| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mahnungsmail von NortonWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.05.2013, 21:02
| #1 |
| |  Mahnungsmail von Norton Hallo, ich habe eine Mail bekommen von inkassobuy.norton.com. Sehr geehrte/r Rabea Wilke, mit Bezug auf unsere Rechnung Nr.: 3369042158 und unsere 1. sowie auch unsere zweite Abmahnung mussten wir soeben festellen, dass Ihre Zahlung bei uns noch immer nicht eingegangen ist. Dies ist ein gesetzlicher Vertragsbruch Ihrerseits. Nach geltendem Recht könnten wir die offene Forderung bereits jetzt bei Gericht anklagen. Wir schenken Ihnen trotzdem noch eine letzte Möglichkeit, Ihre vertragliche Verpflichtung zu erfüllen, indem Sie unverzüglich die ausstehende Summe in Höhe von 654,00 EU an uns zur Zahlung bringen. Die Kontodaten ersehen Sie im beigefügtem Vertrag. Mail-Support@norton.de Tel. 0800 0700 / 2702 buy.norton.com Geschäftsführer Max Schulz Umsatzsteuer DE 1942868845 diese mail hatte einen zip anhang. leider habe ich darauf geklickt. jetzt weiß ich nicht, ob ich mir nen trojaner eingefangen habe. lt. trojaner remover ist da nix. was muss ich jetzt am besten machen? lg rabea |
|
13.05.2013, 21:39
| #2 |
| /// Helfer-Team  | Mahnungsmail von Norton Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers dann: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
13.05.2013, 23:27
| #3 |
| | Mahnungsmail von Norton OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 13.05.2013 23:41:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*******\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,95 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 21,05% Memory free
7,90 Gb Paging File | 1,39 Gb Available in Paging File | 17,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683,81 Gb Total Space | 622,78 Gb Free Space | 91,08% Space Free | Partition Type: NTFS
Drive D: | 14,53 Gb Total Space | 1,79 Gb Free Space | 12,33% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 98,87 Mb Total Space | 88,60 Mb Free Space | 89,62% Space Free | Partition Type: FAT32
Computer Name: **********-HP | User Name: ********* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08EE70A8-5CCF-4C25-B3D6-4EB68A6CCE6F}" = lport=138 | protocol=17 | dir=in | app=system |
"{1FCE72C0-12D1-4966-907A-E42BD621F2D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{26531078-B765-49C2-9666-9A788BEA9403}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2987494A-5842-43A0-857E-B12842247701}" = lport=139 | protocol=6 | dir=in | app=system |
"{314D8E71-7FC3-49E8-A7BB-F13890156B5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31CCE939-ED31-4EE3-9880-715E6077379A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3774D691-F084-41E8-AD87-FFC2419FD66D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3EBBCC5A-8A3E-49CD-BF83-E3FE3A7602FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50FFC4ED-CCDB-4AAC-BDC2-EA2562B579A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57827288-0C8C-4F6A-BB70-C2F83E3F68DA}" = rport=139 | protocol=6 | dir=out | app=system |
"{5FB93D15-3647-48CF-BA4B-BB9FBC4E55BC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7C12BDFE-AF60-4CE1-B44F-A1A5A2A81AEF}" = rport=138 | protocol=17 | dir=out | app=system |
"{7EEBA00E-6080-42DE-91FF-E55B648B9437}" = lport=137 | protocol=17 | dir=in | app=system |
"{830C094F-C308-4AE7-976E-B7C43A85BCD3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{838BD8F5-9A7D-4074-9972-DF80AD309B80}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89A97ACB-D9FE-47EB-BD38-15B92D1A4503}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95317372-84AF-4013-9CE0-5A237175D17B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A17DC791-7D20-44FD-B176-6739D917A9E5}" = rport=445 | protocol=6 | dir=out | app=system |
"{BDFA92E3-B2C4-4AB1-B8D3-36CF53F4452F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2D02F6B-A65A-4A4E-BCEE-00354D5D5085}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2D2FCC2-1878-4815-9CE8-EED276C5D2F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D130A471-C031-4B02-8DF9-89A348392C91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F11DFD3A-8B13-4C79-97F3-3410582A6714}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9629B89-1A24-41A8-8047-D2277667988A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FFA80403-5601-423F-B960-E176EBBEF0DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001B7C16-EE99-43EA-A707-51D1920555E9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{018B5550-C2D2-4A85-8AF8-17C527080DEB}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{022C29B8-D463-4F05-B994-92D73509790B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{06F2C796-983E-4CA0-9213-00932869156D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07F48220-5AAD-4314-9A06-574DC48ED0C1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{08DDCF70-8120-48AF-9E3E-EE7C3C17E7A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{121B346D-B8D5-434C-A600-31506C9468B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1227D280-162C-4D18-B3CF-6F394A3A2B86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{161DDFFE-81E4-42D2-81D0-5D904EFAD0A3}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{198135B9-25C6-461C-8CE8-493615F0BCAB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1A763CD7-82E8-49BC-891E-08E9D93590A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{242E4705-A308-4498-B7F4-A6D3F90654FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B129D76-E223-485C-8399-DAC7B35666D3}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{2E7C2E16-B380-4B7E-B080-46D8E00A2ABA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3256CD5A-BDE4-4519-8461-814286E0C95E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{3962EA06-7F4F-438F-8B68-EEE7C9CB8961}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{398DE387-CEBD-4748-86A8-56E30037D0DC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3AE85D04-7E5A-4E0B-BAA0-4956E039035E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{3CC0B62C-BE71-4978-B2C8-BB8305AD7AC4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3D6603FC-EE29-42E2-9E74-73A98B1D3D2E}" = protocol=6 | dir=in | app=c:\users\königskind\appdata\local\temp\7zs62fb\hpdiagnosticcoreui.exe |
"{40CF338C-EB9B-458E-BA36-48F377EE86B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{40F0DC15-58FC-4790-91BA-1B805B1429BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{41654C6A-07B7-4920-980A-EE402EB33B0B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{5230F3EC-1A41-4756-87F2-D1FAEF175155}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{5FD502C4-BC81-45DF-9C3F-4AC81EAE7C36}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{6931D7FA-7A0E-450D-8C82-E5F1766FEEA3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{6DB2DF5B-FC8C-4056-80F9-38F614693569}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{7235F566-9A59-45C6-AC73-38F23173E8FD}" = protocol=6 | dir=out | app=system |
"{7F733D03-E4E9-467B-9E39-1F80B9B1EA09}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F76C8E6-D3A9-48AC-A186-BBB60CFCA235}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{82391602-FFF2-4D9B-B8B5-83C3033EEB2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{859BE05D-86F7-4681-879D-E62BFBA982AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{86804ADF-2050-4C1B-870C-35667D7B6616}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89229185-A4C0-4213-99B7-715ECD409569}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{8DE84CFB-4E2D-48A0-B8D7-23DD648E3F64}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{9864A5B5-C758-4CBF-BDA8-4135325BC730}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{9917E7E1-6DDD-4744-8263-9FD06E4777BE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9F0D289F-9143-4A98-82FF-8BFF49BF9C9B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A69CB629-D11D-463C-B688-265D727DE497}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{AB66B8DA-4A6F-46DB-9624-9241F5E4E961}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC57B777-0E03-4822-8E3A-9DEF28841EC9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1A3823E-CFC8-4253-A53B-C72372C904F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DD122990-66A1-4185-AB41-642E9E8E099F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DE769015-6999-4A52-B86A-945A18AF1AE3}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{E2DECE6B-F5DA-46D0-A701-DF14BC78CE98}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{E7314E6B-A6E6-4F6A-B058-98D22D0EC721}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{F0E8B66B-0102-4FE9-BF08-04329009EED0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F40A7290-061C-4D8F-919C-797D0D4F00F5}" = protocol=17 | dir=in | app=c:\users\königskind\appdata\local\temp\7zs62fb\hpdiagnosticcoreui.exe |
"{F42E65EC-1A3B-4F0C-95E7-50AB5ADDE05B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEA3F7D9-7875-4E39-8139-E09B8C61D3EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{D0A6BB10-CC5D-BDB8-6EF6-F9817F9CBECE}" = ATI Catalyst Install Manager
"{D2458705-A810-63B8-0FD5-C0DB30F1294A}" = ccc-utility64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033FB210-6390-F594-691B-336F34197698}" = CCC Help Finnish
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C107330-16DF-4D39-AA74-0E5448AED9E8}" = HP Documentation
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22C8EC80-0866-4122-A9D3-0C89B35CD358}" = Catalyst Control Center Profiles Mobile
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2E98073C-A62D-2C9E-3729-3ABFDC23EA26}" = CCC Help Portuguese
"{2EEA0953-E1BB-595A-9C97-5299F17F4FCE}" = CCC Help Polish
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{325988C2-8D7B-460E-8F6F-4747129CA495}" = ZoneAlarm Security
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EFEA7DE-A061-1B59-1AF7-24457B5376F8}" = CCC Help Korean
"{5486C37D-73E8-4C31-A3FA-D796494F8286}" = Catalyst Control Center - Branding
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C8F9B7-61D9-9AAE-9788-46FBA690C927}" = CCC Help Thai
"{6A068745-2B19-9131-2337-3987B7EE2139}" = CCC Help Chinese Standard
"{6A440BB0-FCBB-1894-91DF-CC77D3552676}" = CCC Help Dutch
"{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7451FD2D-1A23-4E67-92CD-8EDDD1846917}" = AVG PC TuneUp Language Pack (de-DE)
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7607DD9E-FA07-AD76-CEAB-174EA6B6EFC6}" = CCC Help Russian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{81A9D294-775E-4535-F2AC-82AC8BD5F314}" = CCC Help Chinese Traditional
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{878DD5CB-4723-D481-E75B-16D5E4B14EB4}" = CCC Help French
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89857FF8-4D1C-1628-13C2-6EB7A2226302}" = Catalyst Control Center InstallProxy
"{8BFA58D0-D782-8F29-DF73-01658852C812}" = CCC Help Spanish
"{8C02EB1E-1C4B-B42E-8104-3D372C08FDBD}" = PX Profile Update
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{912FFBD2-DAB4-D1BC-F29D-D9A0667818F3}" = CCC Help German
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9532F6E0-ED0A-41A4-87F9-49478E44E8C1}" = ZoneAlarm Antivirus
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A69CF711-D6DD-4BE3-A172-E1E7863715DB}" = CCC Help Czech
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD1D0003-239E-D78B-0714-9EB950932861}" = CCC Help Japanese
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BCC34B21-6BEC-C785-D4EC-C323D73974D1}" = CCC Help Italian
"{BD185B24-9653-4C3E-EC62-2232D825E40C}" = CCC Help Danish
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE36E13E-6A81-9B81-F4AC-FB03465043FC}" = Catalyst Control Center Localization All
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4D2CC53-8327-740B-31B2-DE7B0CBF5CCC}" = ccc-core-static
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C71F947D-C500-4C00-AF0A-8B397A3F9DE5}" = HTC Sync
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{C7D00998-8CC9-C0E0-EFC0-8DB857D3749C}" = CCC Help English
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5192A10-F4FB-EC5C-CB00-41448A6664E2}" = CCC Help Greek
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22C1F3D-1B96-4A87-0419-58475A6BDD85}" = CCC Help Norwegian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EC584A7F-943B-0E0F-0112-C4CF47619E18}" = CCC Help Hungarian
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FF3357CE-5663-8C90-33E8-E04BD1BB69FF}" = CCC Help Swedish
"{FFB81EF3-CAB3-1A6F-D816-51079C4C057C}" = Catalyst Control Center Graphics Previews Common
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"AVG PC TuneUp" = AVG PC TuneUp
"Avira AntiVir Desktop" = Avira Free Antivirus
"conduitEngine" = Conduit Engine
"EasyBits Magic Desktop" = Magic Desktop
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"RegClean Pro_is1" = RegClean Pro
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Trillian" = Trillian
"Trojan Remover_is1" = Trojan Remover 6.8.6
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089303" = Build-a-Lot - The Elizabethan Era
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZoneAlarm Do Not Track Add-on_is1" = ZoneAlarm Do Not Track Add-on 2.2.5.1213
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
"ZumoDrive" = HP CloudDrive
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"RewardsArcade" = RewardsArcade
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Winamp Toolbar" = Winamp Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.05.2013 09:43:21 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0xa64 Startzeit der fehlerhaften Anwendung: 0x01ce49968161b10f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: bf7a2e5d-b589-11e2-8ab3-984be1b26acd
Error - 05.05.2013 09:43:26 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x1af4 Startzeit der fehlerhaften Anwendung: 0x01ce4996845cacbb Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: c2706f07-b589-11e2-8ab3-984be1b26acd
Error - 05.05.2013 09:43:30 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x2268 Startzeit der fehlerhaften Anwendung: 0x01ce499686ffc31e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: c4f8f826-b589-11e2-8ab3-984be1b26acd
Error - 05.05.2013 09:43:34 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x22dc Startzeit der fehlerhaften Anwendung: 0x01ce499689af35be Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: c7a49a28-b589-11e2-8ab3-984be1b26acd
Error - 05.05.2013 09:43:45 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x1d98 Startzeit der fehlerhaften Anwendung: 0x01ce49969044a3bc Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: ce37be2e-b589-11e2-8ab3-984be1b26acd
Error - 05.05.2013 09:43:50 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x1f58 Startzeit der fehlerhaften Anwendung: 0x01ce499692d36e83 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: d0c0203c-b589-11e2-8ab3-984be1b26acd
Error - 05.05.2013 09:43:54 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x22f4 Startzeit der fehlerhaften Anwendung: 0x01ce499695656da5 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: d3827ee4-b589-11e2-8ab3-984be1b26acd
Error - 05.05.2013 09:43:59 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x2378 Startzeit der fehlerhaften Anwendung: 0x01ce499698543423 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: d6463d21-b589-11e2-8ab3-984be1b26acd
Error - 05.05.2013 09:44:03 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x2054 Startzeit der fehlerhaften Anwendung: 0x01ce49969b07c584 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: d8f2c987-b589-11e2-8ab3-984be1b26acd
Error - 05.05.2013 09:44:08 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x1ab8 Startzeit der fehlerhaften Anwendung: 0x01ce49969da81cbc Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: db925d6c-b589-11e2-8ab3-984be1b26acd
[ Hewlett-Packard Events ]
Error - 04.11.2012 15:55:09 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 04.11.2012 15:55:09 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 04.11.2012 15:55:09 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 04.11.2012 15:55:09 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 17.11.2012 08:04:03 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 17.11.2012 08:04:14 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 19.11.2012 15:56:16 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. StackTrace: bei
HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 4043
Ram
Utilization: 70 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
Error - 19.11.2012 15:56:40 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. StackTrace: bei
HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 4043
Ram
Utilization: 70 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
Error - 19.11.2012 16:58:55 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()
bei HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()
bei HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
4043 Ram Utilization: 50 TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
GetAppliedUpdates()
Error - 19.11.2012 17:39:05 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. StackTrace: bei
HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 4043
Ram
Utilization: 50 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
[ HP Wireless Assistant Events ]
Error - 15.07.2012 14:52:44 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()
bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames()
bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 18.07.2012 05:48:54 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 19.07.2012 05:31:52 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Fehler beim Laden des Anbieters
bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)
bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)
bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 16.08.2012 02:32:01 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 20.02.2013 11:17:59 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 24.02.2013 04:14:16 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 10.04.2013 01:00:03 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 01.05.2013 15:21:22 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 05.05.2013 09:08:11 | Computer Name = Königskind-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Fehler in der Anwendung. bei HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 05.05.2013 09:08:12 | Computer Name = Königskind-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
[ System Events ]
Error - 05.05.2013 09:05:56 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peer Name Resolution-Protokoll" ist vom Dienst "Peernetzwerkidentitäts-Manager"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053
Error - 05.05.2013 09:06:30 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HP Support Assistant Service erreicht.
Error - 05.05.2013 09:06:30 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 05.05.2013 09:07:05 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HP Wireless Assistant Service erreicht.
Error - 05.05.2013 09:07:05 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Wireless Assistant Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 06.05.2013 15:01:39 | Computer Name = Königskind-HP | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 09.05.2013 17:28:53 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 09.05.2013 17:28:55 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753636.
Error - 09.05.2013 17:28:57 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 10.05.2013 14:28:05 | Computer Name = Königskind-HP | Source = DCOM | ID = 10010
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.05.2013 23:41:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*********\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,95 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 21,05% Memory free 7,90 Gb Paging File | 1,39 Gb Available in Paging File | 17,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 683,81 Gb Total Space | 622,78 Gb Free Space | 91,08% Space Free | Partition Type: NTFS Drive D: | 14,53 Gb Total Space | 1,79 Gb Free Space | 12,33% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 98,87 Mb Total Space | 88,60 Mb Free Space | 89,62% Space Free | Partition Type: FAT32 Computer Name: *******-HP | User Name: ********** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Königskind\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Königskind\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe (AVG) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Users\Königskind\AppData\Roaming\Spotify\Data\libcef.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Königskind\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU () MOD - C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\winamp.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Users\Königskind\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU () MOD - C:\Users\Königskind\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU () MOD - C:\Users\Königskind\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll () MOD - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () ========== Services (SafeList) ========== SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe File not found SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe () SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110628212436768&tb_oid=28-06-2011&tb_mrud=28-06-2011 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ZoneAlarm Search IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {DB52FACB-1AF9-44A2-A723-1803CC29F861} IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\..\SearchScopes\{B45794A0-63E5-4723-8BF2-6AD1914E67E1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=STT&o=102866&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=5N&apn_dtid=YYYYYYYYDE&apn_uid=3ec4707d-0b8c-4a1c-ac90-7cb52b253036&apn_sauid=28018C38-0892-4964-A78B-45A40EA2B2DC IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\..\SearchScopes\{DB52FACB-1AF9-44A2-A723-1803CC29F861}: "URL" = hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&q={searchTerms}&gu=95724a4bd665487a9374ee24eefb451d&tu=10GX0006o1B000c&sku=&tstsId=&ver=&&r=881 IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110628212436768&tb_oid=28-06-2011&tb_mrud=28-06-2011 IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "AOL Search" FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo" FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=winamp-ff&s_qt=sb&tb_uuid=20110628212436768&tb_oid=09-07-2011&tb_mrud=03-04-2013&query=" FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0 FF - prefs.js..extensions.enabledAddons: engine%40plasmoo.com:1.0.0.32 FF - prefs.js..extensions.enabledAddons: %7B800b5000-a755-47e1-992b-48a1c1357f07%7D:1.5.3 FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.15.0 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.18.0.7 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.2.0.1 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0 FF - prefs.js..extensions.enabledAddons: donottrack%40checkpoint.com:2.2.5.1213 FF - prefs.js..extensions.enabledAddons: %7B0b38152b-1b20-484d-a11f-5e04a9b0661f%7D:5.6.20.9397 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.9.20130409112616 FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.15.100013 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.02.28 13:20:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.02.28 13:20:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox [2012.01.04 23:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.25 11:26:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.02.14 14:40:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.19 23:14:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 00:10:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 00:10:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.25 11:26:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 00:10:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 00:10:16 | 000,000,000 | ---D | M] [2011.06.24 21:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Königskind\AppData\Roaming\mozilla\Extensions [2013.04.13 08:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions [2013.04.03 09:54:54 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2013.04.13 08:53:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.07.30 21:57:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.02.14 13:40:18 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.06.25 11:09:09 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012.04.12 14:29:45 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\2020Player_IKEA@2020Technologies.com [2013.02.26 22:35:34 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\donottrack@checkpoint.com [2011.07.07 20:31:22 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\engine@plasmoo.com [2013.02.26 22:35:33 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\ffxtlbr@zonealarm.com [2013.02.19 23:47:53 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\toolbar@ask.com [2012.08.23 14:03:26 | 000,101,863 | ---- | M] () (No name found) -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\extensions\ciuvo-extension@icq.de.xpi [2012.12.13 11:47:29 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.26 18:58:54 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\extensions\donottrack@checkpoint.com\chrome\content\ff\view_expiry.js [2013.04.03 09:55:08 | 000,002,533 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\aol-search.xml [2011.07.09 20:28:23 | 000,002,354 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\aol-web-search.xml [2013.05.13 09:36:42 | 000,002,402 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\askcom.xml [2011.10.05 11:35:46 | 000,000,931 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\conduit.xml [2013.05.07 18:12:53 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-1.xml [2012.07.21 00:36:50 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-10.xml [2012.08.01 00:40:34 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-11.xml [2012.08.31 22:17:16 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-12.xml [2012.09.14 14:43:43 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-13.xml [2012.11.15 10:48:26 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-14.xml [2012.11.15 11:54:23 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-15.xml [2012.11.24 22:35:15 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-16.xml [2013.02.14 13:41:11 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-17.xml [2013.02.15 12:54:04 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-18.xml [2013.02.19 23:47:32 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-19.xml [2011.08.21 20:56:22 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-2.xml [2013.02.28 15:21:22 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-20.xml [2013.03.22 17:41:31 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-21.xml [2013.04.25 08:02:00 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-22.xml [2011.09.09 20:47:57 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-3.xml [2011.09.15 13:08:39 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-4.xml [2011.10.12 14:18:50 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-5.xml [2012.01.13 21:28:08 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-6.xml [2012.03.23 21:45:19 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-7.xml [2012.04.19 11:47:45 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-8.xml [2012.06.25 11:09:11 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-9.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin.xml [2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\plasmoo.xml [2013.02.26 18:57:16 | 000,001,488 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\zonealarm.xml [2013.04.12 00:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 00:10:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.12 00:10:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.02.14 14:40:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.02.19 23:14:06 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1 File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\{0B38152B-1B20-484D-A11F-5E04A9B0661F} File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1} File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\{AB91EFD4-6975-4081-8552-1B3922ED79E2} File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\2020PLAYER_IKEA@2020TECHNOLOGIES.COM File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\DONOTTRACK@CHECKPOINT.COM File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\ENGINE@PLASMOO.COM File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\FFXTLBR@ZONEALARM.COM File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM [2013.04.12 00:10:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.02.14 17:24:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.19 23:14:07 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2013.02.14 17:24:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.14 17:24:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.14 17:24:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.14 17:24:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.14 17:24:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: Google CHR - Extension: No name found = C:\Users\Königskind\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.3.16\bh\zonealarm.dll (Montera Technologeis LTD) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (215 Apps) O2 - BHO: (ZoneAlarm Do Not Track) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll (Abine) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.3.16\zonealarmTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [Spotify] C:\Users\Königskind\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Königskind\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Königskind\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Königskind\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Königskind\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B984E03D-8074-41A4-84BD-8F8BB1D698D8}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1b93b3ae-7675-11e1-8c25-984be1b26acd}\Shell - "" = AutoRun O33 - MountPoints2\{1b93b3ae-7675-11e1-8c25-984be1b26acd}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.13 21:09:30 | 000,000,000 | ---D | C] -- C:\Users\Königskind\Documents\Simply Super Software [2013.05.13 21:09:30 | 000,000,000 | ---D | C] -- C:\Users\Königskind\AppData\Roaming\Simply Super Software [2013.05.13 21:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013.05.13 21:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2013.05.13 21:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.05.12 17:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.05.07 10:48:30 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.06 07:36:19 | 000,000,000 | ---D | C] -- C:\Users\Königskind\AppData\Local\{CBF809FA-2F04-4E35-BE33-1AA6D9BAA2F1} [2013.05.05 00:12:14 | 000,000,000 | ---D | C] -- C:\Users\Königskind\AppData\Local\{C17AE1A6-AC78-4345-8173-07C6862192B4} [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.13 23:53:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.13 23:15:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.13 21:09:24 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2013.05.13 20:34:19 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.13 20:34:19 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.13 20:34:19 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.13 20:34:19 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.13 20:34:19 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.13 20:30:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.13 15:02:35 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2013.05.13 15:01:11 | 000,001,426 | ---- | M] () -- C:\Users\Königskind\Desktop\Registry kostenlos entrümpeln!.lnk [2013.05.13 08:15:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.13 08:00:26 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.13 08:00:26 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.09 23:28:42 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys [2013.05.08 21:15:26 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job [2013.05.07 10:46:53 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.06 10:55:49 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.06 10:55:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.25 07:54:32 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKönigskind.job [2013.04.22 07:18:18 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKÖNIGSKIND-HP$.job [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.13 21:09:24 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.11.15 10:42:37 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.06.25 11:22:37 | 000,219,024 | ---- | C] () -- C:\Windows\hpoins47.dat [2012.06.25 11:22:37 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat [2011.08.04 21:08:47 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.19 23:53:05 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\AVG [2013.02.19 23:36:43 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\AVG2013 [2012.11.15 12:44:04 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\CheckPoint [2011.10.12 14:23:00 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\DVDVideoSoft [2011.07.07 20:31:21 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.24 21:59:49 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\HTC [2012.11.24 22:37:46 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.06.28 23:24:17 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\OpenCandy [2011.08.04 21:22:13 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\OpenOffice.org [2011.06.24 21:30:33 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\PictureMover [2013.05.13 21:09:30 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\Simply Super Software [2012.11.15 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\SoftGrid Client [2013.05.14 00:06:19 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\Spotify [2011.06.24 21:29:25 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\Synaptics [2012.07.21 09:23:30 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\Systweak [2011.08.04 21:09:26 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\TP [2012.01.04 23:27:53 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\Trillian [2013.02.19 23:14:12 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\TuneUp Software [2012.01.30 15:26:16 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\Windows Live Writer [2011.07.04 13:54:48 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report > |
