Leuter Werbung und Link im Internet!

cocobrack · 06.11.2013, 16:20

Moin Moin,

habe seit vier Wochen ein Problem mit meinen Internetbrowser!
Es werden manche Wörter als Link markiert der mich immer auf eine bestimmte Seite leitet und es werden immer weiter Fenster geöffnet!
Hoffe es kann mir jemand Helfen!

Vielen Dank im Voraus!

M-K-D-B · 06.11.2013, 16:27

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Seit 4 Wochen hast du das Problem und du kommst erst heute zu uns?

So geht es los:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

cocobrack · 06.11.2013, 16:44

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Cornelius Brack (administrator) on CORNELIUSBRACK on 06-11-2013 16:37:35
Running from C:\Users\Cornelius Brack\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
() C:\Program Files\Guard-ICQ\GuardICQ.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Guard-ICQ\GuardICQ.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Cornelius Brack\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Guard.Mail.ru.gui] - C:\Program Files\Guard-ICQ\GuardICQ.exe [1564368 2012-10-07] ()
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Cornelius Brack\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-24] (Spotify Ltd)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
MountPoints2: {88ac7d23-66e5-11e1-8807-0019dbf62289} - H:\AutoRun.exe
MountPoints2: {88ac7d79-66e5-11e1-8807-0019dbf62289} - H:\AutoRun.exe
MountPoints2: {e807e0e8-44db-11df-94b7-806e6f6e6963} - F:\Beruf_Karriere.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1C89614AE000CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie10
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  No File
URLSearchHook: HKCU - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=435&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7456106011334573&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=435&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7456106011334573&q={searchTerms}
SearchScopes: HKLM - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/?src=6&crg=2.1002&q={searchTerms}
SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101241&mntrId=78f85ae5000000000000001d7e050599
SearchScopes: HKCU - {1AC29700-6F65-4EE6-AD66-68FA88F985C1} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {309589F9-6A52-42E9-A507-BC3E1F3AD755} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {3B7DDEBF-91C8-4C25-B347-374BF250EE77} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {3DD9D4CB-7569-496F-B238-806934F5D6FC} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?FORM=UP74DF&PC=UP74&dt=031913&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {A81687A2-3ED7-4C36-8F7C-11BDB92560B3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=A872BA67-0AFB-4F41-A9E9-0BB1C85427BF&apn_sauid=97677C44-18C4-4CEC-B190-618395ED2A86
SearchScopes: HKCU - {AA888166-5520-4D15-8CB7-080974E0C528} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/?src=6&crg=2.1002&q={searchTerms}
SearchScopes: HKCU - {F1B50D84-7D86-4AA3-B49F-FD2D0C3C63F2} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=435&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7456106011334573&q={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2BD76CAE-886B-4A80-AD9F-62C70BA095E9}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{3DD56755-ACAC-4EFB-8C2B-A3540E049A42}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default
FF user.js: detected! => C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\user.js
FF DefaultSearchEngine: DVDVideoSoftTB Customized Web Search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: DVDVideoSoftTB Customized Web Search
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN70623224704791195&UM=&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\dvdvideosofttb-customized-web-search.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-2.2 - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: Babylon - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\ffxtlbr@babylon.com
FF Extension: Yahoo! Toolbar - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: ICQ Toolbar - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: DVDVideoSoftTB  - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: WOT - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: ciuvo-extension - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: firefox-hotfix - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\firefox-hotfix@mozilla.org.xpi
FF Extension: toolbar - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\toolbar@web.de.xpi
FF Extension: trtv3 - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\trtv3@trtv.com.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\

