [0x87622140] 10:13:45.412 7 ACPI.sys[8c3b43d4] -> nt!IofCallDriver -> \Device\00000075[0x87791030] 10:13:47.568 AVAST engine scan C:\Windows 10:13:53.907 AVAST engine scan C:\Windows\system32 10:21:43.223 AVAST engine scan C:\Windows\system32\drivers 10:22:22.575 AVAST engine scan C:\Users\ALF 11:21:57.085 AVAST engine scan C:\ProgramData 11:27:52.733 Scan finished successfully 11:28:37.694 Disk 0 MBR has been saved successfully to "C:\Users\ALF\Desktop\MBR.dat" 11:28:37.710 The log file has been saved successfully to "C:\Users\ALF\Desktop\aswMBR.txt" 11:29:09.199 Disk 0 MBR has been saved successfully to "C:\Users\ALF\Desktop\MBR.dat" 11:29:09.214 The log file has been saved successfully to "C:\Users\ALF\Desktop\aswMBR.txt" Die weiteren Hausaufgaben sind in Arbeit ! Danke weiterhin ! Und noch einmal "Hallo"! Hier der checkup-log: Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 CCleaner Wise Registry Cleaner 5.9.4 Java(TM) 6 Update 26 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (18.0.1) Mozilla Thunderbird (17.0.2) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Und das war's jetzt ? Also DAS ist ja ein Spektakel... wenigstens gibt's Leute wie Dich, die sich richtig gut auskennen und helfen !! |
|
05.02.2013, 19:31
| #7 |
| /// Helfer-Team | In Firefox öffnet sich neues Fenster ( mit Wikipedia ) Wo ist das adwCleaner Log (schritt 2) ? Aktualisiere: Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools) Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck  Hinweis: Registry CleanerIch sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall Wise Registry Cleaner 5.9.4, CCleaner. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. |
|
05.02.2013, 20:20
| #8 |
| | In Firefox öffnet sich neues Fenster ( mit Wikipedia ) Guten Abend t'John, Vielen Dank zunächst für Deine Tips - werden morgen in Angriff genommen !! Hier der "vergessene Log 2":AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.110 - Fichero creado el 05/02/2013 a 11:43:49
# Actualizado el 03/02/2013 por Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (32 bits)
# Usuario : ALF - ALF-PC
# Modo de inicio : Normal
# Ejecutado desde : C:\Users\ALF\Desktop\Data In\adwcleaner.exe
# Opción [Búsqueda]
***** [Servicios] *****
***** [Ficheros / Carpetas] *****
Carpeta Presente : C:\Program Files\Babylon
Carpeta Presente : C:\Program Files\Conduit
Carpeta Presente : C:\Program Files\Hotspot_Shield
Carpeta Presente : C:\Program Files\SweetIM
Carpeta Presente : C:\Program Files\Widestream6
Carpeta Presente : C:\ProgramData\Babylon
Carpeta Presente : C:\ProgramData\boost_interprocess
Carpeta Presente : C:\ProgramData\FreeRIP
Carpeta Presente : C:\ProgramData\iWin
Carpeta Presente : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Carpeta Presente : C:\ProgramData\Trymedia
Carpeta Presente : C:\Users\ALF\AppData\Local\Babylon
Carpeta Presente : C:\Users\ALF\AppData\Local\Conduit
Carpeta Presente : C:\Users\ALF\AppData\Local\ConduitEngine
Carpeta Presente : C:\Users\ALF\AppData\Local\OpenCandy
Carpeta Presente : C:\Users\ALF\AppData\Local\TempDir
Carpeta Presente : C:\Users\ALF\AppData\LocalLow\AskToolbar
Carpeta Presente : C:\Users\ALF\AppData\LocalLow\boost_interprocess
Carpeta Presente : C:\Users\ALF\AppData\LocalLow\Conduit
Carpeta Presente : C:\Users\ALF\AppData\LocalLow\IncrediMail_MediaBar_2
Carpeta Presente : C:\Users\ALF\AppData\LocalLow\PriceGong
Carpeta Presente : C:\Users\ALF\AppData\Roaming\Babylon
Carpeta Presente : C:\Users\ALF\AppData\Roaming\iWin
Carpeta Presente : C:\Users\ALF\AppData\Roaming\Mozilla\Firefox\Profiles\3xr45n3g.default\Conduit
Carpeta Presente : C:\Users\ALF\AppData\Roaming\Mozilla\Firefox\Profiles\3xr45n3g.default\ConduitCommon
Carpeta Presente : C:\Users\ALF\AppData\Roaming\Mozilla\Firefox\Profiles\3xr45n3g.default\ConduitEngine
Carpeta Presente : C:\Users\ALF\AppData\Roaming\Mozilla\Firefox\Profiles\3xr45n3g.default\extensions\browserprotect@browserprotect.com.xpi
Carpeta Presente : C:\Users\ALF\AppData\Roaming\OfferBox
Carpeta Presente : C:\Users\ALF\AppData\Roaming\pdfforge
Carpeta Presente : C:\Users\ALF\AppData\Roaming\widestream
Carpeta Presente : C:\Users\ALF\Documents\widestream
Carpeta Presente : C:\Windows\Installer\{835525BE-63BD-4EC4-9425-00CEAD4849C2}
Fichero Presente : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Fichero Presente : C:\user.js
Fichero Presente : C:\Users\ALF\AppData\Roaming\Mozilla\Firefox\Profiles\3xr45n3g.default\searchplugins\Askcom.xml
Fichero Presente : C:\Users\ALF\AppData\Roaming\Mozilla\Firefox\Profiles\3xr45n3g.default\searchplugins\MyStart Search.xml
***** [Registro] *****
Clave Presente : HKCU\Software\AppDataLow\Software\Conduit
Clave Presente : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Clave Presente : HKCU\Software\AppDataLow\Software\Hotspot_Shield
Clave Presente : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Clave Presente : HKCU\Software\AppDataLow\Software\PriceGong
Clave Presente : HKCU\Software\AppDataLow\Software\SmartBar
Clave Presente : HKCU\Software\AppDataLow\Software\Toolbar
Clave Presente : HKCU\Software\Ask&Record
Clave Presente : HKCU\Software\Conduit
Clave Presente : HKCU\Software\Headlight
Clave Presente : HKCU\Software\IM
Clave Presente : HKCU\Software\ImInstaller
Clave Presente : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Clave Presente : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Clave Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clave Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clave Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Clave Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Clave Presente : HKCU\Software\Offerbox
Clave Presente : HKCU\Software\Softonic
Clave Presente : HKCU\Software\WideStream
Clave Presente : HKCU\Toolbar
Clave Presente : HKLM\Software\Babylon
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Clave Presente : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clave Presente : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Clave Presente : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Clave Presente : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clave Presente : HKLM\SOFTWARE\Classes\Conduit.Engine
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Clave Presente : HKLM\SOFTWARE\Classes\Prod.cap
Clave Presente : HKLM\SOFTWARE\Classes\Toolbar.CT1854633
Clave Presente : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Clave Presente : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Clave Presente : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Clave Presente : HKLM\SOFTWARE\Classes\Toolbar.CT2765711
Clave Presente : HKLM\Software\Conduit
Clave Presente : HKLM\Software\eRightSoft\OpenCandy
Clave Presente : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Clave Presente : HKLM\Software\ImInstaller
Clave Presente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Clave Presente : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clave Presente : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Clave Presente : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Clave Presente : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clave Presente : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clave Presente : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Clave Presente : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Clave Presente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Clave Presente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Clave Presente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clave Presente : HKLM\Software\Offerbox
Clave Presente : HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clave Presente : HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clave Presente : HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Clave Presente : HKU\S-1-5-21-2694443895-2394037030-1619875523-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Valor Presente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valor Presente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Navegadores] *****
-\\ Internet Explorer v8.0.7601.17514
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?af=111304&babsrc=nt_ss&mntrid=7a93f7d200000000000022234d6aafb3
-\\ Mozilla Firefox v18.0.1 (en-GB)
Fichero : C:\Users\ALF\AppData\Roaming\Mozilla\Firefox\Profiles\3xr45n3g.default\prefs.js
Presente : user_pref("CT127144..clientLogIsEnabled", false);
Presente : user_pref("CT127144..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Presente : user_pref("CT127144..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Presente : user_pref("CT127144.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Presente : user_pref("CT127144.CTID", "CT127144");
Presente : user_pref("CT127144.CurrentServerDate", "15-10-2010");
Presente : user_pref("CT127144.DialogsAlignMode", "LTR");
Presente : user_pref("CT127144.DownloadReferralCookieData", "");
Presente : user_pref("CT127144.FirstServerDate", "15-10-2010");
Presente : user_pref("CT127144.FirstTime", true);
Presente : user_pref("CT127144.FirstTimeFF3", true);
Presente : user_pref("CT127144.FixPageNotFoundErrors", true);
Presente : user_pref("CT127144.GroupingServerCheckInterval", 1440);
Presente : user_pref("CT127144.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Presente : user_pref("CT127144.HasUserGlobalKeys", true);
Presente : user_pref("CT127144.Initialize", true);
Presente : user_pref("CT127144.InitializeCommonPrefs", true);
Presente : user_pref("CT127144.InstallationAndCookieDataSentCount", 1);
Presente : user_pref("CT127144.InstalledDate", "Fri Oct 15 2010 16:23:38 GMT+0200 (Hora de verano romance)");
Presente : user_pref("CT127144.InvalidateCache", false);
Presente : user_pref("CT127144.IsGrouping", false);
Presente : user_pref("CT127144.IsMulticommunity", false);
Presente : user_pref("CT127144.IsOpenThankYouPage", true);
Presente : user_pref("CT127144.IsOpenUninstallPage", true);
Presente : user_pref("CT127144.LanguagePackLastCheckTime", "Fri Oct 15 2010 16:23:38 GMT+0200 (Hora de verano r[...]
Presente : user_pref("CT127144.LanguagePackReloadIntervalMM", 1440);
Presente : user_pref("CT127144.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"[...]