|
13.05.2013, 23:40
| #4 |
| /// Helfer-Team | Mahnungsmail von Norton |
|
14.05.2013, 06:38
| #5 |
| | Mahnungsmail von Norton erledigt! --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 4240293888, free: 534315008 ------------ Kernel report ------------ 05/14/2013 00:50:24 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\kl1.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\avgrkx64.sys \SystemRoot\system32\DRIVERS\avgloga.sys \SystemRoot\system32\DRIVERS\avgmfx64.sys \SystemRoot\system32\DRIVERS\avgidsha.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\system32\DRIVERS\klif.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \??\C:\Windows\system32\drivers\avgtpx64.sys \SystemRoot\System32\Drivers\aswKbd.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\kl2.sys \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\DRIVERS\avgtdia.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\system32\DRIVERS\vsdatant.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avkmgr.sys \SystemRoot\system32\DRIVERS\avipbb.sys \SystemRoot\system32\DRIVERS\avgldx64.sys \SystemRoot\system32\DRIVERS\avgidsdrivera.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\system32\DRIVERS\igdpmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\netr28x.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \SystemRoot\system32\DRIVERS\avgntflt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\monitor.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8006c36060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa80050bf050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor Initialization returned 0x0 Load Function returned 0x0 Downloaded database version: v2013.05.13.08 Downloaded database version: v2013.05.07.01 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8006c36060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006ad39d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006c36060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80050bf050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00a9ba5f0, 0xfffffa8006c36060, 0xfffffa800902d790 Lower DeviceData: 0xfffff8a00bb669a0, 0xfffffa80050bf050, 0xfffffa800b9fbe40 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: FBCCF9BA Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 1434046464 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1434456064 Numsec = 30480384 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1464936448 Numsec = 210672 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Performing system, memory and registry scan... Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} --> [PUP.RewardsArcade] Infected: c:\Program Files (x86)\RewardsArcade\RewardsArcade.dll --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E788D914-2C76-4D67-A8CD-ECC7ED0D0748} --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{F30C03B4-104E-4FD4-842B-B9E9F52ED415} --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E788D914-2C76-4D67-A8CD-ECC7ED0D0748} --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F30C03B4-104E-4FD4-842B-B9E9F52ED415} --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\CLASSES\RewardsArcade.FBApi.1 --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\CLASSES\RewardsArcade.FBApi --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\RewardsArcade.FBApi --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\RewardsArcade.FBApi.1 --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BDA89DCD-8B25-48c7-B1E2-07CA622E0CA8} --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\CLASSES\RewardsArcade.Sandbox.1 --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\CLASSES\RewardsArcade.Sandbox --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\RewardsArcade.Sandbox --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\RewardsArcade.Sandbox.1 --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\CLASSES\RewardsArcade.BHO.1 --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{597A9974-8CB0-4F41-B61F-ED065738A397} --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\CLASSES\RewardsArcade.BHO --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\RewardsArcade.BHO --> [PUP.RewardsArcade] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\RewardsArcade.BHO.1 --> [PUP.RewardsArcade] Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{597A9974-8CB0-4F41-B61F-ED065738A397} --> [PUP.RewardsArcade] Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{597A9974-8CB0-4F41-B61F-ED065738A397} --> [PUP.RewardsArcade] Infected: c:\Program Files (x86)\RewardsArcade\fb.js --> [PUP.RewardsArcade] Infected: c:\Program Files (x86)\RewardsArcade --> [PUP.RewardsArcade] Infected: c:\Program Files (x86)\RewardsArcade\appAPIinternalWrapper.js --> [PUP.RewardsArcade] Infected: c:\Program Files (x86)\RewardsArcade\jquery.js --> [PUP.RewardsArcade] Infected: c:\Program Files (x86)\RewardsArcade\json.js --> [PUP.RewardsArcade] Infected: c:\Program Files (x86)\RewardsArcade\RewardsArcade.exe --> [PUP.RewardsArcade] Infected: c:\Program Files (x86)\RewardsArcade\Uninstall.exe --> [PUP.RewardsArcade] Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RewardsArcade --> [PUP.RewardsArcade] Infected: c:\Program Files (x86)\RewardsArcade\UserConfirmation.exe --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498 --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\uninstall.ico --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Chrome --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\install.rdf --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\defaults --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\locale --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\locale\en-US --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css --> [PUP.RewardsArcade] Infected: c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\update.css --> [PUP.RewardsArcade] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 4240293888, free: 2367803392 Removal queue found; removal started Removing c:\Program Files (x86)\RewardsArcade\RewardsArcade.dll... Removing c:\Program Files (x86)\RewardsArcade\fb.js... Removing c:\Program Files (x86)\RewardsArcade... Removing c:\Program Files (x86)\RewardsArcade\appAPIinternalWrapper.js... Removing c:\Program Files (x86)\RewardsArcade\jquery.js... Removing c:\Program Files (x86)\RewardsArcade\json.js... Removing c:\Program Files (x86)\RewardsArcade\RewardsArcade.exe... Removing c:\Program Files (x86)\RewardsArcade\Uninstall.exe... Removing c:\Program Files (x86)\RewardsArcade\UserConfirmation.exe... Removing c:\Users\Königskind\AppData\Local\RewardsArcade... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\uninstall.ico... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Chrome... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\install.rdf... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\defaults... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\locale... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\locale\en-US... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css... Removing c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\update.css... Removal finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 4240293888, free: 1376759808 ------------ Kernel report ------------ 05/14/2013 07:12:30 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\kl1.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\avgrkx64.sys \SystemRoot\system32\DRIVERS\avgloga.sys \SystemRoot\system32\DRIVERS\avgmfx64.sys \SystemRoot\system32\DRIVERS\avgidsha.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\system32\DRIVERS\klif.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \??\C:\Windows\system32\drivers\avgtpx64.sys \SystemRoot\System32\Drivers\aswKbd.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\kl2.sys \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\DRIVERS\avgtdia.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\system32\DRIVERS\vsdatant.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avkmgr.sys \SystemRoot\system32\DRIVERS\avipbb.sys \SystemRoot\system32\DRIVERS\avgldx64.sys \SystemRoot\system32\DRIVERS\avgidsdrivera.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\system32\DRIVERS\igdpmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\netr28x.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \SystemRoot\system32\DRIVERS\avgntflt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8006c36060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa80050c8050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor Initialization returned 0x0 Load Function returned 0x0 Downloaded database version: v2013.05.13.09 Downloaded database version: v2013.05.14.01 Downloaded database version: v2013.05.13.01 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8006c36060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006c36b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006c36060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80050c8050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a0109831d0, 0xfffffa8006c36060, 0xfffffa8009d65500 Lower DeviceData: 0xfffff8a009eccb10, 0xfffffa80050c8050, 0xfffffa800a4243a0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: FBCCF9BA Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 1434046464 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1434456064 Numsec = 30480384 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1464936448 Numsec = 210672 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Performing system, memory and registry scan... Done! Scan finished ======================================= und jetzt? |
|
14.05.2013, 11:12
| #6 |
| /// Helfer-Team | Mahnungsmail von Norton bitte das richtige Logfile posten! Siehe Anleitung! Bitte an die Reihenfolge halten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ --> Mahnungsmail von Norton |
|
14.05.2013, 13:55
| #7 |
| | Mahnungsmail von Norton AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 14/05/2013 um 14:48:21 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Königskind - KÖNIGSKIND-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Königskind\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : vToolbarUpdater14.2.0
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\KNIGSK~1\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\searchplugins\aol-web-search.xml
Datei Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\searchplugins\plasmoo.xml
Datei Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\searchplugins\zonealarm.xml
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\Advanced System Protector
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Software Update Utility
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Winamp Toolbar
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Ordner Gelöscht : C:\ProgramData\Winamp Toolbar
Ordner Gelöscht : C:\Users\KNIGSK~1\AppData\Local\Temp\Conduit
Ordner Gelöscht : C:\Users\KNIGSK~1\AppData\Local\Temp\CT2269050
Ordner Gelöscht : C:\Users\Königskind\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Königskind\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Königskind\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Königskind\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Königskind\AppData\Local\Winamp Toolbar
Ordner Gelöscht : C:\Users\Königskind\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Königskind\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Königskind\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Königskind\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Königskind\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Königskind\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Königskind\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\ConduitCommon
Ordner Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\CT2269050
Ordner Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Ordner Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\engine@plasmoo.com
Ordner Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\WinampToolbarData
Ordner Gelöscht : C:\Users\Königskind\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RewardsArcade
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{919B1701-58BF-46FB-9010-C83BADBD3B05}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{919B1701-58BF-46FB-9010-C83BADBD3B05}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\Software\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{919B1701-58BF-46FB-9010-C83BADBD3B05}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F872579-AEAC-4FAA-8758-DAF1C7181D9A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9313B84F-3303-4066-A500-0A69D7A80B80}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1FBCDF8-9314-42EF-8B68-4AAFA75B4178}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\prefs.js
C:\Users\Königskind\AppData\Roaming\Mozilla\Firefox\Profiles\7rrm6a6g.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.AppTrackingLastCheckTime", "Mon Feb 04 2013 22:15:21 GMT+0100");
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129705015340022508", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_130100683276316706", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true);
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "14-5-2013");
Gelöscht : user_pref("CT2269050.DSChangedManually", false);
Gelöscht : user_pref("CT2269050.DSInstall", true);
Gelöscht : user_pref("CT2269050.DSProtectChoice", true);
Gelöscht : user_pref("CT2269050.DSProtectCount", 2);
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Tue May 14 2013 07:09:55 GMT+0200");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Tue May 14 2013 14:47:23 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "7-11-2011");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.HPChangedManually", false);
Gelöscht : user_pref("CT2269050.HPInstall", false);
Gelöscht : user_pref("CT2269050.HPProtectChoice", true);
Gelöscht : user_pref("CT2269050.HPProtectCount", 5);
Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2269050.HomePageProtectorEnabled", true);
Gelöscht : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=[...]