Chrome: 
=======
CHR Extension: (Plus-HD-2.2) - C:\Users\CORNEL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.57_0
CHR Extension: (Skype Click to Call) - C:\Users\CORNEL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Norton Identity Protection) - C:\Users\CORNEL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0
CHR Extension: (Iminent Chrome Toolbar) - C:\Users\CORNEL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0
CHR HKLM\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files\TornTV.com\torntv10.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [1564368 2012-10-07] ()
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-03-04] (Logitech Inc.)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2010-10-31] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-04-30] ()
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [1096280 2013-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-27] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] ()
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2012-03-05] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2012-03-05] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [181760 2012-03-05] (Huawei Technologies Co., Ltd.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20131105.002\IDSvix86.sys [393816 2013-10-25] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-04-30] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20131105.025\NAVENG.SYS [93272 2013-11-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20131105.025\NAVEX15.SYS [1612376 2013-11-05] (Symantec Corporation)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-04-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMNETS.SYS [318584 2012-04-18] (Symantec Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-06 16:37 - 2013-11-06 16:37 - 00000000 ____D C:\FRST
2013-11-06 16:31 - 2013-11-06 16:31 - 01089445 _____ (Farbar) C:\Users\Cornelius Brack\Downloads\FRST.exe
2013-11-04 01:05 - 2013-11-04 01:05 - 00008451 _____ C:\Users\Cornelius Brack\Downloads\spssdata(1).csv
2013-11-01 23:15 - 2013-11-01 23:15 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata2.csv
2013-11-01 23:14 - 2013-11-04 17:29 - 00048195 _____ C:\Users\Cornelius Brack\Documents\Auswertung Umfrage.xlsx
2013-11-01 22:43 - 2013-11-01 22:43 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata1.csv
2013-11-01 22:07 - 2013-11-01 22:42 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata.csv
2013-11-01 15:22 - 2013-11-01 15:22 - 00000000 ____D C:\Users\Cornelius Brack\Documents\FUSSBALL MANAGER 14
2013-11-01 15:20 - 2013-11-01 15:20 - 00001178 _____ C:\Users\Public\Desktop\FUSSBALL MANAGER 14.lnk
2013-10-31 23:14 - 2013-10-31 23:30 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\Origin
2013-10-30 20:17 - 2013-11-01 23:14 - 00096256 _____ C:\Users\Cornelius Brack\Documents\Auswertung Umfrage.xls
2013-10-29 15:15 - 2013-11-01 12:14 - 00002968 _____ C:\Windows\PFRO.log
2013-10-27 20:56 - 2013-11-06 15:47 - 00001624 _____ C:\Windows\setupact.log
2013-10-27 20:56 - 2013-10-27 20:56 - 00000000 _____ C:\Windows\setuperr.log
2013-10-25 19:56 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-25 19:56 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-25 19:56 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-25 19:56 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-25 19:56 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-25 19:56 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-25 19:15 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-25 19:15 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-25 19:15 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-25 19:15 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-25 19:15 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-25 19:15 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-25 19:15 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-25 19:15 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-25 19:15 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-25 19:15 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-25 19:15 - 2013-08-05 02:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-10-25 19:15 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-25 19:15 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-25 19:15 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-25 19:15 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-25 19:15 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-25 19:15 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-25 19:15 - 2013-07-12 11:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-25 19:15 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-25 19:15 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-25 19:15 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-25 19:15 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-25 19:15 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-25 19:15 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-25 19:15 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-25 19:15 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-25 19:15 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-25 19:15 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-25 19:15 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-25 19:15 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-25 19:14 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-25 19:12 - 2013-08-02 02:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-10-25 19:12 - 2013-08-02 02:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-10-25 19:12 - 2013-08-02 02:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 01:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-10-25 19:12 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-20 21:46 - 2013-10-20 21:46 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 21:45 - 2013-10-20 21:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 21:45 - 2013-10-20 21:44 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-20 21:45 - 2013-10-20 21:44 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-20 21:45 - 2013-10-20 21:44 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-20 21:45 - 2013-10-20 21:44 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-20 21:39 - 2013-10-20 21:39 - 00915368 _____ (Oracle Corporation) C:\Users\Cornelius Brack\Downloads\jxpiinstall(1).exe
2013-10-16 21:12 - 2013-10-16 21:14 - 67022728 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\FM12DBUpdate(1).exe
2013-10-16 18:29 - 2013-10-16 18:37 - 324367280 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\Manager_12_Update_3.exe
2013-10-16 18:20 - 2013-10-16 18:21 - 37973368 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\FM12DBUpdate2(1).exe
2013-10-16 13:27 - 2013-10-16 13:36 - 183608160 _____ (Symantec Corporation) C:\Users\Cornelius Brack\Downloads\norton_internet_security_setup.exe