Presente : user_pref("CT127144.LastLogin_3.2.1.3", "Fri Oct 15 2010 16:23:36 GMT+0200 (Hora de verano romance)"[...]
Presente : user_pref("CT127144.LatestVersion", "2.7.2.0");
Presente : user_pref("CT127144.Locale", "de");
Presente : user_pref("CT127144.MCDetectTooltipHeight", "83");
Presente : user_pref("CT127144.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Presente : user_pref("CT127144.MCDetectTooltipWidth", "295");
Presente : user_pref("CT127144.RadioIsPodcast", false);
Presente : user_pref("CT127144.RadioLastCheckTime", "Fri Oct 15 2010 16:23:40 GMT+0200 (Hora de verano romance)[...]
Presente : user_pref("CT127144.RadioLastUpdateIPServer", "0");
Presente : user_pref("CT127144.RadioLastUpdateServer", "129068614018830000");
Presente : user_pref("CT127144.RadioMediaID", "10288793");
Presente : user_pref("CT127144.RadioMediaType", "Media Player");
Presente : user_pref("CT127144.RadioMenuSelectedID", "EBRadioMenu_CT12714410288793");
Presente : user_pref("CT127144.RadioStationName", "Liveab1.de");
Presente : user_pref("CT127144.RadioStationURL", "hxxp://www.liveab1.de/listen/Liveab1-Radiostream.asx");
Presente : user_pref("CT127144.SearchFromAddressBarIsInit", true);
Presente : user_pref("CT127144.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1271[...]
Presente : user_pref("CT127144.SearchInNewTabEnabled", true);
Presente : user_pref("CT127144.SearchInNewTabIntervalMM", 1440);
Presente : user_pref("CT127144.SearchInNewTabLastCheckTime", "Fri Oct 15 2010 16:23:37 GMT+0200 (Hora de verano[...]
Presente : user_pref("CT127144.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TO[...]
Presente : user_pref("CT127144.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService[...]
Presente : user_pref("CT127144.ServiceMapLastCheckTime", "Fri Oct 15 2010 16:23:34 GMT+0200 (Hora de verano rom[...]
Presente : user_pref("CT127144.SettingsLastCheckTime", "Fri Oct 15 2010 16:23:34 GMT+0200 (Hora de verano roman[...]
Presente : user_pref("CT127144.SettingsLastUpdate", "1285580322");
Presente : user_pref("CT127144.ThirdPartyComponentsInterval", 504);
Presente : user_pref("CT127144.ThirdPartyComponentsLastCheck", "Fri Oct 15 2010 16:23:34 GMT+0200 (Hora de vera[...]
Presente : user_pref("CT127144.ThirdPartyComponentsLastUpdate", "1255348257");
Presente : user_pref("CT127144.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=1[...]
Presente : user_pref("CT127144.Uninstall", true);
Presente : user_pref("CT127144.UserID", "UN45342420089751106");
Presente : user_pref("CT127144.ValidationData_Search", 0);
Presente : user_pref("CT127144.ValidationData_Toolbar", 2);
Presente : user_pref("CT127144.alertChannelId", "45380");
Presente : user_pref("CT127144.components.1000034", false);
Presente : user_pref("CT127144.components.1000234", false);
Presente : user_pref("CT127144.myStuffEnabled", true);
Presente : user_pref("CT127144.myStuffPublihserMinWidth", 400);
Presente : user_pref("CT127144.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOri[...]
Presente : user_pref("CT127144.myStuffServiceIntervalMM", 1440);
Presente : user_pref("CT127144.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Com[...]
Presente : user_pref("CT127144.testingCtid", "");
Presente : user_pref("CT127144.toolbarAppMetaDataLastCheckTime", "Fri Oct 15 2010 16:23:36 GMT+0200 (Hora de ve[...]
Presente : user_pref("CT127144.toolbarContextMenuLastCheckTime", "Fri Oct 15 2010 16:23:39 GMT+0200 (Hora de ve[...]
Presente : user_pref("CT127144.usagesFlag", 2);
Presente : user_pref("CT1854633..clientLogIsEnabled", true);
Presente : user_pref("CT1854633..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Presente : user_pref("CT1854633..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Presente : user_pref("CT1854633.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Presente : user_pref("CT1854633.AppTrackingLastCheckTime", "Fri May 06 2011 09:30:59 GMT+0200 (Hora de verano r[...]
Presente : user_pref("CT1854633.CTID", "CT1854633");
Presente : user_pref("CT1854633.CurrentServerDate", "7-7-2011");
Presente : user_pref("CT1854633.DialogsAlignMode", "LTR");
Presente : user_pref("CT1854633.DialogsGetterLastCheckTime", "Thu Jul 07 2011 17:25:30 GMT+0200 (Hora de verano[...]
Presente : user_pref("CT1854633.DownloadReferralCookieData", "");
Presente : user_pref("CT1854633.EMailNotifierPollDate", "Wed Feb 09 2011 14:21:19 GMT+0100");
Presente : user_pref("CT1854633.FirstServerDate", "9-2-2011");
Presente : user_pref("CT1854633.FirstTime", true);
Presente : user_pref("CT1854633.FirstTimeFF3", true);
Presente : user_pref("CT1854633.FixPageNotFoundErrors", true);
Presente : user_pref("CT1854633.GroupingServerCheckInterval", 1440);
Presente : user_pref("CT1854633.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Presente : user_pref("CT1854633.HasUserGlobalKeys", true);
Presente : user_pref("CT1854633.HomePageProtectorEnabled", false);
Presente : user_pref("CT1854633.Initialize", true);
Presente : user_pref("CT1854633.InitializeCommonPrefs", true);
Presente : user_pref("CT1854633.InstallationAndCookieDataSentCount", 3);
Presente : user_pref("CT1854633.InstallationId", "Shares_AB_12");
Presente : user_pref("CT1854633.InstallationType", "ConduitIntegration");
Presente : user_pref("CT1854633.InstalledDate", "Wed Feb 09 2011 14:20:43 GMT+0100");
Presente : user_pref("CT1854633.InvalidateCache", false);
Presente : user_pref("CT1854633.IsGrouping", false);
Presente : user_pref("CT1854633.IsMulticommunity", false);
Presente : user_pref("CT1854633.IsOpenThankYouPage", true);
Presente : user_pref("CT1854633.IsOpenUninstallPage", true);
Presente : user_pref("CT1854633.LanguagePackLastCheckTime", "Thu Jul 07 2011 17:25:30 GMT+0200 (Hora de verano [...]
Presente : user_pref("CT1854633.LanguagePackReloadIntervalMM", 1440);
Presente : user_pref("CT1854633.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Presente : user_pref("CT1854633.LastLogin_3.2.5.2", "Sun Mar 27 2011 07:53:37 GMT+0200 (Hora de verano romance)[...]
Presente : user_pref("CT1854633.LastLogin_3.3.3.2", "Tue May 17 2011 11:11:50 GMT+0200 (Hora de verano romance)[...]
Presente : user_pref("CT1854633.LastLogin_3.5.0.12", "Thu Jul 07 2011 17:25:31 GMT+0200 (Hora de verano romance[...]
Presente : user_pref("CT1854633.LatestVersion", "3.3.3.2");
Presente : user_pref("CT1854633.Locale", "es");
Presente : user_pref("CT1854633.MCDetectTooltipHeight", "83");
Presente : user_pref("CT1854633.MCDetectTooltipShow", false);
Presente : user_pref("CT1854633.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Presente : user_pref("CT1854633.MCDetectTooltipWidth", "295");
Presente : user_pref("CT1854633.MyStuffEnabledAtInstallation", true);
Presente : user_pref("CT1854633.RadioIsPodcast", false);
Presente : user_pref("CT1854633.RadioLastCheckTime", "Tue May 17 2011 09:22:35 GMT+0200 (Hora de verano romance[...]
Presente : user_pref("CT1854633.RadioLastUpdateIPServer", "3");
Presente : user_pref("CT1854633.RadioLastUpdateServer", "129025125668530000");
Presente : user_pref("CT1854633.RadioMediaID", "5139083");
Presente : user_pref("CT1854633.RadioMediaType", "Media Player");
Presente : user_pref("CT1854633.RadioMenuSelectedID", "EBRadioMenu_CT1854633_RECENT5139083");
Presente : user_pref("CT1854633.RadioShrinked", "expanded");
Presente : user_pref("CT1854633.RadioStationName", "CLASSIC%20COUNTRY%20%20(%20128%20KBPS%20)%20");
Presente : user_pref("CT1854633.RadioStationURL", "hxxp://130.166.72.1:8006/");
Presente : user_pref("CT1854633.RadioVolume", "70");
Presente : user_pref("CT1854633.SHRINK_TOOLBAR", 1);
Presente : user_pref("CT1854633.SearchBoxWidth", 217);
Presente : user_pref("CT1854633.SearchEngine", "Buscar%20en%20este%20sitio||hxxp://search.conduit.com/Results.a[...]
Presente : user_pref("CT1854633.SearchEngineBeforeUnload", "Google");
Presente : user_pref("CT1854633.SearchFromAddressBarIsInit", true);
Presente : user_pref("CT1854633.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT185[...]
Presente : user_pref("CT1854633.SearchInNewTabEnabled", true);
Presente : user_pref("CT1854633.SearchInNewTabIntervalMM", 1440);
Presente : user_pref("CT1854633.SearchInNewTabLastCheckTime", "Thu Jul 07 2011 17:25:30 GMT+0200 (Hora de veran[...]
Presente : user_pref("CT1854633.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Presente : user_pref("CT1854633.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Presente : user_pref("CT1854633.SearchInNewTabUserEnabled", false);
Presente : user_pref("CT1854633.SearchProtectorEnabled", false);
Presente : user_pref("CT1854633.SearchProtectorToolbarDisabled", false);
Presente : user_pref("CT1854633.ServiceMapLastCheckTime", "Thu Jul 07 2011 17:25:29 GMT+0200 (Hora de verano ro[...]
Presente : user_pref("CT1854633.SettingsLastCheckTime", "Thu Jul 07 2011 17:25:28 GMT+0200 (Hora de verano roma[...]