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Mon Nov 07 2011 13:47:45 GMT+0100");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsInitSetupIni", true);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.IsProtectorsInit", true);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Tue May 14 2013 07:09:59 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_3.10.0.1", "Fri May 11 2012 19:54:46 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Fri Jun 15 2012 13:41:10 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Sat Jun 30 2012 22:07:03 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Mon Aug 27 2012 13:34:37 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Wed Nov 14 2012 22:42:21 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.100", "Tue Feb 12 2013 10:16:11 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.3", "Sat Jan 05 2013 20:42:57 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.18.0.7", "Tue May 14 2013 14:47:25 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.7.0.6", "Fri Nov 11 2011 14:46:37 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.8.0.8", "Tue Dec 06 2011 23:12:50 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.8.1.0", "Fri Jan 13 2012 20:07:32 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.9.0.3", "Fri Feb 17 2012 13:36:16 GMT+0100");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.18.0.7");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2269050.OriginalFirstVersion", "3.7.0.6");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Tue May 14 2013 07:09:55 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://start.icq.com/");
Gelöscht : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Gelöscht : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Tue May 14 2013 07:09:53 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2269050.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Tue May 14 2013 07:09:59 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Tue May 14 2013 14:47:22 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1368519170");
Gelöscht : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Apr 25 2013 08:02:13 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
Gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2269050.UserID", "UN92266401083529346");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Tue May 14 2013 14:31:54 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E2025203[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "2423");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6B6A6E746D747578");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737170747A737A7B7E242F4B4947[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "696C406B3F6D43717A7348457B20774B4D77257A2352522A21[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b/556,bi5a>g", "6E6D6C6F6C6D6C6E6F6F787975");
Gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6C673E3D73726D737A7448727776487A4B4A507D7B");
Gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B6A6E746D74767174737B");
Gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2269050.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gelöscht : user_pref("CT2269050.backendstorage.autocompletepro_enable", "31");
Gelöscht : user_pref("CT2269050.backendstorage.autocompletepro_enable_auto", "31");
Gelöscht : user_pref("CT2269050.backendstorage.cb_experience_000", "323831");
Gelöscht : user_pref("CT2269050.backendstorage.cb_firstuse0100", "31");
Gelöscht : user_pref("CT2269050.backendstorage.cb_user_id_000", "43423133343838383630343035325F46697265666F78")[...]
Gelöscht : user_pref("CT2269050.backendstorage.cbcountry_001", "4445");
Gelöscht : user_pref("CT2269050.backendstorage.cbfirsttime", "547565204F637420313620323031322031323A33303A30312[...]
Gelöscht : user_pref("CT2269050.backendstorage.cbopenmamsettings", "30");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050ads1", "25374225323261647325323225334125354225374225323[...]
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050current_term", "726F626572742B70617474696E736F6E");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050isadsdisabled", "66616C7365");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050sdate", "3239");
Gelöscht : user_pref("CT2269050.backendstorage.hxxp://storage_conduit_com/marketplace/83/6d/8399d181-be98-42f2-[...]
Gelöscht : user_pref("CT2269050.backendstorage.hxxp://storage_conduit_com/marketplace/83/6d/8399d181-be98-42f2-[...]
Gelöscht : user_pref("CT2269050.backendstorage.hxxp://www_pricesparrow_com.pricesparrowstatus", "64697361626C65[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_easytobook", "6F6E");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstatereporttime", "31333638353334373236313336");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B22[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_currentversion", "312E342E342E36");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_first_time", "31");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_lastlogintime", "31333638353334373236313338");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C69637[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A227375636365656465[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_showclosebutton", "74727565");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_userid", "32363061393563372D353530632D343937632D613238662[...]
Gelöscht : user_pref("CT2269050.backendstorage.pg_enable", "74727565");
Gelöscht : user_pref("CT2269050.backendstorage.searchappstate", "33");
Gelöscht : user_pref("CT2269050.backendstorage.searchapptracking", "31");
Gelöscht : user_pref("CT2269050.backendstorage.sf_just_installed", "46414C5345");
Gelöscht : user_pref("CT2269050.backendstorage.sf_status", "454E41424C4544");
Gelöscht : user_pref("CT2269050.backendstorage.sf_user_id", "6369645F323534323031333833323431303433353831");
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "547565204F637420313620323031322030383A[...]
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Gelöscht : user_pref("CT2269050.backendstorage.url_history0001", "687474703A2F2F7777772E74726F6A616E65722D626F6[...]
Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Sun May 05 2013 15:08:17 GMT+0200");
Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.initDone", true);
Gelöscht : user_pref("CT2269050.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2269050.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129466585399606892,129[...]
Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.testingCtid", "");
Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Tue May 14 2013 07:09:55 GMT+0200");
Gelöscht : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Thu May 09 2013 23:34:23 GMT+0200");
Gelöscht : user_pref("CT2269050.usagesFlag", 2);
Gelöscht : user_pref("CT2613550..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2613550.CTID", "ct2613550");
Gelöscht : user_pref("CT2613550.CurrentServerDate", "15-11-2012");
Gelöscht : user_pref("CT2613550.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2613550.DialogsGetterLastCheckTime", "Thu Nov 15 2012 09:48:58 GMT+0100");
Gelöscht : user_pref("CT2613550.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2613550.EMailNotifierPollDate", "Thu Nov 15 2012 10:29:08 GMT+0100");
Gelöscht : user_pref("CT2613550.FirstServerDate", "25-8-2011");
Gelöscht : user_pref("CT2613550.FirstTime", true);
Gelöscht : user_pref("CT2613550.FirstTimeFF3", true);
Gelöscht : user_pref("CT2613550.FixPageNotFoundErrors", false);
Gelöscht : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2613550.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2613550.Initialize", true);
Gelöscht : user_pref("CT2613550.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2613550.InstalledDate", "Thu Aug 25 2011 21:15:45 GMT+0200");
Gelöscht : user_pref("CT2613550.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2613550.IsGrouping", false);
Gelöscht : user_pref("CT2613550.IsInitSetupIni", true);
Gelöscht : user_pref("CT2613550.IsMulticommunity", false);
Gelöscht : user_pref("CT2613550.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2613550.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2613550.LanguagePackLastCheckTime", "Sat Aug 27 2011 21:50:51 GMT+0200");
Gelöscht : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2613550.LastLogin_3.10.0.1", "Thu Apr 19 2012 11:39:05 GMT+0200");
Gelöscht : user_pref("CT2613550.LastLogin_3.12.0.7", "Sat May 12 2012 13:16:43 GMT+0200");
Gelöscht : user_pref("CT2613550.LastLogin_3.12.2.3", "Fri Jun 15 2012 20:17:26 GMT+0200");
Gelöscht : user_pref("CT2613550.LastLogin_3.13.0.6", "Wed Jul 18 2012 20:44:48 GMT+0200");
Gelöscht : user_pref("CT2613550.LastLogin_3.14.1.0", "Mon Aug 27 2012 06:01:53 GMT+0200");
Gelöscht : user_pref("CT2613550.LastLogin_3.15.1.0", "Wed Nov 14 2012 21:12:39 GMT+0100");
Gelöscht : user_pref("CT2613550.LastLogin_3.16.0.3", "Thu Nov 15 2012 09:48:57 GMT+0100");
Gelöscht : user_pref("CT2613550.LastLogin_3.6.0.10", "Sat Sep 24 2011 21:27:21 GMT+0200");
Gelöscht : user_pref("CT2613550.LastLogin_3.7.0.6", "Fri Nov 11 2011 20:14:06 GMT+0100");
Gelöscht : user_pref("CT2613550.LastLogin_3.8.0.8", "Tue Dec 06 2011 20:22:26 GMT+0100");
Gelöscht : user_pref("CT2613550.LastLogin_3.8.1.0", "Fri Jan 20 2012 13:29:09 GMT+0100");
Gelöscht : user_pref("CT2613550.LastLogin_3.9.0.3", "Tue Mar 13 2012 06:15:59 GMT+0100");
Gelöscht : user_pref("CT2613550.LatestVersion", "3.16.0.3");
Gelöscht : user_pref("CT2613550.Locale", "de-de");
Gelöscht : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2613550.OriginalFirstVersion", "3.6.0.10");
Gelöscht : user_pref("CT2613550.RadioIsPodcast", false);
Gelöscht : user_pref("CT2613550.RadioMediaID", "8546");
Gelöscht : user_pref("CT2613550.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546");
Gelöscht : user_pref("CT2613550.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2613550.RadioStationName", "Radio%208");
Gelöscht : user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u");
Gelöscht : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Gelöscht : user_pref("CT2613550.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2613550.SearchInNewTabLastCheckTime", "Thu Aug 25 2011 21:15:46 GMT+0200");
Gelöscht : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2613550.ServiceMapLastCheckTime", "Thu Nov 15 2012 09:48:51 GMT+0100");
Gelöscht : user_pref("CT2613550.SettingsLastCheckTime", "Thu Aug 25 2011 21:15:43 GMT+0200");
Gelöscht : user_pref("CT2613550.SettingsLastUpdate", "1313417096");
Gelöscht : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Thu Aug 25 2011 21:15:42 GMT+0200");
Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255344657");
Gelöscht : user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
Gelöscht : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2613550.UserID", "UN66958939269916624");
Gelöscht : user_pref("CT2613550.ValidationData_Toolbar", 0);
Gelöscht : user_pref("CT2613550.WeatherNetwork", "");
Gelöscht : user_pref("CT2613550.WeatherPollDate", "Thu Nov 15 2012 10:19:09 GMT+0100");
Gelöscht : user_pref("CT2613550.WeatherUnit", "C");
Gelöscht : user_pref("CT2613550.alertChannelId", "1006347");
Gelöscht : user_pref("CT2613550.components.1000082", true);
Gelöscht : user_pref("CT2613550.components.1000234", true);
Gelöscht : user_pref("CT2613550.ct2613550.AppTrackingLastCheckTime", "Wed Jun 20 2012 22:48:46 GMT+0200");
Gelöscht : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2613550.ct2613550.InvalidateCache", false);
Gelöscht : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Thu Nov 15 2012 06:35:43 GMT+0100");
Gelöscht : user_pref("CT2613550.ct2613550.Locale", "de-de");
Gelöscht : user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Wed Nov 14 2012 20:45:56 GMT+0100");
Gelöscht : user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0");
Gelöscht : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Thu Nov 15 2012 09:48:58 GMT+0100");
Gelöscht : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Thu Nov 15 2012 09:48:55 GMT+0100");
Gelöscht : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1352142245");
Gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Thu Nov 15 2012 09:48:52 GMT+0100");
Gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1331806000");
Gelöscht : user_pref("CT2613550.ct2613550.globalFirstTimeInfoLastCheckTime", "Thu Nov 15 2012 09:48:58 GMT+0100[...]