==================== One Month Modified Files and Folders =======

2013-11-06 16:37 - 2013-11-06 16:37 - 00000000 ____D C:\FRST
2013-11-06 16:33 - 2010-04-13 17:33 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-06 16:31 - 2013-11-06 16:31 - 01089445 _____ (Farbar) C:\Users\Cornelius Brack\Downloads\FRST.exe
2013-11-06 16:20 - 2012-04-15 22:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-06 15:56 - 2009-07-14 05:34 - 00013552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 15:56 - 2009-07-14 05:34 - 00013552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 15:52 - 2010-04-10 21:04 - 01755883 _____ C:\Windows\WindowsUpdate.log
2013-11-06 15:48 - 2013-09-13 13:51 - 00001298 _____ C:\Windows\Tasks\Plus-HD-2.2-updater.job
2013-11-06 15:48 - 2013-09-13 13:51 - 00001202 _____ C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
2013-11-06 15:48 - 2013-09-13 13:51 - 00001102 _____ C:\Windows\Tasks\Plus-HD-2.2-enabler.job
2013-11-06 15:48 - 2013-09-13 13:50 - 00001898 _____ C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
2013-11-06 15:48 - 2013-09-13 13:50 - 00001822 _____ C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
2013-11-06 15:48 - 2010-04-13 17:33 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-06 15:47 - 2013-10-27 20:56 - 00001624 _____ C:\Windows\setupact.log
2013-11-06 15:47 - 2010-04-30 21:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-06 15:47 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-06 13:22 - 2010-05-15 18:13 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\Skype
2013-11-06 08:02 - 2010-04-10 21:14 - 01526094 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-04 21:55 - 2010-04-30 21:09 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Local\CrashDumps
2013-11-04 17:29 - 2013-11-01 23:14 - 00048195 _____ C:\Users\Cornelius Brack\Documents\Auswertung Umfrage.xlsx
2013-11-04 01:05 - 2013-11-04 01:05 - 00008451 _____ C:\Users\Cornelius Brack\Downloads\spssdata(1).csv
2013-11-03 16:13 - 2011-07-23 13:35 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\vlc
2013-11-02 19:36 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-02 19:32 - 2013-05-15 16:40 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-11-02 18:53 - 2012-01-02 15:18 - 00000000 ____D C:\Users\Cornelius Brack\Documents\Bewerbung
2013-11-02 18:15 - 2012-01-17 14:50 - 00203264 ___SH C:\Users\Cornelius Brack\Thumbs.db
2013-11-02 18:15 - 2010-04-10 21:13 - 00000000 ____D C:\Users\Cornelius Brack
2013-11-02 09:55 - 2011-06-08 20:43 - 00000000 ____D C:\Program Files\Origin
2013-11-01 23:15 - 2013-11-01 23:15 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata2.csv
2013-11-01 23:14 - 2013-10-30 20:17 - 00096256 _____ C:\Users\Cornelius Brack\Documents\Auswertung Umfrage.xls
2013-11-01 22:43 - 2013-11-01 22:43 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata1.csv
2013-11-01 22:42 - 2013-11-01 22:07 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata.csv
2013-11-01 15:22 - 2013-11-01 15:22 - 00000000 ____D C:\Users\Cornelius Brack\Documents\FUSSBALL MANAGER 14
2013-11-01 15:21 - 2011-06-08 20:43 - 00000000 ____D C:\ProgramData\Origin
2013-11-01 15:20 - 2013-11-01 15:20 - 00001178 _____ C:\Users\Public\Desktop\FUSSBALL MANAGER 14.lnk
2013-11-01 12:30 - 2011-06-08 20:43 - 00000000 ____D C:\Program Files\Origin Games
2013-11-01 12:14 - 2013-10-29 15:15 - 00002968 _____ C:\Windows\PFRO.log
2013-10-31 23:30 - 2013-10-31 23:14 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\Origin
2013-10-31 23:16 - 2011-06-08 20:49 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Local\Origin
2013-10-30 21:05 - 2013-07-13 15:57 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\Spotify
2013-10-30 19:50 - 2013-07-13 15:59 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Local\Spotify
2013-10-27 20:56 - 2013-10-27 20:56 - 00000000 _____ C:\Windows\setuperr.log
2013-10-27 17:17 - 2010-04-10 22:07 - 00000000 ____D C:\Users\Cornelius Brack\Tracing
2013-10-27 17:15 - 2010-04-10 22:01 - 00000000 ____D C:\Windows\Panther
2013-10-27 11:09 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-25 20:16 - 2009-07-14 05:33 - 00418832 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-25 20:15 - 2010-10-03 10:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-25 20:13 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-25 20:11 - 2010-04-10 23:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-25 20:08 - 2013-08-04 10:18 - 00000000 ____D C:\Windows\system32\MRT
2013-10-21 11:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-10-20 21:53 - 2012-09-15 19:06 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\TV-Browser
2013-10-20 21:46 - 2013-10-20 21:46 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 21:45 - 2013-10-20 21:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 21:44 - 2013-10-20 21:45 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-20 21:44 - 2013-10-20 21:45 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-20 21:44 - 2013-10-20 21:45 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-20 21:44 - 2013-10-20 21:45 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-20 21:44 - 2010-05-13 15:12 - 00000000 ____D C:\Program Files\Java
2013-10-20 21:39 - 2013-10-20 21:39 - 00915368 _____ (Oracle Corporation) C:\Users\Cornelius Brack\Downloads\jxpiinstall(1).exe
2013-10-16 21:21 - 2010-05-15 18:13 - 00000000 ____D C:\ProgramData\Skype
2013-10-16 21:20 - 2010-05-15 18:13 - 00000000 ___RD C:\Program Files\Skype
2013-10-16 21:14 - 2013-10-16 21:12 - 67022728 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\FM12DBUpdate(1).exe
2013-10-16 18:37 - 2013-10-16 18:29 - 324367280 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\Manager_12_Update_3.exe
2013-10-16 18:21 - 2013-10-16 18:20 - 37973368 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\FM12DBUpdate2(1).exe
2013-10-16 17:20 - 2012-04-15 22:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-16 17:20 - 2011-06-03 16:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-16 13:36 - 2013-10-16 13:27 - 183608160 _____ (Symantec Corporation) C:\Users\Cornelius Brack\Downloads\norton_internet_security_setup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 11:29