Presente : user_pref("CT1854633.SettingsLastUpdate", "1310031892");
Presente : user_pref("CT1854633.ThirdPartyComponentsInterval", 504);
Presente : user_pref("CT1854633.ThirdPartyComponentsLastCheck", "Thu Jul 07 2011 17:25:28 GMT+0200 (Hora de ver[...]
Presente : user_pref("CT1854633.ThirdPartyComponentsLastUpdate", "1255523270");
Presente : user_pref("CT1854633.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1854633");
Presente : user_pref("CT1854633.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,OurTo[...]
Presente : user_pref("CT1854633.Uninstall", true);
Presente : user_pref("CT1854633.UserID", "UN69590979192959650");
Presente : user_pref("CT1854633.ValidationData_Search", 2);
Presente : user_pref("CT1854633.ValidationData_Toolbar", 2);
Presente : user_pref("CT1854633.WeatherNetwork", "");
Presente : user_pref("CT1854633.WeatherPollDate", "Wed Feb 09 2011 14:20:43 GMT+0100");
Presente : user_pref("CT1854633.WeatherUnit", "C");
Presente : user_pref("CT1854633.alertChannelId", "130890");
Presente : user_pref("CT1854633.backendstorage._fb_dailyactivity", "31323937323537363438353235");
Presente : user_pref("CT1854633.backendstorage._fb_lifetimesent", "54525545");
Presente : user_pref("CT1854633.backendstorage.ct1854633ads1", "25374225323261647325323225334125354225374225323[...]
Presente : user_pref("CT1854633.backendstorage.ct1854633current_term", "");
Presente : user_pref("CT1854633.backendstorage.ct1854633sdate", "39");
Presente : user_pref("CT1854633.components.1000034", false);
Presente : user_pref("CT1854633.components.1000080", false);
Presente : user_pref("CT1854633.components.1000082", false);
Presente : user_pref("CT1854633.components.1000234", false);
Presente : user_pref("CT1854633.components.1001", true);
Presente : user_pref("CT1854633.components.129107087243744588", false);
Presente : user_pref("CT1854633.components.129181527558318076", false);
Presente : user_pref("CT1854633.components.129301432010756280", false);
Presente : user_pref("CT1854633.components.129448439164456512", false);
Presente : user_pref("CT1854633.components.129451136329613185", false);
Presente : user_pref("CT1854633.components.129456888904469219", false);
Presente : user_pref("CT1854633.components.129456888905562978", false);
Presente : user_pref("CT1854633.components.129456888906656756", false);
Presente : user_pref("CT1854633.components.129456888907281758", false);
Presente : user_pref("CT1854633.components.129456888907750510", false);
Presente : user_pref("CT1854633.components.129456888908219262", false);
Presente : user_pref("CT1854633.components.2542483407393376056", false);
Presente : user_pref("CT1854633.components.4081690864504103342", false);
Presente : user_pref("CT1854633.components.4464672689774197049", false);
Presente : user_pref("CT1854633.components.4591137843504161730", false);
Presente : user_pref("CT1854633.components.5975298113143957762", false);
Presente : user_pref("CT1854633.components.6082858481320279007", false);
Presente : user_pref("CT1854633.components.6170162153979063636", false);
Presente : user_pref("CT1854633.components.6476189749481397479", false);
Presente : user_pref("CT1854633.components.7312646463516254830", false);
Presente : user_pref("CT1854633.components.871061083581199312", false);
Presente : user_pref("CT1854633.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Presente : user_pref("CT1854633.globalFirstTimeInfoLastCheckTime", "Thu Jul 07 2011 17:25:31 GMT+0200 (Hora de [...]
Presente : user_pref("CT1854633.homepageProtectorEnableByLogin", true);
Presente : user_pref("CT1854633.initDone", true);
Presente : user_pref("CT1854633.isAppTrackingManagerOn", true);
Presente : user_pref("CT1854633.myStuffEnabled", true);
Presente : user_pref("CT1854633.myStuffPublihserMinWidth", 400);
Presente : user_pref("CT1854633.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Presente : user_pref("CT1854633.myStuffServiceIntervalMM", 1440);
Presente : user_pref("CT1854633.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Presente : user_pref("CT1854633.oldAppsList", "128349991502893893,128551960243400687,111,129301432010756280,100[...]
Presente : user_pref("CT1854633.searchProtectorDialogDelayInSec", 10);
Presente : user_pref("CT1854633.searchProtectorEnableByLogin", true);
Presente : user_pref("CT1854633.testingCtid", "");
Presente : user_pref("CT1854633.toolbarAppMetaDataLastCheckTime", "Thu Jul 07 2011 17:25:30 GMT+0200 (Hora de v[...]
Presente : user_pref("CT1854633.toolbarContextMenuLastCheckTime", "Thu Jul 07 2011 17:25:30 GMT+0200 (Hora de v[...]
Presente : user_pref("CT1854633.usageEnabled", false);
Presente : user_pref("CT1854633.usagesFlag", 2);
Presente : user_pref("CT2604146..clientLogIsEnabled", true);
Presente : user_pref("CT2604146..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Presente : user_pref("CT2604146..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Presente : user_pref("CT2604146.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Presente : user_pref("CT2604146.CTID", "CT2604146");
Presente : user_pref("CT2604146.Chat.Meebo.ServerLastCheckTime", "Thu Jul 07 2011 20:35:08 GMT+0200 (Hora de ve[...]
Presente : user_pref("CT2604146.Chat.Meebo.ServerLastResponseTime", "Thu Jul 07 2011 20:35:09 GMT+0200 (Hora de[...]
Presente : user_pref("CT2604146.Chat.Meebo.rooms.2030dff2c5edb1", 12);
Presente : user_pref("CT2604146.Chat.Meebo.rooms.30plusa87dca4f", 14);
Presente : user_pref("CT2604146.Chat.Meebo.rooms.communitychat09d14109", 0);
Presente : user_pref("CT2604146.Chat.Meebo.rooms.entertainmentc0ed09fb", 0);
Presente : user_pref("CT2604146.Chat.Meebo.rooms.health3693b665", 0);
Presente : user_pref("CT2604146.Chat.Meebo.rooms.musicj375cf270", 2);
Presente : user_pref("CT2604146.Chat.Meebo.rooms.newsxu117b840d", 14);
Presente : user_pref("CT2604146.Chat.Meebo.rooms.recreationab17d1f9", 0);
Presente : user_pref("CT2604146.Chat.Meebo.rooms.spirituality39155c53", 5);
Presente : user_pref("CT2604146.Chat.Meebo.rooms.sports522528d3", 4);
Presente : user_pref("CT2604146.Chat.Meebo.rooms.technology8bb9fd5b", 0);
Presente : user_pref("CT2604146.Chat.Meebo.rooms.teenagers833b8249", 0);
Presente : user_pref("CT2604146.Chat.Meebo.rooms.travel8c2e48db", 0);
Presente : user_pref("CT2604146.Chat.Meebo.rooms.videogames2fe066e0", 0);
Presente : user_pref("CT2604146.Chat.ServerLastCheckTime", "Thu Jul 07 2011 19:25:08 GMT+0200 (Hora de verano r[...]
Presente : user_pref("CT2604146.CurrentServerDate", "7-7-2011");
Presente : user_pref("CT2604146.DialogsAlignMode", "LTR");
Presente : user_pref("CT2604146.DialogsGetterLastCheckTime", "Thu Jul 07 2011 17:25:11 GMT+0200 (Hora de verano[...]
Presente : user_pref("CT2604146.DownloadReferralCookieData", "");
Presente : user_pref("CT2604146.EMailNotifierPollDate", "Thu Jul 07 2011 20:40:08 GMT+0200 (Hora de verano roma[...]
Presente : user_pref("CT2604146.FeedLastCount129163062160134584", 40);
Presente : user_pref("CT2604146.FeedLastCount129163062191696694", 0);
Presente : user_pref("CT2604146.FeedLastCount129163062192009197", 50);
Presente : user_pref("CT2604146.FeedPollDate128795077986382124", "Thu Jul 07 2011 19:25:08 GMT+0200 (Hora de ve[...]
Presente : user_pref("CT2604146.FeedPollDate128795078397943899", "Thu Jul 07 2011 19:25:08 GMT+0200 (Hora de ve[...]
Presente : user_pref("CT2604146.FeedPollDate128981243906575437", "Thu Jul 07 2011 20:05:08 GMT+0200 (Hora de ve[...]
Presente : user_pref("CT2604146.FeedPollDate129163062191696694", "Thu Jul 07 2011 20:40:08 GMT+0200 (Hora de ve[...]
Presente : user_pref("CT2604146.FeedTTL128795078397943899", 40);
Presente : user_pref("CT2604146.FeedTTL128981243906575437", 40);
Presente : user_pref("CT2604146.FirstServerDate", "17-2-2011");
Presente : user_pref("CT2604146.FirstTime", true);
Presente : user_pref("CT2604146.FirstTimeFF3", true);
Presente : user_pref("CT2604146.FirstTimeSettingsDone", true);
Presente : user_pref("CT2604146.FixPageNotFoundErrors", true);
Presente : user_pref("CT2604146.GroupingServerCheckInterval", 1440);
Presente : user_pref("CT2604146.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Presente : user_pref("CT2604146.HasUserGlobalKeys", true);
Presente : user_pref("CT2604146.HomePageProtectorEnabled", false);
Presente : user_pref("CT2604146.Initialize", true);
Presente : user_pref("CT2604146.InitializeCommonPrefs", true);
Presente : user_pref("CT2604146.InstallationAndCookieDataSentCount", 3);
Presente : user_pref("CT2604146.InstalledDate", "Thu Feb 17 2011 19:01:59 GMT+0100");
Presente : user_pref("CT2604146.InvalidateCache", false);
Presente : user_pref("CT2604146.IsGrouping", false);
Presente : user_pref("CT2604146.IsMulticommunity", false);
Presente : user_pref("CT2604146.IsOpenThankYouPage", true);
Presente : user_pref("CT2604146.IsOpenUninstallPage", true);
Presente : user_pref("CT2604146.LanguagePackLastCheckTime", "Thu Jul 07 2011 17:25:11 GMT+0200 (Hora de verano [...]