Gelöscht : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Thu Nov 15 2012 09:48:58 GMT+0100"[...]
Gelöscht : user_pref("CT2613550.ct2613550.toolbarContextMenuLastCheckTime", "Thu Nov 15 2012 09:48:58 GMT+0100"[...]
Gelöscht : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2613550.globalFirstTimeInfoLastCheckTime", "Sat Aug 27 2011 20:11:46 GMT+0200");
Gelöscht : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2613550.initDone", true);
Gelöscht : user_pref("CT2613550.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2613550.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2613550.myStuffEnabled", true);
Gelöscht : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2613550.oldAppsList", "129171076488700693,129171076488856944,111,129171076488856945,129[...]
Gelöscht : user_pref("CT2613550.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2613550.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2613550.testingCtid", "");
Gelöscht : user_pref("CT2613550.toolbarAppMetaDataLastCheckTime", "Thu Aug 25 2011 21:15:44 GMT+0200");
Gelöscht : user_pref("CT2613550.toolbarContextMenuLastCheckTime", "Thu Aug 25 2011 21:15:46 GMT+0200");
Gelöscht : user_pref("CT2613550.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...]
Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "ZoneAlarm-Sicherheit Customized Web Search,DVDVideo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1006347/1002062/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2613550", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2613550&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2613550&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"bc1[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Königskind\\AppData\\Roaming\\Mozil[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/index.htm?SearchMashi[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2613550,CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550,CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2613550,CT2269050");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Apr 22 2012 20:37:11 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "7fad3c48-5438-44a1-8cc0-7edfcec54042");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 14 2013 07:09:5[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue May 14 2013 07:10:03 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 14 2013 07:09:55 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "a8323fe1-ed22-4fa8-87e1-01ec0db1da04");
Gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://start.icq.com/");
Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Gelöscht : user_pref("aol_toolbar.surf.date", "65");
Gelöscht : user_pref("aol_toolbar.surf.lastDate", "14");
Gelöscht : user_pref("aol_toolbar.surf.lastMonth", "4");
Gelöscht : user_pref("aol_toolbar.surf.lastYear", "2013");
Gelöscht : user_pref("aol_toolbar.surf.month", "494");
Gelöscht : user_pref("aol_toolbar.surf.prevMonth", "2809");
Gelöscht : user_pref("aol_toolbar.surf.total", "44547");
Gelöscht : user_pref("aol_toolbar.surf.week", "65");
Gelöscht : user_pref("aol_toolbar.surf.year", "9908");
Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13")[...]
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Plasmoo");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&i[...]
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Gelöscht : user_pref("extensions.asktb.abar-war-timeout", "4000");
Gelöscht : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Gelöscht : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Gelöscht : user_pref("extensions.asktb.cbid", "5N");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.crumb", "2011.07.21+12.29.09-toolbar009iad-DE-RHVzc2VsZG9yZixHZXJtYW55")[...]
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gelöscht : user_pref("extensions.asktb.displaybehavior", "");
Gelöscht : user_pref("extensions.asktb.displaytext", "");
Gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Gelöscht : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0028");
Gelöscht : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://slirsredirect.search.aol.com/redirecto[...]
Gelöscht : user_pref("extensions.asktb.ff19-config-first-run", "true");
Gelöscht : user_pref("extensions.asktb.first-launch-url", "hxxp://www.avg.de/de.pc-tuneup-fix-errors-tr-0?A=bjZ[...]
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "3ec4707d-0b8c-4a1c-ac90-7cb52b253036");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "first");
Gelöscht : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1368508192242");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.location", "Dusseldorf,Germany");
Gelöscht : user_pref("extensions.asktb.lstation", "");
Gelöscht : user_pref("extensions.asktb.new-tab-opt-out", true);
Gelöscht : user_pref("extensions.asktb.news-native-on", true);
Gelöscht : user_pref("extensions.asktb.o", "102866");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.pstate", "");
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "19");
Gelöscht : user_pref("extensions.asktb.sa", "YES");
Gelöscht : user_pref("extensions.asktb.saguid", "28018C38-0892-4964-A78B-45A40EA2B2DC");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.socialmini-speed", "5000");
Gelöscht : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.timeinstalled", "13.09.2012 22:06:21");
Gelöscht : user_pref("extensions.asktb.to", "");
Gelöscht : user_pref("extensions.asktb.v", "3.15.15.100013");
Gelöscht : user_pref("extensions.asktb.version", "5.15.15.35882");
Gelöscht : user_pref("extensions.asktb.volume", "");
Gelöscht : user_pref("extensions.enabledAddons", "2020Player_IKEA%402020Technologies.com:5.0.94.0,engine%40plas[...]
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.defSearchChange", true);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.facebookSmilesAddonShowedPopup", true);
Gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1368135265);
Gelöscht : user_pref("icqtoolbar.history", "long%20beanie%20damen||zimtstern%20kleidung||nuby%20produkte%20in%2[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1343678261");
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "20.0.1");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "131343379413134340341313702560681");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1368508196);
Gelöscht : user_pref("icqtoolbar.userEngineApproved", true);
Gelöscht : user_pref("icqtoolbar.version", "1.5.3");
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", true);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=[...]
Gelöscht : user_pref("plasmoo.search.engine.prevkeywordurl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaultenginename", "Ask.com");
Gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaultthisenginename", "DVDVideoSoftTB Customized Web Se[...]
Gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?c[...]
Gelöscht : user_pref("plasmoo.search.engine.prevsearchselectedengine", "Ask.com");
Gelöscht : user_pref("plasmoo.search.engine.prevstartuphomepage", "hxxp://search.conduit.com/?ctid=CT2269050&Se[...]
Gelöscht : user_pref("plasmoo.search.engine.status", "INSTALLED");
Gelöscht : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]
Gelöscht : user_pref("winamp_toolbar.cookie.homepage", "");
Gelöscht : user_pref("winamp_toolbar.cookie.search", "");
Gelöscht : user_pref("winamp_toolbar.curtain.congrats", "none");
Gelöscht : user_pref("winamp_toolbar.default.homepage.check", false);
Gelöscht : user_pref("winamp_toolbar.default.search.check", true);
Gelöscht : user_pref("winamp_toolbar.default.search.label", "AOL Search");
Gelöscht : user_pref("winamp_toolbar.default.search.url", "hxxp://search.winamp.com/search/search?query={search[...]
Gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.guid", "{EAF19BEC-BB78-7AA9-3B4B-9A8937DEDB08}");
Gelöscht : user_pref("winamp_toolbar.homepageprotection.enabled", false);
Gelöscht : user_pref("winamp_toolbar.install.distroid", "");
Gelöscht : user_pref("winamp_toolbar.install.homepage.label", "AOL.com");
Gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.20.9397");
Gelöscht : user_pref("winamp_toolbar.install.lid", "");
Gelöscht : user_pref("winamp_toolbar.install.mtmhp", "");
Gelöscht : user_pref("winamp_toolbar.install.ncid", "");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "14");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "4");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2013");
Gelöscht : user_pref("winamp_toolbar.metrics.log", false);
Gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "9");
Gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "18");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "28");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "7");
Gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "19");
Gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2011");
Gelöscht : user_pref("winamp_toolbar.relatednews.enabled", false);
Gelöscht : user_pref("winamp_toolbar.remote..xml", "1368535645048");
Gelöscht : user_pref("winamp_toolbar.remote.publish.xml", "1368508185698");
Gelöscht : user_pref("winamp_toolbar.reset.flag", "1");
Gelöscht : user_pref("winamp_toolbar.reset.style", "A");
Gelöscht : user_pref("winamp_toolbar.resetprompt.daily.num", "1");
Gelöscht : user_pref("winamp_toolbar.resetprompt.daily.timestamp", "Fri Feb 15 2013 11:54:13 GMT+0100");
Gelöscht : user_pref("winamp_toolbar.resetprompt.display.limit", "8");
Gelöscht : user_pref("winamp_toolbar.search.button", true);
Gelöscht : user_pref("winamp_toolbar.search.cid", "03-04-2013");
Gelöscht : user_pref("winamp_toolbar.search.instd", "20110628212436768");
Gelöscht : user_pref("winamp_toolbar.search.oid", "09-07-2011");
Gelöscht : user_pref("winamp_toolbar.search.placement", "left");
Gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
Gelöscht : user_pref("winamp_toolbar.search.savehistory", false);
Gelöscht : user_pref("winamp_toolbar.search.searchtype", "web");
Gelöscht : user_pref("winamp_toolbar.search.source", "winamp-ff");
Gelöscht : user_pref("winamp_toolbar.searchengine.label", "AOL Search");
Gelöscht : user_pref("winamp_toolbar.searchprotection.enabled", false);
Gelöscht : user_pref("winamp_toolbar.skin.custom", true);
Gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.weather.degc", "7");
Gelöscht : user_pref("winamp_toolbar.weather.degf", "45");
Gelöscht : user_pref("winamp_toolbar.weather.image", "chrome://winamptoolbar/skin/weather/34.png");
Gelöscht : user_pref("winamp_toolbar.weather.locationid", "USNY0996");
Gelöscht : user_pref("winamp_toolbar.weather.metric", true);
Gelöscht : user_pref("winamp_toolbar.weather.tooltip", "New York , NY : Mostly Sunny");
Gelöscht : user_pref("winamp_toolbar.weather.update", "1368535645049");
Gelöscht : user_pref("winamp_toolbar.winamp.appversion", "1");
Gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Gelöscht : user_pref("winamp_toolbar.winamp.button.focus", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.forward", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.open", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.pause", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.play", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.rewind", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.stop", false);
Gelöscht : user_pref("winamp_toolbar.winamp.button.volume", true);
Gelöscht : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");
Gelöscht : user_pref("winamp_toolbar.winamp.ticker.show", true);
Gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.volume", "200");
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Königskind\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [81548 octets] - [14/05/2013 14:46:15]
AdwCleaner[S1].txt - [79050 octets] - [14/05/2013 14:48:21]
########## EOF - C:\AdwCleaner[S1].txt - [79111 octets] ##########
habe jetzt nochmal mit otl.exe gescannt bekomme aber keine logfiles. wo finde ich die? gestern öffneten die sich automatisch. heute nicht. |
|
14.05.2013, 14:21
| #8 |
| | Mahnungsmail von Norton wer lesen und gucken kann ist klar im vorteil! ;-)OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.05.2013 14:58:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Königskind\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,95 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 31,37% Memory free
7,90 Gb Paging File | 4,30 Gb Available in Paging File | 54,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683,81 Gb Total Space | 624,85 Gb Free Space | 91,38% Space Free | Partition Type: NTFS
Drive D: | 14,53 Gb Total Space | 1,79 Gb Free Space | 12,33% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 98,87 Mb Total Space | 88,60 Mb Free Space | 89,62% Space Free | Partition Type: FAT32
Computer Name: KÖNIGSKIND-HP | User Name: Königskind | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-4076678780-3420807333-394965083-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08EE70A8-5CCF-4C25-B3D6-4EB68A6CCE6F}" = lport=138 | protocol=17 | dir=in | app=system |
"{1FCE72C0-12D1-4966-907A-E42BD621F2D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{26531078-B765-49C2-9666-9A788BEA9403}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2987494A-5842-43A0-857E-B12842247701}" = lport=139 | protocol=6 | dir=in | app=system |
"{314D8E71-7FC3-49E8-A7BB-F13890156B5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31CCE939-ED31-4EE3-9880-715E6077379A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3774D691-F084-41E8-AD87-FFC2419FD66D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3EBBCC5A-8A3E-49CD-BF83-E3FE3A7602FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50FFC4ED-CCDB-4AAC-BDC2-EA2562B579A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57827288-0C8C-4F6A-BB70-C2F83E3F68DA}" = rport=139 | protocol=6 | dir=out | app=system |
"{5FB93D15-3647-48CF-BA4B-BB9FBC4E55BC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7C12BDFE-AF60-4CE1-B44F-A1A5A2A81AEF}" = rport=138 | protocol=17 | dir=out | app=system |
"{7EEBA00E-6080-42DE-91FF-E55B648B9437}" = lport=137 | protocol=17 | dir=in | app=system |
"{830C094F-C308-4AE7-976E-B7C43A85BCD3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{838BD8F5-9A7D-4074-9972-DF80AD309B80}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89A97ACB-D9FE-47EB-BD38-15B92D1A4503}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95317372-84AF-4013-9CE0-5A237175D17B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A17DC791-7D20-44FD-B176-6739D917A9E5}" = rport=445 | protocol=6 | dir=out | app=system |
"{BDFA92E3-B2C4-4AB1-B8D3-36CF53F4452F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2D02F6B-A65A-4A4E-BCEE-00354D5D5085}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2D2FCC2-1878-4815-9CE8-EED276C5D2F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D130A471-C031-4B02-8DF9-89A348392C91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F11DFD3A-8B13-4C79-97F3-3410582A6714}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9629B89-1A24-41A8-8047-D2277667988A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FFA80403-5601-423F-B960-E176EBBEF0DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001B7C16-EE99-43EA-A707-51D1920555E9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{018B5550-C2D2-4A85-8AF8-17C527080DEB}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{022C29B8-D463-4F05-B994-92D73509790B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{06F2C796-983E-4CA0-9213-00932869156D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07F48220-5AAD-4314-9A06-574DC48ED0C1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{08DDCF70-8120-48AF-9E3E-EE7C3C17E7A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{121B346D-B8D5-434C-A600-31506C9468B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1227D280-162C-4D18-B3CF-6F394A3A2B86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{161DDFFE-81E4-42D2-81D0-5D904EFAD0A3}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{198135B9-25C6-461C-8CE8-493615F0BCAB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1A763CD7-82E8-49BC-891E-08E9D93590A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{242E4705-A308-4498-B7F4-A6D3F90654FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B129D76-E223-485C-8399-DAC7B35666D3}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{2E7C2E16-B380-4B7E-B080-46D8E00A2ABA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3256CD5A-BDE4-4519-8461-814286E0C95E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{3962EA06-7F4F-438F-8B68-EEE7C9CB8961}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{398DE387-CEBD-4748-86A8-56E30037D0DC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3AE85D04-7E5A-4E0B-BAA0-4956E039035E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{3CC0B62C-BE71-4978-B2C8-BB8305AD7AC4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3D6603FC-EE29-42E2-9E74-73A98B1D3D2E}" = protocol=6 | dir=in | app=c:\users\königskind\appdata\local\temp\7zs62fb\hpdiagnosticcoreui.exe |
"{40CF338C-EB9B-458E-BA36-48F377EE86B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{40F0DC15-58FC-4790-91BA-1B805B1429BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{41654C6A-07B7-4920-980A-EE402EB33B0B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{5230F3EC-1A41-4756-87F2-D1FAEF175155}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{5FD502C4-BC81-45DF-9C3F-4AC81EAE7C36}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{6931D7FA-7A0E-450D-8C82-E5F1766FEEA3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{6DB2DF5B-FC8C-4056-80F9-38F614693569}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{7235F566-9A59-45C6-AC73-38F23173E8FD}" = protocol=6 | dir=out | app=system |
"{7F733D03-E4E9-467B-9E39-1F80B9B1EA09}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F76C8E6-D3A9-48AC-A186-BBB60CFCA235}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{82391602-FFF2-4D9B-B8B5-83C3033EEB2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{859BE05D-86F7-4681-879D-E62BFBA982AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{86804ADF-2050-4C1B-870C-35667D7B6616}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89229185-A4C0-4213-99B7-715ECD409569}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{8DE84CFB-4E2D-48A0-B8D7-23DD648E3F64}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{9864A5B5-C758-4CBF-BDA8-4135325BC730}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{9917E7E1-6DDD-4744-8263-9FD06E4777BE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9F0D289F-9143-4A98-82FF-8BFF49BF9C9B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A69CB629-D11D-463C-B688-265D727DE497}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{AB66B8DA-4A6F-46DB-9624-9241F5E4E961}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC57B777-0E03-4822-8E3A-9DEF28841EC9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1A3823E-CFC8-4253-A53B-C72372C904F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DD122990-66A1-4185-AB41-642E9E8E099F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DE769015-6999-4A52-B86A-945A18AF1AE3}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{E2DECE6B-F5DA-46D0-A701-DF14BC78CE98}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{E7314E6B-A6E6-4F6A-B058-98D22D0EC721}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{F0E8B66B-0102-4FE9-BF08-04329009EED0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F40A7290-061C-4D8F-919C-797D0D4F00F5}" = protocol=17 | dir=in | app=c:\users\königskind\appdata\local\temp\7zs62fb\hpdiagnosticcoreui.exe |
"{F42E65EC-1A3B-4F0C-95E7-50AB5ADDE05B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEA3F7D9-7875-4E39-8139-E09B8C61D3EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{D0A6BB10-CC5D-BDB8-6EF6-F9817F9CBECE}" = ATI Catalyst Install Manager
"{D2458705-A810-63B8-0FD5-C0DB30F1294A}" = ccc-utility64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033FB210-6390-F594-691B-336F34197698}" = CCC Help Finnish
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C107330-16DF-4D39-AA74-0E5448AED9E8}" = HP Documentation
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22C8EC80-0866-4122-A9D3-0C89B35CD358}" = Catalyst Control Center Profiles Mobile
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2E98073C-A62D-2C9E-3729-3ABFDC23EA26}" = CCC Help Portuguese
"{2EEA0953-E1BB-595A-9C97-5299F17F4FCE}" = CCC Help Polish
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{325988C2-8D7B-460E-8F6F-4747129CA495}" = ZoneAlarm Security
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EFEA7DE-A061-1B59-1AF7-24457B5376F8}" = CCC Help Korean
"{5486C37D-73E8-4C31-A3FA-D796494F8286}" = Catalyst Control Center - Branding
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C8F9B7-61D9-9AAE-9788-46FBA690C927}" = CCC Help Thai
"{6A068745-2B19-9131-2337-3987B7EE2139}" = CCC Help Chinese Standard
"{6A440BB0-FCBB-1894-91DF-CC77D3552676}" = CCC Help Dutch
"{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7451FD2D-1A23-4E67-92CD-8EDDD1846917}" = AVG PC TuneUp Language Pack (de-DE)
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7607DD9E-FA07-AD76-CEAB-174EA6B6EFC6}" = CCC Help Russian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{81A9D294-775E-4535-F2AC-82AC8BD5F314}" = CCC Help Chinese Traditional
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{878DD5CB-4723-D481-E75B-16D5E4B14EB4}" = CCC Help French
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89857FF8-4D1C-1628-13C2-6EB7A2226302}" = Catalyst Control Center InstallProxy
"{8BFA58D0-D782-8F29-DF73-01658852C812}" = CCC Help Spanish
"{8C02EB1E-1C4B-B42E-8104-3D372C08FDBD}" = PX Profile Update
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{912FFBD2-DAB4-D1BC-F29D-D9A0667818F3}" = CCC Help German
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9532F6E0-ED0A-41A4-87F9-49478E44E8C1}" = ZoneAlarm Antivirus
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A69CF711-D6DD-4BE3-A172-E1E7863715DB}" = CCC Help Czech
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD1D0003-239E-D78B-0714-9EB950932861}" = CCC Help Japanese
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BCC34B21-6BEC-C785-D4EC-C323D73974D1}" = CCC Help Italian
"{BD185B24-9653-4C3E-EC62-2232D825E40C}" = CCC Help Danish
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE36E13E-6A81-9B81-F4AC-FB03465043FC}" = Catalyst Control Center Localization All
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4D2CC53-8327-740B-31B2-DE7B0CBF5CCC}" = ccc-core-static
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C71F947D-C500-4C00-AF0A-8B397A3F9DE5}" = HTC Sync
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{C7D00998-8CC9-C0E0-EFC0-8DB857D3749C}" = CCC Help English
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5192A10-F4FB-EC5C-CB00-41448A6664E2}" = CCC Help Greek