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Cornelius Brack at 2013-11-06 16:41:13
Running from C:\Users\Cornelius Brack\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR (Version: 3.5.0.880)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 9.5.4 - Deutsch (Version: 9.5.4)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
AVM FRITZ!Box Dokumentation
AVM FRITZ!Box Druckeranschluss
Biathlon Champion 2007
CameraHelperMsi (Version: 13.31.1038.0)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.2.0.34)
Canon MP Navigator EX 4.0
Canon Solution Menu EX
Canon Utilities CameraWindow (Version: 7.3.0.4)
Canon Utilities CameraWindow DC (Version: 7.4.1.10)
Canon Utilities CameraWindow DC 8 (Version: 8.0.0.19)
Canon Utilities MyCamera (Version: 7.3.0.5)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.4.0.7)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)
CanoScan LiDE 110 Scanner Driver
CCleaner (Version: 3.12)
CVE-2012-4969
D3DX10 (Version: 15.4.2368.0902)
Die Sims Deluxe 
erLT (Version: 1.20.138.34)
FUSSBALL MANAGER 12 (Version: 1.0.0.3)
FUSSBALL MANAGER 14 (Version: 1.0.0.0)
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
Gothic II (Version: Gothic II)
Grand Theft Auto Vice City (Version: 1.00.000)
Guard.ICQ
iCloud (Version: 2.0.2.187)
ICQ7M (Version: 7.8)
iTunes (Version: 11.0.1.12)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 15.4.3502.0922)
Kyocera Product Library (Version: 2.0.0713)
Logitech Vid HD (Version: 7.2 (7248))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Age of Empires
Microsoft Age of Empires Expansion
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0)
Mobile Partner (Version: 21.005.15.02.35)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MP4 To MP3 Converter V3.0
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyFreeCodec
Norton Internet Security (Version: 19.9.1.14)
NVIDIA 3D Vision Controller-Treiber 295.73 (Version: 295.73)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA nView Desktop Manager (Version: 6.14.10.12546)
NVIDIA PhysX (Version: 9.12.0209)
NVIDIA PhysX-Systemsoftware 9.12.0209 (Version: 9.12.0209)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Origin (Version: 9.3.2.2730)
OutlookAddInNet3Setup (Version: 1.0.0)
Patrizier 4 (Version: 1.3.0)
ProtectDisc Driver, Version 11 (Version: 11.0.0.14)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.72.80.56)
Revo Uninstaller 1.93 (Version: 1.93)
Safari (Version: 5.34.57.2)
Samsung Kies (Version: 2.0.1.11053_99)
Samsung New PC Studio (Version: 1.00.0000)
Samsung Story Album Viewer (Version: 1.0.0.13054_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.9 (Version: 6.9.106)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
Stronghold 2 (Version: 1.40.1000)
Stronghold Crusader Extreme (Version: 1.20.0000)
Stronghold Legends (Version: 1.20.0000)
swMSM (Version: 12.0.0.1)
System Requirements Lab
TeamViewer 8 (Version: 8.0.16642)
TransportGigant: Down Under (Version: 2.00)
TV-Browser 3.3.1 (Version: 3.3.1)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.0 (Version: 2.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Messenger

==================== Restore Points  =========================

25-10-2013 18:16:37 Windows Update
27-10-2013 15:40:50 Revo Uninstaller's restore point - Skigebiet Simulator 2012
01-11-2013 14:18:28 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0675622D-FE23-4809-B03A-520EC4BB6AE8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {136D1CA7-B236-4AF6-95DB-D3D28052BC17} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2A3E99A9-AE6B-4D64-A0D7-D1120FCCBBC9} - System32\Tasks\{B6FFADFF-8851-42B8-8FC5-FFA4616EEB6C} => C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
Task: {2BF51521-7725-4BD8-8C9B-B9C747051286} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\wscstub.exe [2013-02-02] (Symantec Corporation)
Task: {31DA3142-7220-4B8A-8D94-002B5E3B0F72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-13] (Google Inc.)
Task: {3ED110B7-A6D5-4FC4-8E54-D8F245695D31} - System32\Tasks\{B0E79058-8BFA-45A4-9F00-C8E4F0902203} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.115/de/abandoninstall?page=tsProgressBar
Task: {50AFE9CE-8745-42E9-BC94-7065ABEE06FD} - System32\Tasks\Plus-HD-2.2-enabler => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-enabler.exe
Task: {5F940EFC-4A25-463B-AB9A-A9334AF45561} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe [2012-02-04] (Symantec Corporation)
Task: {64C40CC1-49C9-4B84-88E0-7E5FD54D8321} - System32\Tasks\{DCEBE916-EF92-4C6E-85FF-9FA6654A17E6} => C:\Program Files\Skype\Phone\Skype.exe [2013-10-02] (Skype Technologies S.A.)
Task: {6850CB10-1415-405E-9731-A69CE1CFBBFF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1840268806-3441741845-855969553-1001
Task: {714843C2-2D49-4F5A-82E7-DAA193C9951E} - System32\Tasks\Plus-HD-2.2-codedownloader => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe
Task: {76C10DB3-9D43-4B0E-9F64-BCA25C18ECA8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {81A040FA-D732-497B-BC3F-FA2FB263F911} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-13] (Google Inc.)
Task: {89FFD982-F74F-483D-B01B-B32D9A04AF33} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft)
Task: {993003F3-12FB-4797-A8E6-B9A31A83CD98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-16] (Adobe Systems Incorporated)
Task: {9947C8EC-29F4-41C8-8949-58A9C8D817B3} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {A094B809-8B51-41CD-B3E7-065E5166499E} - System32\Tasks\Plus-HD-2.2-firefoxinstaller => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe
Task: {AC489E08-AA60-4807-8B82-18BCA8D7BB4B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe [2012-02-04] (Symantec Corporation)
Task: {B3B212FB-14D2-470D-B89E-EB5927545F71} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {B511FFD3-FFD9-44C6-A737-DE7233E6476B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {C8A76EFB-4AFC-4E10-A6B6-BDA1EC9E0975} - System32\Tasks\Plus-HD-2.2-updater => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-updater.exe
Task: {C9D15896-A749-48EB-9D8F-66D1804C287E} - System32\Tasks\Plus-HD-2.2-chromeinstaller => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-enabler.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-updater.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-updater.exe