Presente : user_pref("CT2604146.LanguagePackReloadIntervalMM", 1440);
Presente : user_pref("CT2604146.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Presente : user_pref("CT2604146.LastLogin_2.6.0.15", "Thu Feb 17 2011 19:03:17 GMT+0100");
Presente : user_pref("CT2604146.LastLogin_3.2.5.2", "Thu Feb 17 2011 19:01:55 GMT+0100");
Presente : user_pref("CT2604146.LastLogin_3.5.0.12", "Thu Jul 07 2011 17:25:12 GMT+0200 (Hora de verano romance[...]
Presente : user_pref("CT2604146.LatestVersion", "3.3.3.2");
Presente : user_pref("CT2604146.Locale", "en-us");
Presente : user_pref("CT2604146.LoginCache", 4);
Presente : user_pref("CT2604146.MCDetectTooltipHeight", "83");
Presente : user_pref("CT2604146.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Presente : user_pref("CT2604146.MCDetectTooltipWidth", "295");
Presente : user_pref("CT2604146.MyStuffEnabledAtInstallation", true);
Presente : user_pref("CT2604146.RadioIsPodcast", false);
Presente : user_pref("CT2604146.RadioLastCheckTime", "Thu Jul 07 2011 17:25:08 GMT+0200 (Hora de verano romance[...]
Presente : user_pref("CT2604146.RadioLastUpdateIPServer", "3");
Presente : user_pref("CT2604146.RadioLastUpdateServer", "3");
Presente : user_pref("CT2604146.RadioMediaID", "9962");
Presente : user_pref("CT2604146.RadioMediaType", "Media Player");
Presente : user_pref("CT2604146.RadioMenuSelectedID", "EBRadioMenu_CT26041469962");
Presente : user_pref("CT2604146.RadioShrinkedFromSetup", false);
Presente : user_pref("CT2604146.RadioStationName", "California%20Rock");
Presente : user_pref("CT2604146.RadioStationURL", "hxxp://feedlive.net/california.asx");
Presente : user_pref("CT2604146.SHRINK_TOOLBAR", 1);
Presente : user_pref("CT2604146.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Presente : user_pref("CT2604146.SearchEngineBeforeUnload", "Google");
Presente : user_pref("CT2604146.SearchFromAddressBarIsInit", true);
Presente : user_pref("CT2604146.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT260[...]
Presente : user_pref("CT2604146.SearchInNewTabEnabled", true);
Presente : user_pref("CT2604146.SearchInNewTabIntervalMM", 1440);
Presente : user_pref("CT2604146.SearchInNewTabLastCheckTime", "Thu Jul 07 2011 17:25:09 GMT+0200 (Hora de veran[...]
Presente : user_pref("CT2604146.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Presente : user_pref("CT2604146.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Presente : user_pref("CT2604146.SearchProtectorEnabled", false);
Presente : user_pref("CT2604146.SearchProtectorToolbarDisabled", false);
Presente : user_pref("CT2604146.ServiceMapLastCheckTime", "Thu Jul 07 2011 17:25:08 GMT+0200 (Hora de verano ro[...]
Presente : user_pref("CT2604146.SettingsCheckIntervalMin", 120);
Presente : user_pref("CT2604146.SettingsLastCheckTime", "Thu Jul 07 2011 17:25:07 GMT+0200 (Hora de verano roma[...]
Presente : user_pref("CT2604146.SettingsLastUpdate", "1309695662");
Presente : user_pref("CT2604146.ThirdPartyComponentsInterval", 504);
Presente : user_pref("CT2604146.ThirdPartyComponentsLastCheck", "Thu Jul 07 2011 17:25:07 GMT+0200 (Hora de ver[...]
Presente : user_pref("CT2604146.ThirdPartyComponentsLastUpdate", "1246790578");
Presente : user_pref("CT2604146.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2604146");
Presente : user_pref("CT2604146.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,OurTo[...]
Presente : user_pref("CT2604146.Uninstall", true);
Presente : user_pref("CT2604146.UserID", "UN95994283739539097");
Presente : user_pref("CT2604146.ValidationData_Toolbar", 0);
Presente : user_pref("CT2604146.alertChannelId", "996967");
Presente : user_pref("CT2604146.clientLogIsEnabled", true);
Presente : user_pref("CT2604146.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Presente : user_pref("CT2604146.components.1000234", false);
Presente : user_pref("CT2604146.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Presente : user_pref("CT2604146.globalFirstTimeInfoLastCheckTime", "Thu Jul 07 2011 17:25:12 GMT+0200 (Hora de [...]
Presente : user_pref("CT2604146.homepageProtectorEnableByLogin", true);
Presente : user_pref("CT2604146.initDone", true);
Presente : user_pref("CT2604146.isAppTrackingManagerOn", true);
Presente : user_pref("CT2604146.isFirstRadioInstallation", false);
Presente : user_pref("CT2604146.myStuffEnabled", true);
Presente : user_pref("CT2604146.myStuffPublihserMinWidth", 400);
Presente : user_pref("CT2604146.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Presente : user_pref("CT2604146.myStuffServiceIntervalMM", 1440);
Presente : user_pref("CT2604146.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Presente : user_pref("CT2604146.oldAppsList", "129163062159665829,129163062159822081,111,129163062159978333,129[...]
Presente : user_pref("CT2604146.searchProtectorDialogDelayInSec", 10);
Presente : user_pref("CT2604146.searchProtectorEnableByLogin", true);
Presente : user_pref("CT2604146.testingCtid", "");
Presente : user_pref("CT2604146.toolbarAppMetaDataLastCheckTime", "Thu Jul 07 2011 17:25:11 GMT+0200 (Hora de v[...]
Presente : user_pref("CT2604146.toolbarContextMenuLastCheckTime", "Thu Jul 07 2011 17:25:11 GMT+0200 (Hora de v[...]
Presente : user_pref("CT2604146.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Presente : user_pref("CT2736476..clientLogIsEnabled", true);
Presente : user_pref("CT2736476..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Presente : user_pref("CT2736476..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Presente : user_pref("CT2736476.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Presente : user_pref("CT2736476.CTID", "ct2736476");
Presente : user_pref("CT2736476.CurrentServerDate", "22-10-2011");
Presente : user_pref("CT2736476.DialogsAlignMode", "LTR");
Presente : user_pref("CT2736476.DialogsGetterLastCheckTime", "Sat Oct 22 2011 20:08:21 GMT+0200 (Hora de verano[...]
Presente : user_pref("CT2736476.DownloadReferralCookieData", "");
Presente : user_pref("CT2736476.FeedPollDate129257621460541612", "Sat Oct 22 2011 20:08:18 GMT+0200 (Hora de ve[...]
Presente : user_pref("CT2736476.FeedPollDate129257621968979554", "Sat Oct 22 2011 20:08:18 GMT+0200 (Hora de ve[...]
Presente : user_pref("CT2736476.FeedPollDate129258323135539557", "Sat Oct 22 2011 20:08:18 GMT+0200 (Hora de ve[...]
Presente : user_pref("CT2736476.FirstServerDate", "26-8-2011");
Presente : user_pref("CT2736476.FirstTime", true);
Presente : user_pref("CT2736476.FirstTimeFF3", true);
Presente : user_pref("CT2736476.FixPageNotFoundErrors", true);
Presente : user_pref("CT2736476.GroupingServerCheckInterval", 1440);
Presente : user_pref("CT2736476.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Presente : user_pref("CT2736476.HasUserGlobalKeys", true);
Presente : user_pref("CT2736476.Initialize", true);
Presente : user_pref("CT2736476.InitializeCommonPrefs", true);
Presente : user_pref("CT2736476.InstallationAndCookieDataSentCount", 3);
Presente : user_pref("CT2736476.InstallationId", "ConduitStubGeneric");
Presente : user_pref("CT2736476.InstallationType", "ConduitStubIntegration");
Presente : user_pref("CT2736476.InstalledDate", "Fri Aug 26 2011 14:21:28 GMT+0200 (Hora de verano romance)");
Presente : user_pref("CT2736476.IsAlertDBUpdated", true);
Presente : user_pref("CT2736476.IsGrouping", false);
Presente : user_pref("CT2736476.IsInitSetupIni", true);
Presente : user_pref("CT2736476.IsMulticommunity", false);
Presente : user_pref("CT2736476.IsOpenThankYouPage", false);
Presente : user_pref("CT2736476.IsOpenUninstallPage", true);
Presente : user_pref("CT2736476.LanguagePackLastCheckTime", "Fri Aug 26 2011 14:21:33 GMT+0200 (Hora de verano [...]
Presente : user_pref("CT2736476.LanguagePackReloadIntervalMM", 1440);
Presente : user_pref("CT2736476.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Presente : user_pref("CT2736476.LastLogin_3.6.0.10", "Fri Aug 26 2011 22:22:41 GMT+0200 (Hora de verano romance[...]
Presente : user_pref("CT2736476.LastLogin_3.7.0.6", "Sat Oct 22 2011 20:08:20 GMT+0200 (Hora de verano romance)[...]
Presente : user_pref("CT2736476.LatestVersion", "3.7.0.6");
Presente : user_pref("CT2736476.Locale", "de");
Presente : user_pref("CT2736476.MCDetectTooltipHeight", "83");
Presente : user_pref("CT2736476.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Presente : user_pref("CT2736476.MCDetectTooltipWidth", "295");
Presente : user_pref("CT2736476.MyStuffEnabledAtInstallation", true);
Presente : user_pref("CT2736476.OriginalFirstVersion", "3.6.0.10");
Presente : user_pref("CT2736476.RadioIsPodcast", false);
Presente : user_pref("CT2736476.RadioMediaID", "21930450");
Presente : user_pref("CT2736476.RadioMediaType", "Media Player");
Presente : user_pref("CT2736476.RadioMenuSelectedID", "EBRadioMenu_CT273647621930450");
Presente : user_pref("CT2736476.RadioShrinkedFromSetup", false);
Presente : user_pref("CT2736476.RadioStationName", "California%20Rock%20-%20Rock");
Presente : user_pref("CT2736476.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Presente : user_pref("CT2736476.SavedHomepage", "hxxp://www.1234sol.com/");
Presente : user_pref("CT2736476.SearchFromAddressBarIsInit", true);
Presente : user_pref("CT2736476.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]
Presente : user_pref("CT2736476.SearchInNewTabEnabled", true);
Presente : user_pref("CT2736476.SearchInNewTabIntervalMM", 1440);
Presente : user_pref("CT2736476.SearchInNewTabLastCheckTime", "Fri Aug 26 2011 14:21:31 GMT+0200 (Hora de veran[...]