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22C1F3D-1B96-4A87-0419-58475A6BDD85}" = CCC Help Norwegian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EC584A7F-943B-0E0F-0112-C4CF47619E18}" = CCC Help Hungarian
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FF3357CE-5663-8C90-33E8-E04BD1BB69FF}" = CCC Help Swedish
"{FFB81EF3-CAB3-1A6F-D816-51079C4C057C}" = Catalyst Control Center Graphics Previews Common
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"AVG PC TuneUp" = AVG PC TuneUp
"Avira AntiVir Desktop" = Avira Free Antivirus
"EasyBits Magic Desktop" = Magic Desktop
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Trillian" = Trillian
"Trojan Remover_is1" = Trojan Remover 6.8.6
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089303" = Build-a-Lot - The Elizabethan Era
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZoneAlarm Do Not Track Add-on_is1" = ZoneAlarm Do Not Track Add-on 2.2.5.1213
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
"ZumoDrive" = HP CloudDrive
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4076678780-3420807333-394965083-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.05.2013 05:29:13 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x22f8 Startzeit der fehlerhaften Anwendung: 0x01ce4a3c2b8191d2 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 69c601c4-b62f-11e2-8ab3-984be1b26acd
Error - 06.05.2013 05:29:18 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x2a60 Startzeit der fehlerhaften Anwendung: 0x01ce4a3c2e69ef98 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 6c85c852-b62f-11e2-8ab3-984be1b26acd
Error - 06.05.2013 05:29:23 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x1f4 Startzeit der fehlerhaften Anwendung: 0x01ce4a3c3124ad03 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 6f48751b-b62f-11e2-8ab3-984be1b26acd
Error - 06.05.2013 05:29:33 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x292c Startzeit der fehlerhaften Anwendung: 0x01ce4a3c37817dfd Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 75a17576-b62f-11e2-8ab3-984be1b26acd
Error - 06.05.2013 05:29:38 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x288c Startzeit der fehlerhaften Anwendung: 0x01ce4a3c3a3dc20d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 785d9276-b62f-11e2-8ab3-984be1b26acd
Error - 06.05.2013 05:29:42 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0xc78 Startzeit der fehlerhaften Anwendung: 0x01ce4a3c3cdbf65e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 7af36237-b62f-11e2-8ab3-984be1b26acd
Error - 06.05.2013 05:29:47 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x21cc Startzeit der fehlerhaften Anwendung: 0x01ce4a3c3f8c7a72 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 7d9b5aac-b62f-11e2-8ab3-984be1b26acd
Error - 06.05.2013 05:29:51 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x2714 Startzeit der fehlerhaften Anwendung: 0x01ce4a3c4234c108 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 805331dc-b62f-11e2-8ab3-984be1b26acd
Error - 06.05.2013 05:29:56 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x1b8c Startzeit der fehlerhaften Anwendung: 0x01ce4a3c45250e2c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 8341aa39-b62f-11e2-8ab3-984be1b26acd
Error - 06.05.2013 05:30:02 | Computer Name = Königskind-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: clamscan.exe, Version: 0.98.0.0,
Zeitstempel: 0x4fbcd39d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x1e0c Startzeit der fehlerhaften Anwendung: 0x01ce4a3c489c679b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 86c5fc28-b62f-11e2-8ab3-984be1b26acd
[ Hewlett-Packard Events ]
Error - 04.11.2012 15:55:09 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 04.11.2012 15:55:09 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 04.11.2012 15:55:09 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 04.11.2012 15:55:09 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 17.11.2012 08:04:03 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 17.11.2012 08:04:14 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 19.11.2012 15:56:16 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. StackTrace: bei
HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 4043
Ram
Utilization: 70 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
Error - 19.11.2012 15:56:40 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. StackTrace: bei
HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 4043
Ram
Utilization: 70 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
Error - 19.11.2012 16:58:55 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()
bei HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()
bei HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
4043 Ram Utilization: 50 TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
GetAppliedUpdates()
Error - 19.11.2012 17:39:05 | Computer Name = Königskind-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. StackTrace: bei
HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 4043
Ram
Utilization: 50 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
[ HP Wireless Assistant Events ]
Error - 18.07.2012 05:48:54 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 19.07.2012 05:31:52 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Fehler beim Laden des Anbieters
bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)
bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)
bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 16.08.2012 02:32:01 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 20.02.2013 11:17:59 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 24.02.2013 04:14:16 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 10.04.2013 01:00:03 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 01.05.2013 15:21:22 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 05.05.2013 09:08:11 | Computer Name = Königskind-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Fehler in der Anwendung. bei HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 05.05.2013 09:08:12 | Computer Name = Königskind-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
Error - 14.05.2013 00:55:15 | Computer Name = Königskind-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
[ System Events ]
Error - 09.05.2013 17:28:53 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 09.05.2013 17:28:55 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753636.
Error - 09.05.2013 17:28:57 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 10.05.2013 14:28:05 | Computer Name = Königskind-HP | Source = DCOM | ID = 10010
Description =
Error - 14.05.2013 00:56:39 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753636.
Error - 14.05.2013 00:56:40 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 14.05.2013 00:56:43 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 14.05.2013 08:50:30 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 14.05.2013 08:50:34 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753636.
Error - 14.05.2013 08:50:40 | Computer Name = Königskind-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
< End of report >
wer lesen und gucken kann ist klar im vorteil! ;-)OTL EXTRAS Logfile: |
|
14.05.2013, 14:23
| #9 |
| | Mahnungsmail von Norton OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.05.2013 14:58:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Königskind\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,95 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 31,37% Memory free
7,90 Gb Paging File | 4,30 Gb Available in Paging File | 54,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683,81 Gb Total Space | 624,85 Gb Free Space | 91,38% Space Free | Partition Type: NTFS
Drive D: | 14,53 Gb Total Space | 1,79 Gb Free Space | 12,33% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 98,87 Mb Total Space | 88,60 Mb Free Space | 89,62% Space Free | Partition Type: FAT32
Computer Name: KÖNIGSKIND-HP | User Name: Königskind | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Königskind\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
PRC - C:\Users\Königskind\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\Königskind\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe (Systweak Inc)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Users\Königskind\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ZoneAlarm Search
IE - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\..\SearchScopes\{B45794A0-63E5-4723-8BF2-6AD1914E67E1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=STT&o=102866&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=5N&apn_dtid=YYYYYYYYDE&apn_uid=3ec4707d-0b8c-4a1c-ac90-7cb52b253036&apn_sauid=28018C38-0892-4964-A78B-45A40EA2B2DC
IE - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\..\SearchScopes\{DB52FACB-1AF9-44A2-A723-1803CC29F861}: "URL" = hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&q={searchTerms}&gu=95724a4bd665487a9374ee24eefb451d&tu=10GX0006o1B000c&sku=&tstsId=&ver=&&r=881
IE - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0
FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.15.0
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: donottrack%40checkpoint.com:2.2.5.1213
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.9.20130409112616
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.02.28 13:20:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.02.28 13:20:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.25 11:26:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.02.14 14:40:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 00:10:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.14 14:48:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.25 11:26:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 00:10:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.14 14:48:47 | 000,000,000 | ---D | M]
[2011.06.24 21:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Königskind\AppData\Roaming\mozilla\Extensions
[2013.05.14 14:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions
[2013.04.13 08:53:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.06.25 11:09:09 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012.04.12 14:29:45 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\2020Player_IKEA@2020Technologies.com
[2013.02.26 22:35:34 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\donottrack@checkpoint.com
[2013.02.26 22:35:33 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Königskind\AppData\Roaming\mozilla\Firefox\Profiles\7rrm6a6g.default\extensions\ffxtlbr@zonealarm.com
[2012.08.23 14:03:26 | 000,101,863 | ---- | M] () (No name found) -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\extensions\ciuvo-extension@icq.de.xpi
[2012.12.13 11:47:29 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.26 18:58:54 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\extensions\donottrack@checkpoint.com\chrome\content\ff\view_expiry.js
[2013.04.03 09:55:08 | 000,002,533 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\aol-search.xml
[2012.07.21 00:36:50 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-10.xml
[2012.08.01 00:40:34 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-11.xml
[2012.08.31 22:17:16 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-12.xml
[2012.09.14 14:43:43 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-13.xml
[2012.11.15 10:48:26 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-14.xml
[2012.11.15 11:54:23 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-15.xml
[2012.11.24 22:35:15 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-16.xml
[2013.02.14 13:41:11 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-17.xml
[2013.02.15 12:54:04 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-18.xml
[2013.02.19 23:47:32 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-19.xml
[2013.02.28 15:21:22 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-20.xml
[2013.03.22 17:41:31 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-21.xml
[2013.04.25 08:02:00 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-22.xml
[2011.09.15 13:08:39 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-4.xml
[2011.10.12 14:18:50 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-5.xml
[2012.01.13 21:28:08 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-6.xml
[2012.03.23 21:45:19 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-7.xml
[2012.04.19 11:47:45 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-8.xml
[2012.06.25 11:09:11 | 000,000,950 | ---- | M] () -- C:\Users\Königskind\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\searchplugins\icqplugin-9.xml
[2013.04.12 00:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 00:10:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.12 00:10:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.02.14 14:40:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\{AB91EFD4-6975-4081-8552-1B3922ED79E2}
File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\2020PLAYER_IKEA@2020TECHNOLOGIES.COM
File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\DONOTTRACK@CHECKPOINT.COM
File not found (No name found) -- C:\USERS\KöNIGSKIND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7RRM6A6G.DEFAULT\EXTENSIONS\FFXTLBR@ZONEALARM.COM
[2013.04.12 00:10:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.02.14 17:24:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.14 17:24:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.14 17:24:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.14 17:24:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.14 17:24:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.14 17:24:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: Google
CHR - Extension: No name found = C:\Users\Königskind\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.3.16\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.3.16\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4076678780-3420807333-394965083-1001..\Run: [Spotify] C:\Users\Königskind\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-4076678780-3420807333-394965083-1001..\Run: [Spotify Web Helper] C:\Users\Königskind\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-4076678780-3420807333-394965083-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Königskind\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-4076678780-3420807333-394965083-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Königskind\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Königskind\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B984E03D-8074-41A4-84BD-8F8BB1D698D8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1b93b3ae-7675-11e1-8c25-984be1b26acd}\Shell - "" = AutoRun
O33 - MountPoints2\{1b93b3ae-7675-11e1-8c25-984be1b26acd}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.14 14:56:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Königskind\Desktop\OTL(1).exe
[2013.05.14 00:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.13 21:09:30 | 000,000,000 | ---D | C] -- C:\Users\Königskind\Documents\Simply Super Software