==================== Loaded Modules (whitelisted) =============

2011-03-01 23:14 - 2011-03-01 23:14 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-03-01 23:14 - 2011-03-01 23:14 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-10-25 19:57 - 2013-10-25 19:57 - 01931264 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\dda7fe74dac6ecd178928032a7737f47\Kies.UI.ni.dll
2013-09-22 00:38 - 2013-09-22 00:38 - 00079360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\e3ed6d800bc802eb464df3d6edbe262d\Kies.MVVM.ni.dll
2013-09-22 00:39 - 2013-09-22 00:39 - 00080896 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ZipStore\1dd23f0d663e85fd7471859147b682e7\ZipStore.ni.dll
2013-09-22 00:38 - 2013-09-22 00:38 - 00189952 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\897b793626102d13fe581f59a1009f0e\Kies.Common.DeviceServiceLib.Interface.ni.dll
2013-10-25 20:00 - 2013-10-25 20:00 - 00367104 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\864ed58a5d0dad29d91694a47148b417\DevicePhoto.ni.dll
2013-10-25 20:00 - 2013-10-25 20:00 - 00301568 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\184c708c2aff187c0282217ed5d6aff9\DeviceVideo.ni.dll
2013-10-25 20:00 - 2013-10-25 20:00 - 00616448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\6be1468e9e409a8704c5c5e895eea29e\DevicePodcast.ni.dll
2013-09-22 00:43 - 2013-09-22 00:43 - 00307200 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\6577f6dfb5a450d0bbe907f4ac5c7ca6\DummyStorePlugin.ni.dll
2013-09-22 00:43 - 2013-09-22 00:43 - 14972928 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\fbaadafecb211c0faea42e24cb927249\Kies.Theme.ni.dll
2013-10-25 19:59 - 2013-10-25 19:59 - 00581632 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0479897f82c81e0c5c2f23951882c07e\Kies.Common.DeviceServiceLib.FileService.ni.dll
2013-09-22 00:39 - 2013-09-22 00:39 - 00046592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\edc38c2279bb5fcb9741cd2fdf10e20a\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2013-10-25 19:59 - 2013-10-25 19:59 - 01002496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\2f8e060dcb222f52e78034fb0185c26f\DeviceCommonLib.ni.dll
2013-09-22 00:42 - 2013-09-22 00:42 - 00232960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\c5efe841e2998c266e0f5e29bed04b55\ASF_cSharpAPI.ni.dll
2013-10-02 06:48 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2013-10-01 14:28 - 2013-10-01 14:29 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-16 17:20 - 2013-10-16 17:20 - 16233864 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2013 04:35:12 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/06/2013 01:21:06 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (11/05/2013 07:19:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd29f
Name des fehlerhaften Moduls: xul.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fd1a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001b72a8
ID des fehlerhaften Prozesses: 0x37c8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (11/05/2013 07:00:01 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (11/04/2013 09:55:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd228
Name des fehlerhaften Moduls: mozalloc.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fa829
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000119c
ID des fehlerhaften Prozesses: 0x77c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/04/2013 03:50:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd228
Name des fehlerhaften Moduls: mozalloc.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fa829
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000119c
ID des fehlerhaften Prozesses: 0x984
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/04/2013 09:56:46 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (11/03/2013 03:57:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd228
Name des fehlerhaften Moduls: mozalloc.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fa829
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000119c
ID des fehlerhaften Prozesses: 0x2720
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/03/2013 00:21:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd228
Name des fehlerhaften Moduls: mozalloc.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fa829
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000119c
ID des fehlerhaften Prozesses: 0xbb4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/03/2013 00:19:48 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (11/06/2013 03:50:29 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/06/2013 03:50:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/06/2013 03:50:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/06/2013 03:49:33 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/06/2013 03:47:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Dienst "Bonjour"" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/06/2013 01:08:58 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/06/2013 01:08:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/06/2013 01:08:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/06/2013 01:07:41 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/06/2013 01:06:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Dienst "Bonjour"" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (10/06/2012 02:16:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1220 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 68%
Total physical RAM: 2047.3 MB
Available physical RAM: 654.74 MB
Total Pagefile: 4094.59 MB
Available Pagefile: 2594.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:142.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (alte_ext_HDD) (Fixed) (Total:465.76 GB) (Free:210.08 GB) NTFS
Drive g: (Lexar) (Removable) (Total:29.21 GB) (Free:16.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1F9154FC)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D743D743)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 29 GB) (Disk ID: D6424B65)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0B)

==================== End Of Log ============================

--- --- ---

M-K-D-B · 06.11.2013, 16:50

Servus,

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von MBAM.