Presente : user_pref("CT2736476.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Presente : user_pref("CT2736476.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Presente : user_pref("CT2736476.SearchProtectorToolbarDisabled", true);
Presente : user_pref("CT2736476.ServiceMapLastCheckTime", "Sat Oct 22 2011 20:08:16 GMT+0200 (Hora de verano ro[...]
Presente : user_pref("CT2736476.SettingsLastCheckTime", "Fri Aug 26 2011 14:21:28 GMT+0200 (Hora de verano roma[...]
Presente : user_pref("CT2736476.SettingsLastUpdate", "1314028894");
Presente : user_pref("CT2736476.ThirdPartyComponentsInterval", 504);
Presente : user_pref("CT2736476.ThirdPartyComponentsLastCheck", "Fri Aug 26 2011 14:21:27 GMT+0200 (Hora de ver[...]
Presente : user_pref("CT2736476.ThirdPartyComponentsLastUpdate", "1255344657");
Presente : user_pref("CT2736476.ToolbarDisabled", true);
Presente : user_pref("CT2736476.ToolbarShrinkedFromSetup", false);
Presente : user_pref("CT2736476.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2736476");
Presente : user_pref("CT2736476.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Presente : user_pref("CT2736476.UserID", "UN61166362329012572");
Presente : user_pref("CT2736476.alertChannelId", "1128724");
Presente : user_pref("CT2736476.ct2736476.DialogsAlignMode", "LTR");
Presente : user_pref("CT2736476.ct2736476.FeedLastCount129257621460541612", 0);
Presente : user_pref("CT2736476.ct2736476.FeedLastCount129257621968979554", 0);
Presente : user_pref("CT2736476.ct2736476.FeedLastCount129258323135539557", 0);
Presente : user_pref("CT2736476.ct2736476.InvalidateCache", false);
Presente : user_pref("CT2736476.ct2736476.LanguagePackLastCheckTime", "Sat Oct 22 2011 20:08:20 GMT+0200 (Hora [...]
Presente : user_pref("CT2736476.ct2736476.Locale", "de");
Presente : user_pref("CT2736476.ct2736476.RadioLastCheckTime", "Sat Oct 22 2011 20:08:18 GMT+0200 (Hora de vera[...]
Presente : user_pref("CT2736476.ct2736476.RadioLastUpdateIPServer", "3");
Presente : user_pref("CT2736476.ct2736476.RadioLastUpdateServer", "129570411865130000");
Presente : user_pref("CT2736476.ct2736476.SearchInNewTabLastCheckTime", "Sat Oct 22 2011 20:08:20 GMT+0200 (Hor[...]
Presente : user_pref("CT2736476.ct2736476.SettingsLastCheckTime", "Sat Oct 22 2011 20:08:17 GMT+0200 (Hora de v[...]
Presente : user_pref("CT2736476.ct2736476.SettingsLastUpdate", "1314704766");
Presente : user_pref("CT2736476.ct2736476.ThirdPartyComponentsLastCheck", "Sat Oct 22 2011 20:08:16 GMT+0200 (H[...]
Presente : user_pref("CT2736476.ct2736476.ThirdPartyComponentsLastUpdate", "1255344657");
Presente : user_pref("CT2736476.ct2736476.globalFirstTimeInfoLastCheckTime", "Sat Oct 22 2011 20:08:21 GMT+0200[...]
Presente : user_pref("CT2736476.ct2736476.toolbarAppMetaDataLastCheckTime", "Sat Oct 22 2011 20:08:20 GMT+0200 [...]
Presente : user_pref("CT2736476.ct2736476.toolbarContextMenuLastCheckTime", "Sat Oct 22 2011 20:08:20 GMT+0200 [...]
Presente : user_pref("CT2736476.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Presente : user_pref("CT2736476.globalFirstTimeInfoLastCheckTime", "Fri Aug 26 2011 22:22:42 GMT+0200 (Hora de [...]
Presente : user_pref("CT2736476.homepageProtectorEnableByLogin", true);
Presente : user_pref("CT2736476.initDone", true);
Presente : user_pref("CT2736476.isAppTrackingManagerOn", true);
Presente : user_pref("CT2736476.isFirstRadioInstallation", false);
Presente : user_pref("CT2736476.myStuffEnabled", true);
Presente : user_pref("CT2736476.myStuffPublihserMinWidth", 400);
Presente : user_pref("CT2736476.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Presente : user_pref("CT2736476.myStuffServiceIntervalMM", 1440);
Presente : user_pref("CT2736476.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Presente : user_pref("CT2736476.oldAppsList", "129257551953509225,129257551953665476,111,129257617514448028,129[...]
Presente : user_pref("CT2736476.revertSettingsEnabled", true);
Presente : user_pref("CT2736476.searchProtectorDialogDelayInSec", 10);
Presente : user_pref("CT2736476.searchProtectorEnableByLogin", true);
Presente : user_pref("CT2736476.testingCtid", "");
Presente : user_pref("CT2736476.toolbarAppMetaDataLastCheckTime", "Fri Aug 26 2011 14:21:31 GMT+0200 (Hora de v[...]
Presente : user_pref("CT2736476.toolbarContextMenuLastCheckTime", "Fri Aug 26 2011 14:21:33 GMT+0200 (Hora de v[...]
Presente : user_pref("CT2736476.undefined", "Fri Aug 26 2011 14:21:35 GMT+0200 (Hora de verano romance)");
Presente : user_pref("CT2765711..clientLogIsEnabled", false);
Presente : user_pref("CT2765711..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Presente : user_pref("CT2765711..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Presente : user_pref("CT2765711.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Presente : user_pref("CT2765711.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Presente : user_pref("CT2765711.BrowserCompStateIsOpen_129593631219291263", true);
Presente : user_pref("CT2765711.BrowserCompStateIsOpen_129681714285417717", true);
Presente : user_pref("CT2765711.BrowserCompStateIsOpen_129738909627389163", true);
Presente : user_pref("CT2765711.BrowserCompStateIsOpen_5247764004679560773", true);
Presente : user_pref("CT2765711.CT2765711", "CT2765711");
Presente : user_pref("CT2765711.Chat.Meebo.ServerLastCheckTime", "Fri Aug 12 2011 15:00:33 GMT+0200 (Hora de ve[...]
Presente : user_pref("CT2765711.Chat.Meebo.ServerLastResponseTime", "Fri Aug 12 2011 15:00:34 GMT+0200 (Hora de[...]
Presente : user_pref("CT2765711.Chat.Meebo.rooms.2030dff2c5edb1", 5);
Presente : user_pref("CT2765711.Chat.Meebo.rooms.30plusa87dca4f", 2);
Presente : user_pref("CT2765711.Chat.Meebo.rooms.communitychat7d6a306c", 0);
Presente : user_pref("CT2765711.Chat.Meebo.rooms.entertainmentc0ed09fb", 2);
Presente : user_pref("CT2765711.Chat.Meebo.rooms.health3693b665", 0);
Presente : user_pref("CT2765711.Chat.Meebo.rooms.musicj375cf270", 7);
Presente : user_pref("CT2765711.Chat.Meebo.rooms.newsxu117b840d", 2);
Presente : user_pref("CT2765711.Chat.Meebo.rooms.recreationab17d1f9", 0);
Presente : user_pref("CT2765711.Chat.Meebo.rooms.spirituality39155c53", 1);
Presente : user_pref("CT2765711.Chat.Meebo.rooms.sports522528d3", 5);
Presente : user_pref("CT2765711.Chat.Meebo.rooms.technology8bb9fd5b", 1);
Presente : user_pref("CT2765711.Chat.Meebo.rooms.teenagers833b8249", 0);
Presente : user_pref("CT2765711.Chat.Meebo.rooms.travel8c2e48db", 0);
Presente : user_pref("CT2765711.Chat.Meebo.rooms.videogames2fe066e0", 2);
Presente : user_pref("CT2765711.Chat.ServerLastCheckTime", "Fri Aug 12 2011 15:00:31 GMT+0200 (Hora de verano r[...]
Presente : user_pref("CT2765711.CurrentServerDate", "27-4-2012");
Presente : user_pref("CT2765711.DialogsAlignMode", "LTR");
Presente : user_pref("CT2765711.DialogsGetterLastCheckTime", "Fri Apr 27 2012 16:20:40 GMT+0200 (Hora de verano[...]
Presente : user_pref("CT2765711.DownloadReferralCookieData", "");
Presente : user_pref("CT2765711.FirstServerDate", "12-8-2011");
Presente : user_pref("CT2765711.FirstTime", true);
Presente : user_pref("CT2765711.FirstTimeFF3", true);
Presente : user_pref("CT2765711.FixPageNotFoundErrors", false);
Presente : user_pref("CT2765711.GroupingServerCheckInterval", 1440);
Presente : user_pref("CT2765711.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Presente : user_pref("CT2765711.HasUserGlobalKeys", true);
Presente : user_pref("CT2765711.HomePageProtectorEnabled", false);
Presente : user_pref("CT2765711.Initialize", true);
Presente : user_pref("CT2765711.InitializeCommonPrefs", true);
Presente : user_pref("CT2765711.InstallationAndCookieDataSentCount", 3);
Presente : user_pref("CT2765711.InstallationType", "Unknown");
Presente : user_pref("CT2765711.InstalledDate", "Fri Aug 12 2011 15:00:32 GMT+0200 (Hora de verano romance)");
Presente : user_pref("CT2765711.InvalidateCache", false);
Presente : user_pref("CT2765711.IsAlertDBUpdated", true);
Presente : user_pref("CT2765711.IsGrouping", false);
Presente : user_pref("CT2765711.IsInitSetupIni", true);
Presente : user_pref("CT2765711.IsMulticommunity", false);
Presente : user_pref("CT2765711.IsOpenThankYouPage", true);
Presente : user_pref("CT2765711.IsOpenUninstallPage", true);
Presente : user_pref("CT2765711.IsProtectorsInit", true);
Presente : user_pref("CT2765711.LanguagePackLastCheckTime", "Fri Apr 27 2012 09:27:17 GMT+0200 (Hora de verano [...]