[2013.05.13 21:09:30 | 000,000,000 | ---D | C] -- C:\Users\Königskind\AppData\Roaming\Simply Super Software
[2013.05.13 21:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.05.13 21:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.05.13 21:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.05.12 17:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.05.07 10:48:30 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.06 07:36:19 | 000,000,000 | ---D | C] -- C:\Users\Königskind\AppData\Local\{CBF809FA-2F04-4E35-BE33-1AA6D9BAA2F1}
[2013.05.05 00:12:14 | 000,000,000 | ---D | C] -- C:\Users\Königskind\AppData\Local\{C17AE1A6-AC78-4345-8173-07C6862192B4}
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.14 14:58:55 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.14 14:58:55 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.14 14:57:40 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.14 14:57:40 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.14 14:57:40 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.14 14:57:40 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.14 14:57:40 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.14 14:56:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Königskind\Desktop\OTL(1).exe
[2013.05.14 14:53:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.14 14:52:15 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.14 14:50:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.14 14:50:19 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.14 14:37:48 | 000,628,743 | ---- | M] () -- C:\Users\Königskind\Desktop\adwcleaner.exe
[2013.05.14 14:32:07 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.13 21:09:24 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.05.07 10:46:53 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.06 10:55:49 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.06 10:55:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.25 07:54:32 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKönigskind.job
[2013.04.22 07:18:18 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKÖNIGSKIND-HP$.job
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.14 14:37:46 | 000,628,743 | ---- | C] () -- C:\Users\Königskind\Desktop\adwcleaner.exe
[2013.05.13 21:09:24 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.11.15 10:42:37 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.06.25 11:22:37 | 000,219,024 | ---- | C] () -- C:\Windows\hpoins47.dat
[2012.06.25 11:22:37 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2011.08.04 21:08:47 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.03.08 15:25:53 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.03.08 15:25:53 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013.02.19 23:53:05 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\AVG
[2013.02.19 23:36:43 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\AVG2013
[2012.11.15 12:44:04 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\CheckPoint
[2011.10.12 14:23:00 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\DVDVideoSoft
[2012.11.24 21:59:49 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\HTC
[2012.11.24 22:37:46 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.08.04 21:22:13 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\OpenOffice.org
[2011.06.24 21:30:33 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\PictureMover
[2013.05.13 21:09:30 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\Simply Super Software
[2012.11.15 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\SoftGrid Client
[2013.05.14 14:53:39 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\Spotify
[2011.06.24 21:29:25 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\Synaptics
[2013.05.14 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\Systweak
[2011.08.04 21:09:26 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\TP
[2012.01.04 23:27:53 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\Trillian
[2013.02.19 23:14:12 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\TuneUp Software
[2012.01.30 15:26:16 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\Windows Live Writer
[2011.07.04 13:54:48 | 000,000,000 | ---D | M] -- C:\Users\Königskind\AppData\Roaming\_MDLogs
========== Purity Check ==========
< End of report >
|
|
14.05.2013, 17:17
| #10 |
| /// Helfer-Team | Mahnungsmail von Norton Es geht mir um dieses Logfile: Das Tool (MBAR) wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier. Du solltest Zonalarm und Spybot deinstallieren. |
|
14.05.2013, 18:23
| #11 |
| | Mahnungsmail von Norton Malwarebytes Anti-Rootkit BETA 1.05.0.1001 Malwarebytes : Free Anti-Malware download Database version: v2013.05.14.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Königskind :: KÖNIGSKIND-HP [administrator] 14.05.2013 07:31:19 mbar-log-2013-05-14 (07-31-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30219 Time elapsed: 18 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ist das jetzt richtig? zonealarm und spybot sind runter |
|
14.05.2013, 19:53
| #12 |
| /// Helfer-Team | Mahnungsmail von Norton Ich wollte kein neues, sondern das von gestern mit den Funden. |
|
14.05.2013, 20:14
| #13 |
| | Mahnungsmail von Norton Malwarebytes Anti-Rootkit BETA 1.05.0.1001 Malwarebytes : Free Anti-Malware download Database version: v2013.05.13.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Königskind :: KÖNIGSKIND-HP [administrator] 14.05.2013 01:16:12 mbar-log-2013-05-14 (01-16-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30421 Time elapsed: 25 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 27 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TYPELIB\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{E788D914-2C76-4D67-A8CD-ECC7ED0D0748} (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{F30C03B4-104E-4FD4-842B-B9E9F52ED415} (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E788D914-2C76-4D67-A8CD-ECC7ED0D0748} (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F30C03B4-104E-4FD4-842B-B9E9F52ED415} (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\RewardsArcade.FBApi (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\RewardsArcade.FBApi (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BDA89DCD-8B25-48c7-B1E2-07CA622E0CA8} (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\RewardsArcade.Sandbox.1 (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\RewardsArcade.Sandbox (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\RewardsArcade.Sandbox (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\RewardsArcade.Sandbox.1 (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\RewardsArcade.BHO (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\RewardsArcade.BHO (PUP.RewardsArcade) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RewardsArcade (PUP.RewardsArcade) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 15 c:\Program Files (x86)\RewardsArcade (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Delete on reboot. Files Detected: 47 c:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (PUP.RewardsArcade) -> Delete on reboot. c:\Program Files (x86)\RewardsArcade\fb.js (PUP.RewardsArcade) -> Delete on reboot. c:\Program Files (x86)\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) -> Delete on reboot. c:\Program Files (x86)\RewardsArcade\jquery.js (PUP.RewardsArcade) -> Delete on reboot. c:\Program Files (x86)\RewardsArcade\json.js (PUP.RewardsArcade) -> Delete on reboot. c:\Program Files (x86)\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> Delete on reboot. c:\Program Files (x86)\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> Delete on reboot. c:\Program Files (x86)\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Delete on reboot. c:\Users\Königskind\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Delete on reboot. (end) |
|
14.05.2013, 20:21
| #14 |
| /// Helfer-Team | Mahnungsmail von Norton Sehr gut!  Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
dann: Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
14.05.2013, 20:59
| #15 |
| | Mahnungsmail von Norton ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by *** on 14.05.2013 at 21:44:52,08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B45794A0-63E5-4723-8BF2-6AD1914E67E1} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} ~~~ Files Successfully deleted: [File] C:\Windows\syswow64\sho14BF.tmp Successfully deleted: [File] C:\Windows\syswow64\sho20B7.tmp Successfully deleted: [File] C:\Windows\syswow64\sho56DA.tmp Successfully deleted: [File] C:\Windows\syswow64\sho5EEE.tmp Successfully deleted: [File] C:\Windows\syswow64\sho5FE2.tmp Successfully deleted: [File] C:\Windows\syswow64\sho92E0.tmp Successfully deleted: [File] C:\Windows\syswow64\sho99BE.tmp Successfully deleted: [File] C:\Windows\syswow64\shoA13A.tmp Successfully deleted: [File] C:\Windows\syswow64\shoA2AB.tmp Successfully deleted: [File] C:\Windows\syswow64\shoD09.tmp Successfully deleted: [File] C:\Windows\syswow64\shoD706.tmp ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\systweak" Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\systweak" Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0191740C-1690-478C-A14A-6E4291517EAC} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{08C2969D-9F37-4C04-A9D4-FD556A389215} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{08FE46C7-7CB2-43D4-A64A-2FBF98A50880} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0FC4955C-C95A-4F27-8B8D-39E55EEEC2A5} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{14BCE7F4-D1D8-4EB0-AB93-22D12E67FA65} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2A6EA73B-7B3A-43DE-AE26-70B8DB3580B9} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3193E6E7-37D3-4C50-91DE-BAC7EFDC43EA} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{344F88C2-8FA6-41B1-B122-0BBC9D395547} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{362747BC-413E-40CC-AF13-E8F909DFCFFB} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4CCF5AA6-5908-4F11-B1B1-BBEF94CF2C9E} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{59968AB5-EAE2-49C2-8AC0-A16068DAFD60} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5A48F32D-9939-48A1-A1DB-9F775C1DC182} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5BE654A8-1E99-44B1-B4D8-708B6557F8BE} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7015B0F2-B87F-4CA9-BF39-552171CC4501} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{786F48A4-0617-4BE4-B3AA-DD65D08E17A1} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{85363AA7-D054-467E-9872-48D0D4DA521F} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8E8C9EBF-164D-455F-BBAA-3248DC295971} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9E07837E-0D2A-41F2-ACC2-57480BD34BCB} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{BAFBCF0D-39A2-492F-AEBB-70109065F058} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{BB280A8C-DA37-4A30-9110-6AB7D849B272} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{C17AE1A6-AC78-4345-8173-07C6862192B4} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{C22F6C21-6190-4533-B2FF-21939137832D} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{C2849784-1748-438D-93D7-240A6B1153D1} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CAB3779A-9781-4913-9D86-82BA337EF53C} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CBF809FA-2F04-4E35-BE33-1AA6D9BAA2F1} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CF42017C-4B6C-4F59-BE5C-B00C101517BC} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D2B7673E-8801-40FB-AE65-81604FEFAF6B} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D9F8C53C-0E79-4D41-B189-DB6F2688D507} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E2D11AA4-BCFE-4E14-B0EF-5A29DE453BBC} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{EC29AAD7-179C-4B42-9CF2-782B6D2E67CD} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F07DFEE2-13A1-43B7-9644-E74B056A284D} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F9986E6E-3DC5-495A-9C6E-81296D7F9AE8} Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{FB2BC10C-3418-4ACD-AB5E-27A0AB1A511D} ~~~ FireFox Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7rrm6a6g.default\minidumps [24 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.05.2013 at 21:50:39,10 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-05-14 22:03:32 ----------------------------- 22:03:32.416 OS Version: Windows x64 6.1.7601 Service Pack 1 22:03:32.416 Number of processors: 4 586 0x2A07 22:03:32.416 ComputerName: ***-HP UserName: *** 22:03:34.676 Initialize success 22:03:35.676 AVAST engine defs: 13051400 22:04:34.576 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 22:04:34.576 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 3 22:04:34.696 Disk 0 MBR read successfully 22:04:34.696 Disk 0 MBR scan 22:04:34.706 Disk 0 Windows 7 default MBR code 22:04:34.726 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 22:04:34.746 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700218 MB offset 409600 22:04:34.776 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14883 MB offset 1434456064 22:04:34.786 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448 22:04:34.936 Disk 0 scanning C:\Windows\system32\drivers 22:04:48.556 Service scanning 22:05:25.556 Modules scanning 22:05:25.576 Disk 0 trace - called modules: 22:05:25.956 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 22:05:25.966 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fee060] 22:05:25.976 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ceb050] 22:05:26.946 AVAST engine scan C:\Windows 22:05:29.416 AVAST engine scan C:\Windows\system32 22:08:33.259 AVAST engine scan C:\Windows\system32\drivers 22:08:46.199 AVAST engine scan C:\Users\*** 22:16:48.080 AVAST engine scan C:\ProgramData 22:19:09.382 Scan finished successfully 22:30:44.387 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat" 22:30:44.401 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt" ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=ecb9cb48b711d648a33d6ce53f8b6beb # engine=13831 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-15 06:58:23 # local_time=2013-05-15 08:58:23 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 100 94 7685020 145307375 0 0 # compatibility_mode=1045 16777213 100 95 4731084 55735087 0 0 # compatibility_mode=1799 16775165 100 96 43109 234024393 35887 0 # compatibility_mode=5893 16776574 66 85 25910636 120230953 0 0 # scanned=195765 # found=1 # cleaned=0 # scan_time=37233 sh=0ADB7380EB4D577635DF02DA6CA061B94D1BF192 ft=0 fh=0000000000000000 vn="Win32/Trustezeb.C trojan" ac=I fn="C:\Users\Königskind\AppData\Local\Temp\****** Mahnbescheid 13.05.2013 3369042158 buy.norton.com.zip" Unsupported operating system! Aborted! |
|
| Themen zu Mahnungsmail von Norton |
| abmahnung, bereits, beste, besten, bringe, eingefangen, gefangen, gen, gericht, inkassobuy.norton.com, klage, kontodaten, mail, möglichkeit, norton, offene, rechnung, recht, remover, troja, trojaner, trojaner eingefangen, win32/trustezeb.c, zahlung |
Linear-Darstellung