cocobrack · 06.11.2013, 17:02

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.011 - Bericht erstellt am 06/11/2013 um 16:56:13
# Updated 03/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Cornelius Brack - CORNELIUSBRACK
# Gestartet von : C:\Users\Cornelius Brack\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Uniblue\DriverScanner
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files\IminentToolbar
Ordner Gelöscht : C:\Program Files\myfree codec
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\LocalLow\searchresultstb
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\ConduitCommon
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\ICQToolbarData
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Smartbar
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\SweetIMToolbarData
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\CT2269050
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Ordner Gelöscht : C:\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb
Datei Gelöscht : C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\dvdvideosofttb-customized-web-search.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-10.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-4.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-5.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-6.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-7.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-8.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-9.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\iminent.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\user.js
Datei Gelöscht : C:\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-2.2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\iLividSRTB
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\prefs.js ]

Zeile gelöscht : user_pref("CT2269050..clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2269050./9b+7e+x305.from_oldbar.enc", "JH4nQTM0NjN5RTo9KnIseXp+ejEoMztHSVNGLVhNUD0mPy0uMTVEO0ZOT1tWXmlbQm1iZVI7VEJDRklZUFtjfXN7blUhdXhlTmdVVllbbGNudnwmKzB7aTUqLXlie2lqbW4hdyMrNzt0NHxIPSBF[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e,x305.from_oldbar.enc", "JH4oQS8/Pjd5RTo9KnIseXt4fTEoMzxHSEAsV0xPPCU+LC4rL0M6RU5ZUFtXZ2pmQm1iRV5pVD1WREZDRltSXWZxbCFua1h9c2dQaVdZVlhuZXB5MycyfWo2Ky56Y3xqbGlqIngkLUY6PkVGSUxA[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e-x305.from_oldbar.enc", "JH4pMnZBNjk3MzVFOX4/STsvdzF+ICUgNi04QkdKWFFaXFhdUF9ZOWRZXEkySzk6PzlQR1JcQXNoa2llZ3t5b217blUhdXhZJnZoUWpYWV5Xb2ZxezAkMiQ4J205LjFxPi8haSNwcXV4KH4qNDk8[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e/x305.from_oldbar.enc", "JH4rQTU2MnhEOTwpcSt4fHt3MCcyPkxDQ1NOLVhbPCU+LDAuNEM6RVFYYmleZ1pBbGFkUTpTQUVDSFhPWmZte3xxdHJucCF0dFsne35rVG1bX11hcml0IS8nJiY7MXE6KD46QjY+QTR7QDxIeyBN[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e06cg5el8:.from_oldbar.enc", "bm1qa210dG92cA==");
Zeile gelöscht : user_pref("CT2269050./9b+7e06cg5el;8i:k.from_oldbar.enc", "JH4tLyJqdHNwcXN6enV8diQvS0lHT0I1fV1cPQ==");
Zeile gelöscht : user_pref("CT2269050./9b+7e0x305.from_oldbar.enc", "JH4sQDpAd0M4OyhwKnd8dX0vJjE+QSlVR0hNUVpOWlkyXVJVQitEMjcwN0lAS1heaF5wbm5mdGJuaWtNeG1wXUZfTVJLUWRbZnMje3csKiovJWQwJSh0XXZkaWJne3J9KzZ0OjYyPUBANXxIPUAt[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e1x305.from_oldbar.enc", "JH4tQTE9QDJ5RTo9KnIsend5fjEoM0FHPkVHRUgvWk9SPyhBMC0vM0Y9SFZiZWhca2dfbXBgSHNoa1hBWklGSEtfVmFvfCF9dHR6eCdfKyAjb1hxYF1fYXZteCc3OjYwMio9QXZCNzonbyl3dHZ3[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e2x305.from_oldbar.enc", "JH4uNUIxPT05OntHPD8sdC55IH0yKTRDVlVORy5ZTlEyXk9BKkM1NzIxSD9KWWVfX2JsW3FzaXVpdXRNeG1wUX5rYEliUlBUUWdeaXgoLXx8Yy8kJ3NcdWRmZmh6cXwsO0AwQDx0eDQ9MHxIPUAt[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e4x305.from_oldbar.enc", "JH4wLEB2Qjc6J28pd3t0di4lMEE+T0lKUitVVTojPCsvKClBOENUUV5dVmFfVmhcQm1iZVI7