Presente : user_pref("CT2765711.LanguagePackReloadIntervalMM", 1440);
Presente : user_pref("CT2765711.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Presente : user_pref("CT2765711.LastLogin_3.12.0.7", "Wed Apr 25 2012 13:24:24 GMT+0200 (Hora de verano romance[...]
Presente : user_pref("CT2765711.LastLogin_3.12.2.3", "Fri Apr 27 2012 16:20:40 GMT+0200 (Hora de verano romance[...]
Presente : user_pref("CT2765711.LastLogin_3.6.0.10", "Tue Sep 20 2011 10:54:06 GMT+0200 (Hora de verano romance[...]
Presente : user_pref("CT2765711.LatestVersion", "3.12.2.3");
Presente : user_pref("CT2765711.Locale", "en-us");
Presente : user_pref("CT2765711.MCDetectTooltipHeight", "83");
Presente : user_pref("CT2765711.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Presente : user_pref("CT2765711.MCDetectTooltipWidth", "295");
Presente : user_pref("CT2765711.MyStuffEnabledAtInstallation", true);
Presente : user_pref("CT2765711.OriginalFirstVersion", "3.6.0.10");
Presente : user_pref("CT2765711.RadioIsPodcast", false);
Presente : user_pref("CT2765711.RadioLastCheckTime", "Tue Sep 20 2011 10:54:05 GMT+0200 (Hora de verano romance[...]
Presente : user_pref("CT2765711.RadioLastUpdateIPServer", "3");
Presente : user_pref("CT2765711.RadioLastUpdateServer", "3");
Presente : user_pref("CT2765711.RadioMediaID", "9962");
Presente : user_pref("CT2765711.RadioMediaType", "Media Player");
Presente : user_pref("CT2765711.RadioMenuSelectedID", "EBRadioMenu_CT27657119962");
Presente : user_pref("CT2765711.RadioShrinkedFromSetup", false);
Presente : user_pref("CT2765711.RadioStationName", "California%20Rock");
Presente : user_pref("CT2765711.RadioStationURL", "hxxp://feedlive.net/california.asx");
Presente : user_pref("CT2765711.SearchEngineBeforeUnload", "Google");
Presente : user_pref("CT2765711.SearchFromAddressBarIsInit", true);
Presente : user_pref("CT2765711.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT276[...]
Presente : user_pref("CT2765711.SearchInNewTabEnabled", true);
Presente : user_pref("CT2765711.SearchInNewTabIntervalMM", 1440);
Presente : user_pref("CT2765711.SearchInNewTabLastCheckTime", "Fri Apr 27 2012 09:27:18 GMT+0200 (Hora de veran[...]
Presente : user_pref("CT2765711.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Presente : user_pref("CT2765711.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Presente : user_pref("CT2765711.SearchProtectorEnabled", false);
Presente : user_pref("CT2765711.SearchProtectorToolbarDisabled", true);
Presente : user_pref("CT2765711.ServiceMapLastCheckTime", "Fri Apr 27 2012 09:27:17 GMT+0200 (Hora de verano ro[...]
Presente : user_pref("CT2765711.SettingsLastCheckTime", "Fri Apr 27 2012 16:20:34 GMT+0200 (Hora de verano roma[...]
Presente : user_pref("CT2765711.SettingsLastUpdate", "1332161932");
Presente : user_pref("CT2765711.ThirdPartyComponentsInterval", 504);
Presente : user_pref("CT2765711.ThirdPartyComponentsLastCheck", "Tue Sep 20 2011 10:54:03 GMT+0200 (Hora de ver[...]
Presente : user_pref("CT2765711.ThirdPartyComponentsLastUpdate", "1312887586");
Presente : user_pref("CT2765711.ToolbarDisabled", true);
Presente : user_pref("CT2765711.ToolbarShrinkedFromSetup", false);
Presente : user_pref("CT2765711.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2765711");
Presente : user_pref("CT2765711.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Presente : user_pref("CT2765711.UserID", "UN95954063090179165");
Presente : user_pref("CT2765711.alertChannelId", "1157832");
Presente : user_pref("CT2765711.components.1000034", false);
Presente : user_pref("CT2765711.components.1000234", false);
Presente : user_pref("CT2765711.components.1000515", false);
Presente : user_pref("CT2765711.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Presente : user_pref("CT2765711.globalFirstTimeInfoLastCheckTime", "Tue Sep 20 2011 10:54:06 GMT+0200 (Hora de [...]
Presente : user_pref("CT2765711.homepageProtectorEnableByLogin", true);
Presente : user_pref("CT2765711.initDone", true);
Presente : user_pref("CT2765711.isAppTrackingManagerOn", true);
Presente : user_pref("CT2765711.isFirstRadioInstallation", false);
Presente : user_pref("CT2765711.myStuffEnabled", true);
Presente : user_pref("CT2765711.myStuffPublihserMinWidth", 400);
Presente : user_pref("CT2765711.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Presente : user_pref("CT2765711.myStuffServiceIntervalMM", 1440);
Presente : user_pref("CT2765711.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Presente : user_pref("CT2765711.oldAppsList", "129279218435538092,129279218435694344,111,5247764004679560773,12[...]
Presente : user_pref("CT2765711.revertSettingsEnabled", true);
Presente : user_pref("CT2765711.searchProtectorDialogDelayInSec", 10);
Presente : user_pref("CT2765711.searchProtectorEnableByLogin", true);
Presente : user_pref("CT2765711.testingCtid", "");
Presente : user_pref("CT2765711.toolbarAppMetaDataLastCheckTime", "Fri Apr 27 2012 09:27:17 GMT+0200 (Hora de v[...]
Presente : user_pref("CT2765711.toolbarContextMenuLastCheckTime", "Tue Sep 20 2011 10:54:06 GMT+0200 (Hora de v[...]
Presente : user_pref("CT2851619..clientLogIsEnabled", false);
Presente : user_pref("CT2851619..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Presente : user_pref("CT2851619..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Presente : user_pref("CT2851619.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Presente : user_pref("CT2851619.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Presente : user_pref("CT2851619.CTID", "CT2851619");
Presente : user_pref("CT2851619.CurrentServerDate", "27-4-2012");
Presente : user_pref("CT2851619.DialogsAlignMode", "LTR");
Presente : user_pref("CT2851619.DialogsGetterLastCheckTime", "Fri Apr 27 2012 16:20:35 GMT+0200 (Hora de verano[...]
Presente : user_pref("CT2851619.DownloadReferralCookieData", "");
Presente : user_pref("CT2851619.EMailNotifierPollDate", "Thu Dec 30 2010 18:30:04 GMT+0100");
Presente : user_pref("CT2851619.FeedLastCount7385351973121203554", 183);
Presente : user_pref("CT2851619.FeedPollDate129351507549806741", "Thu Dec 30 2010 18:25:04 GMT+0100");
Presente : user_pref("CT2851619.FeedPollDate129351507550119247", "Thu Dec 30 2010 18:25:04 GMT+0100");
Presente : user_pref("CT2851619.FeedPollDate129351507550119253", "Thu Dec 30 2010 18:25:04 GMT+0100");
Presente : user_pref("CT2851619.FeedPollDate129351507550119259", "Thu Dec 30 2010 18:25:05 GMT+0100");
Presente : user_pref("CT2851619.FeedPollDate129351507550119265", "Thu Dec 30 2010 18:25:05 GMT+0100");
Presente : user_pref("CT2851619.FeedPollDate129351507550119271", "Thu Dec 30 2010 18:25:05 GMT+0100");
Presente : user_pref("CT2851619.FeedPollDate129351507550119277", "Thu Dec 30 2010 18:25:05 GMT+0100");
Presente : user_pref("CT2851619.FeedPollDate129351507550119283", "Thu Dec 30 2010 18:25:05 GMT+0100");
Presente : user_pref("CT2851619.FeedPollDate129351507550119289", "Thu Dec 30 2010 18:25:05 GMT+0100");
Presente : user_pref("CT2851619.FeedPollDate129351507550119295", "Thu Dec 30 2010 18:25:05 GMT+0100");
Presente : user_pref("CT2851619.FeedPollDate129351507550119301", "Thu Dec 30 2010 18:25:05 GMT+0100");
Presente : user_pref("CT2851619.FeedTTL129351507549806741", 10);
Presente : user_pref("CT2851619.FeedTTL129351507550119265", 15);
Presente : user_pref("CT2851619.FeedTTL129351507550119277", 5);
Presente : user_pref("CT2851619.FeedTTL129351507550119289", 5);
Presente : user_pref("CT2851619.FirstServerDate", "30-12-2010");
Presente : user_pref("CT2851619.FirstTime", true);
Presente : user_pref("CT2851619.FirstTimeFF3", true);
Presente : user_pref("CT2851619.FixPageNotFoundErrors", false);
Presente : user_pref("CT2851619.GroupingServerCheckInterval", 1440);
Presente : user_pref("CT2851619.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Presente : user_pref("CT2851619.HasUserGlobalKeys", true);
Presente : user_pref("CT2851619.Initialize", true);
Presente : user_pref("CT2851619.InitializeCommonPrefs", true);
Presente : user_pref("CT2851619.InstallationAndCookieDataSentCount", 3);
Presente : user_pref("CT2851619.InstallationType", "UnknownIntegration");
Presente : user_pref("CT2851619.InstalledDate", "Thu Dec 30 2010 18:25:04 GMT+0100");
Presente : user_pref("CT2851619.IsGrouping", false);
Presente : user_pref("CT2851619.IsMulticommunity", false);
Presente : user_pref("CT2851619.IsOpenThankYouPage", true);
Presente : user_pref("CT2851619.IsOpenUninstallPage", false);
Presente : user_pref("CT2851619.LanguagePackLastCheckTime", "Fri Apr 27 2012 09:27:16 GMT+0200 (Hora de verano [...]
Presente : user_pref("CT2851619.LanguagePackReloadIntervalMM", 1440);
Presente : user_pref("CT2851619.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Presente : user_pref("CT2851619.LastLogin_3.12.0.7", "Wed Apr 25 2012 13:24:20 GMT+0200 (Hora de verano romance[...]
Presente : user_pref("CT2851619.LastLogin_3.12.2.3", "Fri Apr 27 2012 16:20:34 GMT+0200 (Hora de verano romance[...]
Presente : user_pref("CT2851619.LastLogin_3.2.5.2", "Fri Dec 31 2010 13:17:47 GMT+0100");
Presente : user_pref("CT2851619.LatestVersion", "3.12.2.3");
Presente : user_pref("CT2851619.Locale", "es");
Presente : user_pref("CT2851619.MCDetectTooltipHeight", "83");
Presente : user_pref("CT2851619.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Presente : user_pref("CT2851619.MCDetectTooltipWidth", "295");
Presente : user_pref("CT2851619.MyStuffEnabledAtInstallation", true);
Presente : user_pref("CT2851619.SHRINK_TOOLBAR", 1);
Presente : user_pref("CT2851619.SearchBoxWidth", 266);
Presente : user_pref("CT2851619.SearchFromAddressBarIsInit", true);
Presente : user_pref("CT2851619.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Presente : user_pref("CT2851619.SearchInNewTabEnabled", true);
Presente : user_pref("CT2851619.SearchInNewTabIntervalMM", 1440);
Presente : user_pref("CT2851619.SearchInNewTabLastCheckTime", "Fri Apr 27 2012 09:27:17 GMT+0200 (Hora de veran[...]
Presente : user_pref("CT2851619.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Presente : user_pref("CT2851619.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Presente : user_pref("CT2851619.SearchProtectorToolbarDisabled", true);
Presente : user_pref("CT2851619.ServiceMapLastCheckTime", "Fri Apr 27 2012 09:27:16 GMT+0200 (Hora de verano ro[...]
Presente : user_pref("CT2851619.SettingsLastCheckTime", "Fri Apr 27 2012 16:20:31 GMT+0200 (Hora de verano roma[...]
Presente : user_pref("CT2851619.SettingsLastUpdate", "1334667407");
Presente : user_pref("CT2851619.ThirdPartyComponentsInterval", 504);
Presente : user_pref("CT2851619.ThirdPartyComponentsLastCheck", "Thu Dec 30 2010 18:25:03 GMT+0100");
Presente : user_pref("CT2851619.ThirdPartyComponentsLastUpdate", "1255523270");
Presente : user_pref("CT2851619.ToolbarDisabled", true);
Presente : user_pref("CT2851619.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851619");
Presente : user_pref("CT2851619.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Presente : user_pref("CT2851619.UserID", "UN35404110299853353");
Presente : user_pref("CT2851619.ValidationData_Toolbar", 2);
Presente : user_pref("CT2851619.WeatherNetwork", "");
Presente : user_pref("CT2851619.WeatherPollDate", "Thu Dec 30 2010 18:25:10 GMT+0100");
Presente : user_pref("CT2851619.WeatherUnit", "C");
Presente : user_pref("CT2851619.alertChannelId", "1243654");
Presente : user_pref("CT2851619.components.1000034", false);
Presente : user_pref("CT2851619.components.1000234", false);
Presente : user_pref("CT2851619.components.129351507536056632", false);
Presente : user_pref("CT2851619.components.129351507536681634", false);
Presente : user_pref("CT2851619.components.129351507536837885", false);
Presente : user_pref("CT2851619.components.129351507538556665", false);
Presente : user_pref("CT2851619.components.129351507538712916", false);
Presente : user_pref("CT2851619.components.7385351973121203554", false);
Presente : user_pref("CT2851619.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Presente : user_pref("CT2851619.homepageProtectorEnableByLogin", true);
Presente : user_pref("CT2851619.initDone", true);
Presente : user_pref("CT2851619.myStuffEnabled", true);
Presente : user_pref("CT2851619.myStuffPublihserMinWidth", 400);
Presente : user_pref("CT2851619.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Presente : user_pref("CT2851619.myStuffServiceIntervalMM", 1440);
Presente : user_pref("CT2851619.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Presente : user_pref("CT2851619.revertSettingsEnabled", true);
Presente : user_pref("CT2851619.searchProtectorDialogDelayInSec", 10);
Presente : user_pref("CT2851619.searchProtectorEnableByLogin", true);
Presente : user_pref("CT2851619.testingCtid", "");
Presente : user_pref("CT2851619.toolbarAppMetaDataLastCheckTime", "Fri Apr 27 2012 09:27:16 GMT+0200 (Hora de v[...]
Presente : user_pref("CT2851619.toolbarContextMenuLastCheckTime", "Thu Dec 30 2010 18:25:07 GMT+0100");
Presente : user_pref("CT2851619.usagesFlag", 2);
Presente : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2851619,CT1854633");
Presente : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2736476&Search[...]
Presente : user_pref("CommunityToolbar.ConduitSearchList", "Freeware.de Customized Web Search");
Presente : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2765711/CT2765711[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851619/CT2851619[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=45380&fid=44857", "\"0\"");
Presente : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1157832/1153519/ES", "\"0\"[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243654/1239327/ES", "\"0\"[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/130890/130100/ES", "\"0\"")[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/ES", "\"0\"");
Presente : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/ES", "\"0\"")[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/996967/992686/ES", "\"0\"")[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT127144", "[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1854633", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2604146", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2736476", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2765711", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851619", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2319825", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724386", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2736476", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1854633",[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2604146",[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2736476",[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2765711",[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851619",[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT127144&octid=C[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2736476&octid=[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2765711&octid=[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2319825&octid=[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2736476&octid=[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1854633/CT1854633[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2604146/CT2604146[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2724386/CT2724386[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2851619/CT2851619[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2724386/CT2724386[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/maxi.gif"[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/pause_min[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/Idle.GIF", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/mini.gif", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/play.gif", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/stop.gif", [...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/volume.gif"[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"08b[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=es", "\"9a2[...]
Presente : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16332734.xml", "\"3f9442696718299f16a[...]
Presente : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Presente : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Presente : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Presente : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Presente : user_pref("CommunityToolbar.IsEngineShown", false);
Presente : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Presente : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\ALF\\AppData\\Roaming\\Mozilla\\Fir[...]
Presente : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Presente : user_pref("CommunityToolbar.MiniIPageGadgetPosition. hxxp://cap1stg.conduit-apps.com/Apps/Spilgames/[...]
Presente : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Presente : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Presente : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Presente : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/?loc=ff_a[...]
Presente : user_pref("CommunityToolbar.ToolbarsList", "CT127144,ConduitEngine,CT2851619,CT1854633,CT2604146,CT2[...]
Presente : user_pref("CommunityToolbar.ToolbarsList2", "CT127144,CT2851619,CT1854633,CT2604146,CT2765711,CT2736[...]
Presente : user_pref("CommunityToolbar.ToolbarsList4", "CT2765711,CT2736476");
Presente : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Apr 18 2011 16:50:14 GMT+02[...]
Presente : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Presente : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jun 19 2011 09:22:05 GMT+0200 (Hora [...]
Presente : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Presente : user_pref("CommunityToolbar.alert.locale", "en");
Presente : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Presente : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 23:22:42 GMT+0200 (Hora de v[...]
Presente : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Presente : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Presente : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Presente : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Presente : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Presente : user_pref("CommunityToolbar.alert.userId", "6a2b28e6-e13d-460a-b814-2884e32b6d55");
Presente : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Sep 17 2011 23:28:07 GMT+0200 (Hor[...]
Presente : user_pref("CommunityToolbar.globalUserId", "6702e9cf-f890-4424-9bb3-b5b031c3f118");
Presente : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Presente : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Presente : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1854633");
Presente : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Oct 22 2011 20:08:1[...]
Presente : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Presente : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Presente : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Aug 12 2011 15:00:40 GMT+020[...]
Presente : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Presente : user_pref("CommunityToolbar.notifications.locale", "en");
Presente : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Presente : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Oct 22 2011 20:08:18 GMT+0200 (H[...]
Presente : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Presente : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Presente : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Presente : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Presente : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Presente : user_pref("CommunityToolbar.notifications.userId", "ae5aff8e-2c51-47a2-b25d-d5b4c1073a48");
Presente : user_pref("CommunityToolbar.twitter.user_16332734.LastCheckTime", "Thu Jul 07 2011 20:26:09 GMT+0200[...]
Presente : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 16 2011 22:25:28 GMT+0200 (Hora de vera[...]
Presente : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Apr 23 2011 21:38:26 GMT+0200 (Hora de ve[...]
Presente : user_pref("ConduitEngine.FirstServerDate", "12/27/2010 21");
Presente : user_pref("ConduitEngine.FirstTime", true);
Presente : user_pref("ConduitEngine.FirstTimeFF3", true);
Presente : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Presente : user_pref("ConduitEngine.HideEngineAfterRestart", false);
Presente : user_pref("ConduitEngine.Initialize", true);
Presente : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Presente : user_pref("ConduitEngine.InstalledDate", "Mon Dec 27 2010 19:06:41 GMT+0100");
Presente : user_pref("ConduitEngine.IsMulticommunity", false);
Presente : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Presente : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Presente : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Apr 26 2011 14:03:11 GMT+0200 (Hora de ver[...]