VENGSUpZUFtsaXp+IXAjcHZZJXl8XSp6bFVuXWBjY3NqdSckMTgxNzI2KHM/NDd3RTInbyl3en18[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e5x305.from_oldbar.enc", "JH4xNkIrd0M4OyhwKnl1encvJjFDSz1JVkpQWS5ZTjFKVUApQjIuMy9HPklbXVlaal5YcHJiZ0l0aWxZQltLR0tRYFdidHwkc3N3JiAkICpiLiMmclt0ZGBkaXlwey42PS4uNDR3Qzh6ND8qcix7[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e6x305.from_oldbar.enc", "JH4yLD4yMjI4RT58SD1ALXUvfnskJDQrNklTVFJZWFpaUFJONmFWWUYvSDg1PTxNRE9ibG1rcnFqd2FNeG1wXUZfT0xUUWRbZnl7Jnh4KX4vKS0yMGczKCt3YHlpZm5qfnUhNDZAQ0Y8PXxIPUAt[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e7x305.from_oldbar.enc", "JH4zPSw/Pj95RTo9KnIse3p5ejEoM0dRP0RVWUJMWjFcUVRBKkMzMjA3SD9KXmhWW1lwYG5sZmFkc0x3bG9cRV5OTUtRY1pleSR6KSN4emEtIiVxWnNjYmBleG96Ly8rODg0PEIwMjQ5QzY0SztJ[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e8x305.from_oldbar.enc", "JH40PT87NTc7PzZ8R0csdC5+eCMyKTRJVlVARy5ZTlE+J0AwMjUzRTxHXFVYY2plbmJebGFrcGhzS3ZrbltEXU1PUk9iWWR5J3ZyKnkoYCwhJHBZcmJkZ2J3bnkvNCs8MXM/NHYwOyZuKHd5fHYt[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e9x305.from_oldbar.enc", "JH41Myw/MnhEOTwpcSt7dXl5MCcySExPT0RQTEdUWFxQSDRfVFdELUY3MTU0S0JNY2tdX19zaWtKdWptWkNcTUdLSWFYY3kib3QlKCR5YCwhJHBZcmNdYGh3bnkwOjorKi50QDU4JW0nd3F0eywj[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e:x305.from_oldbar.enc", "JH42Mzs4MnhEOTwpcSt7dnl6MCcySUhVRUQsV0xPPCU+LyotLUM6RVxnVVteP2pfYk84UUI9QD9WTVhvemh4bHFxVCB0d2RNZldSVVNrYm0lfi16ZjInKnZfeGlkZm59dCA3QjIyMkZENXxHRyx0[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e;x305.from_oldbar.enc", "JH43PzM/NzhCL3tHPD8sdC5+enoiMyo1TUYsV0xPPCU+LysrMUM6RV1jVldcXFpBbGFkUTpTREBARVhPWnJzcXp4bSJWInZ5Zk9oWVVVWW1kbygkLCcqMiEwJ205LjF9ZiBwbGxuJXsnPzpIfklJ[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e<x305.from_oldbar.enc", "JH44NDAwRC9GNkQ3fUk+QS52MCF9JCY1LDdQTEdXUUtPRzRfVFdELUY3NDo6S0JNZl5wW2RlcWNKdWptWkNcTUpQT2FYY3xxeSB1JiFfKyAjb1hxYl9lYnZteDIuMCUsODIydUE2OSZuKHh1e3ct[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e=x305.from_oldbar.enc", "JH45MzY/QUE3OTV8SD1ALXUvIH4gIjQrNlBUWVdMVU9RWzRfVFdELUY3Njc4S0JNZ2twbmBvYWZrY2ZNeG1wXUZfUE9QUGRbZiElfHlzemEtIiVxWnNkY2RjeG96NT0yM0A/Oz8zeEQ5PClxK3t6[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e>x305.from_oldbar.enc", "JH46QTY/MjI4OHtHPD8sdC5+ICF8Myo1UE9TRkgvWk9SPyhBMjM0L0Y9SGNcXWZiakNuY2ZTPFVGR0hCWlFcd3B3cyAjcSFZJXl8aVJrXF1dYXBnci4hLiQ4KDg3Lyo6LnM/NDckbCZ2d3d6KyIt[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e?x305.from_oldbar.enc", "JH47LS8vM0E0QDo6fUlMLXUvICMgfjQrNlJQTFJJVVJWUlw1YFVYRS5HODs4NkxDTmpwb19lY11zb2d1eGhMZXBrVCB0d2RNZldaV1RrYm0qIisvJS5oNCkseGF6a25rZyB2Ij5EQkEzNkE8PiBL[...]
Zeile gelöscht : user_pref("CT2269050./9b+7e@x305.from_oldbar.enc", "JH48QEIrd0M4OyhwKnt2fngvJjFOUlQ9KlVKLUZRPCU+MCszLEM6RWJnVlFiWWVfX0NuY0ZfalU+V0lETERcU157IXR8eCF0WiZ6fWpTbF5ZYGJxaHMxNCkmJm05LjF9ZiBxbHN0JXsnRDY5PT9F[...]
Zeile gelöscht : user_pref("CT2269050./9b+7eax305.from_oldbar.enc", "JH49PTc4d0M4OyhwKnt6dX4vJjFPS1JLREVJS0lIVFBYWVJTX1E4Y1hbSDFKPDs2PU9GUW9rbm1jd21odmZQe3BzYEliVFNOVGdeaSgsdCsrMCZlMSYpdV53aWhjaHxzfj0wLj0yMjg2RHxIPUAt[...]
Zeile gelöscht : user_pref("CT2269050./9b+7ebe3g=;d9n9=d.from_oldbar.enc", "NywtMml1di46PHs6OUNKSUhBQ0smUUZJKWVQRlZJZXFzTTNLVw==");
Zeile gelöscht : user_pref("CT2269050./9b+7ecx305.from_oldbar.enc", "JH4/PTAwQzEuekY7PitzLXsgfjEoM1NRVlVRV1pPWExeM15TVkMsRTQ4NklAS2tZVmxoa0ZxZmlWP1hHS0hcU15+bGlWInZ5Zk9oV1tXbGNuLzEhJjAjNio1LCw6MTlxPTI1ImokcnZxKH4qSkE/[...]
Zeile gelöscht : user_pref("CT2269050./9b+7edx305.from_oldbar.enc", "JH5ANUIqNjh5RTo9KnIsfSAvJjFSR1Q8SEosV0wvSFM+J0AyM0M6RWZbaFBcXkBrbk84UUNDVEtWd2x5YW1vUXxxVHhzY0xlV1ZoX2osIS51IiRlLiN0XXZoZnlwez06LjIyNDExRTtDe0c8Pyx0[...]
Zeile gelöscht : user_pref("CT2269050./9b+7etx305.from_oldbar.enc", "JH5uLy47MjNCNXtEOStzLXp7e3wyKTQjUkxUV0dKTlBWXUphUV9dV1JVZD1oXWBNNk89Pj49VEtWRUhqc21pb1J9cnViS2RSU1NRaWBrWnt7dyYueWczKCt3YHlnaGdvfnUhcm01Pjg0OnxIPUAt[...]