Presente : user_pref("ConduitEngine.LastLogin_3.2.1.3", "Mon Dec 27 2010 19:06:45 GMT+0100");
Presente : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Apr 26 2011 14:03:11 GMT+0200 (Hora de verano roma[...]
Presente : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Presente : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Presente : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Apr 26 2011 17:20:02 GMT+0200 (Hora de verano [...]
Presente : user_pref("ConduitEngine.UserID", "UN45496198082096042");
Presente : user_pref("ConduitEngine.engineLocale", "en-GB");
Presente : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Apr 26 2011 14:03:11 GMT+0200 (Hora [...]
Presente : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Apr 26 2011 14:03:11 GMT+0200 (Hora[...]
Presente : user_pref("ConduitEngine.initDone", true);
Presente : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Presente : user_pref("ConduitEngine.usagesFlag", 2);
Presente : user_pref("browser.search.defaultengine", "Ask.com");
Presente : user_pref("browser.search.defaultthis.engineName", "Freeware.de Customized Web Search");
Presente : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&Sea[...]
Presente : user_pref("browser.search.order.1", "Ask.com");
Presente : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Presente : user_pref("extensions.BabylonToolbar_i.babExt", "");
Presente : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111304");
Presente : user_pref("extensions.BabylonToolbar_i.hardId", "7a93f7d200000000000022234d6aafb3");
Presente : user_pref("extensions.BabylonToolbar_i.id", "7a93f7d200000000000022234d6aafb3");
Presente : user_pref("extensions.BabylonToolbar_i.instlDay", "15417");
Presente : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Presente : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Presente : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Presente : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Presente : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Presente : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Presente : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Presente : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:27:38");
Presente : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Presente : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Presente : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
-\\ Google Chrome v [Imposible obtener la versión]
Fichero : C:\Users\ALF\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] El fichero no contiene ninguna entrada ilegítima.
-\\ Chromium v: {
show_on_all_tabs: true
}
Fichero : C:\Users\ALF\AppData\Local\Chromium\User Data\Default\Preferences
[OK] El fichero no contiene ninguna entrada ilegítima.
*************************
AdwCleaner[R1].txt - [82375 octets] - [05/02/2013 11:38:52]
AdwCleaner[R2].txt - [82305 octets] - [05/02/2013 11:43:49]
########## EOF - C:\AdwCleaner[R2].txt - [82366 octets] ##########
|
|
05.02.2013, 20:59
| #9 |
| /// Helfer-Team | In Firefox öffnet sich neues Fenster ( mit Wikipedia ) adw Cleaner loeschen und neu runterladen und anweisungen folgen! Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
06.02.2013, 17:34
| #10 |
| | In Firefox öffnet sich neues Fenster ( mit Wikipedia ) PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 18.0 ist aktuell Flash (11,5,502,146) ist aktuell. Java (1,7,0,13) ist aktuell. undefined Zurück Tools: StartSeite PluginCheck Secunia Online Scan Weiterführendes: Java Updaten und Einstellen Secunia Personal Software Inspector (PSI) Family: TR/Agent Plug-In in Firefox istdeaktiviert (das Java-Toolkit nicht ). Bildschirminhalt nach Deaktivierung von Java: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 18.0 ist aktuell Flash (11,5,502,146) ist aktuell. Java ist Installiert aber nicht aktiviert. undefined Zurück Tools: StartSeite PluginCheck Secunia Online Scan Weiterführendes: Java Updaten und Einstellen Secunia Personal Software Inspector (PSI) Family: TR/Agent Ghostery has found the following on this page:Google Analytics Die Logs nach AdwCleaner Anwendung:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.111 - Fichero creado el 06/02/2013 a 17:39:08
# Actualizado el 05/02/2013 por Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (32 bits)
# Usuario : ALF - ALF-PC
# Modo de inicio : Normal
# Ejecutado desde : C:\Users\ALF\Desktop\Data In\adwcleaner.exe
# Opción [Búsqueda]
***** [Servicios] *****
***** [Ficheros / Carpetas] *****
***** [Registro] *****
***** [Navegadores] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] El registro no contiene ninguna entrada ilegítima.
-\\ Mozilla Firefox v18.0.1 (en-GB)
Fichero : C:\Users\ALF\AppData\Roaming\Mozilla\Firefox\Profiles\3xr45n3g.default\prefs.js
[OK] El fichero no contiene ninguna entrada ilegítima.
-\\ Google Chrome v [Imposible obtener la versión]
Fichero : C:\Users\ALF\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] El fichero no contiene ninguna entrada ilegítima.
-\\ Chromium v: {
show_on_all_tabs: true
}
Fichero : C:\Users\ALF\AppData\Local\Chromium\User Data\Default\Preferences
[OK] El fichero no contiene ninguna entrada ilegítima.
*************************
AdwCleaner[R1].txt - [82375 octets] - [05/02/2013 11:38:52]
AdwCleaner[R2].txt - [82436 octets] - [05/02/2013 11:43:49]
AdwCleaner[R3].txt - [1276 octets] - [06/02/2013 17:39:08]
AdwCleaner[S1].txt - [83878 octets] - [05/02/2013 11:44:34]
########## EOF - C:\AdwCleaner[R3].txt - [1397 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.111 - Fichero creado el 06/02/2013 a 17:40:44
# Actualizado el 05/02/2013 por Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (32 bits)
# Usuario : ALF - ALF-PC
# Modo de inicio : Normal
# Ejecutado desde : C:\Users\ALF\Desktop\Data In\adwcleaner.exe
# Opción [Supresión]
***** [Servicios] *****
***** [Ficheros / Carpetas] *****
***** [Registro] *****
***** [Navegadores] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] El registro no contiene ninguna entrada ilegítima.
-\\ Mozilla Firefox v18.0.1 (en-GB)
Fichero : C:\Users\ALF\AppData\Roaming\Mozilla\Firefox\Profiles\3xr45n3g.default\prefs.js
[OK] El fichero no contiene ninguna entrada ilegítima.
-\\ Google Chrome v [Imposible obtener la versión]
Fichero : C:\Users\ALF\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] El fichero no contiene ninguna entrada ilegítima.
-\\ Chromium v: {
show_on_all_tabs: true
}
Fichero : C:\Users\ALF\AppData\Local\Chromium\User Data\Default\Preferences
[OK] El fichero no contiene ninguna entrada ilegítima.
*************************
AdwCleaner[R1].txt - [82375 octets] - [05/02/2013 11:38:52]
AdwCleaner[R2].txt - [82436 octets] - [05/02/2013 11:43:49]
AdwCleaner[R3].txt - [1466 octets] - [06/02/2013 17:39:08]
AdwCleaner[S1].txt - [83878 octets] - [05/02/2013 11:44:34]
AdwCleaner[S2].txt - [1398 octets] - [06/02/2013 17:40:44]
########## EOF - C:\AdwCleaner[S2].txt - [1458 octets] ##########
Der sagt "[OK] El fichero no contiene ninguna entrada ilegítima." - Alsomüsste es ja jetzt Ok sein - oder ? |
|
07.02.2013, 00:52
| #11 |
| /// Helfer-Team | In Firefox öffnet sich neues Fenster ( mit Wikipedia ) Sehr gut!  damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
07.02.2013, 13:51
| #12 |
| | In Firefox öffnet sich neues Fenster ( mit Wikipedia ) Hier isses...AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.111 - Fichero creado el 07/02/2013 a 13:42:07
# Actualizado el 05/02/2013 por Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (32 bits)
# Usuario : ALF - ALF-PC
# Modo de inicio : Normal
# Ejecutado desde : C:\Users\ALF\Desktop\Data In\adwcleaner.exe
# Opción [Supresión]
***** [Servicios] *****
***** [Ficheros / Carpetas] *****
***** [Registro] *****
***** [Navegadores] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] El registro no contiene ninguna entrada ilegítima.
-\\ Mozilla Firefox v18.0.1 (en-GB)
Fichero : C:\Users\ALF\AppData\Roaming\Mozilla\Firefox\Profiles\3xr45n3g.default\prefs.js
[OK] El fichero no contiene ninguna entrada ilegítima.
-\\ Google Chrome v [Imposible obtener la versión]
Fichero : C:\Users\ALF\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] El fichero no contiene ninguna entrada ilegítima.
-\\ Chromium v: {
show_on_all_tabs: true
}
Fichero : C:\Users\ALF\AppData\Local\Chromium\User Data\Default\Preferences
[OK] El fichero no contiene ninguna entrada ilegítima.
*************************
AdwCleaner[R1].txt - [82375 octets] - [05/02/2013 11:38:52]
AdwCleaner[R2].txt - [82436 octets] - [05/02/2013 11:43:49]
AdwCleaner[R3].txt - [1466 octets] - [06/02/2013 17:39:08]
AdwCleaner[R4].txt - [1586 octets] - [07/02/2013 13:41:07]
AdwCleaner[S1].txt - [83878 octets] - [05/02/2013 11:44:34]
AdwCleaner[S2].txt - [1527 octets] - [06/02/2013 17:40:44]
AdwCleaner[S3].txt - [1518 octets] - [07/02/2013 13:42:07]
########## EOF - C:\AdwCleaner[S3].txt - [1578 octets] ##########
Nochmals HERZLICHSTEN DANK !!! für Deine Hilfe !!! |
|
07.02.2013, 18:24
| #13 |
| /// Helfer-Team | In Firefox öffnet sich neues Fenster ( mit Wikipedia ) wir wuenschen eine virenfreie Zeit  |
|
08.02.2013, 15:10
| #14 |
| | In Firefox öffnet sich neues Fenster ( mit Wikipedia ) Gleichfalls ! ...und vielen Dank noch 'mal ! |
|
| Themen zu In Firefox öffnet sich neues Fenster ( mit Wikipedia ) |
| adobe, adobe flash player, appdata, code, crypt, down, explorer.exe, firefox, flash player, gmer, harddisk, ntdll.dll, port, problem, registry, rundll, rundll32.exe, scan, service.exe, software, system, system32, temp, toshiba, windows, öffnet |
Linear-Darstellung