Zeile gelöscht : user_pref("CT2269050./9b-0?3g>d.from_oldbar.enc", "bGk7cj5Cc0B6cHh4dSB1TXtNJXtOfiEqISBVKSRXWClZXlwx");
Zeile gelöscht : user_pref("CT2269050./9b-0?3g@6:5;.from_oldbar.enc", "AA==");
Zeile gelöscht : user_pref("CT2269050./9b-0?3gfa7ef.from_oldbar.enc", "Ky4sPQ==");
Zeile gelöscht : user_pref("CT2269050./9b-3=3eccja=f>.from_oldbar.enc", "JH4zPSxFL0E1J28pKiEsOT1EMHgyMyo1REhYTDojLjM+WGBPZFZgT2hSZFhYY15gTjdrcWdhcFk=");
Zeile gelöscht : user_pref("CT2269050./9b/>01=9a6k6<im;krie@pdawm.from_oldbar.enc", "amlrcnN0dXY=");
Zeile gelöscht : user_pref("CT2269050./9b3=>@44i48?.from_oldbar.enc", "NywtMml1djNCNjNBSEcgPj1HTk1MRUdPKlVKTS1YWFheS1VONmNSVk8=");
Zeile gelöscht : user_pref("CT2269050./9b5ba==9cjag.from_oldbar.enc", "az9xa3FycER6RnZxdHNHTCB5IE1+");
Zeile gelöscht : user_pref("CT2269050./9b6b11g4c56b>f;p;anr@p.from_oldbar.enc", "bm1qa210dG90eHN4cw==");
Zeile gelöscht : user_pref("CT2269050./9b9643g3/9e.from_oldbar.enc", "ag==");
Zeile gelöscht : user_pref("CT2269050./9b;45>:bi9i7ie.from_oldbar.enc", "Ky4sPQ==");
Zeile gelöscht : user_pref("CT2269050./9b<:222h64<.from_oldbar.enc", "OT81Lz4=");
Zeile gelöscht : user_pref("CT2269050./9b=+03eh8h8j?:.from_oldbar.enc", "REM=");
Zeile gelöscht : user_pref("CT2269050./9b?+e2a52d8.from_oldbar.enc", "NywtMml1di46PHs6OUNKSUhBQ0smUUZJKWVQRlZkcHJ5UVVeXlI=");
Zeile gelöscht : user_pref("CT2269050./9b?b0d:8aj62<h.from_oldbar.enc", "bQ==");
Zeile gelöscht : user_pref("CT2269050./9ba@0<0bi6a7gn:6@l?.from_oldbar.enc", "bA==");
Zeile gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2269050.AppTrackingLastCheckTime", "Sun Oct 23 2011 22:31:38 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_130100683276316706", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true);
Zeile gelöscht : user_pref("CT2269050.CT2269050.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2269050&octid=CT2269050&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_[...]
Zeile gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Zeile gelöscht : user_pref("CT2269050.ConfigurationLastCheckTime", "Tue Nov 05 2013 15:40:11 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.CurrentServerDate", "5-11-2013");
Zeile gelöscht : user_pref("CT2269050.DSChangedManually", false);
Zeile gelöscht : user_pref("CT2269050.DSInstall", true);
Zeile gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Wed Oct 30 2013 15:18:26 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Mon Oct 03 2011 12:36:06 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2269050.FirstServerDate", "3-10-2011");
Zeile gelöscht : user_pref("CT2269050.FirstTime", true);
Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2269050.HPInstall", false);
Zeile gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2269050.HomePageProtectorEnabled", true);
Zeile gelöscht : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("CT2269050.Initialize", true);
Zeile gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT2269050.InstalledDate", "Mon Oct 03 2011 12:25:50 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2269050.IsAlertDBUpdated", true);
Zeile gelöscht : user_pref("CT2269050.IsGrouping", false);
Zeile gelöscht : user_pref("CT2269050.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Zeile gelöscht : user_pref("CT2269050.IsProtectorsInit", true);
Zeile gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Tue Nov 05 2013 15:40:11 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Sun Nov 25 2012 14:28:37 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.16.0.3", "Sun Mar 17 2013 16:52:39 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.18.0.7", "Sun Aug 04 2013 09:18:51 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.19.0.3", "Tue Sep 10 2013 17:14:33 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.20.0.4", "Tue Nov 05 2013 15:40:11 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.7.0.6", "Wed Oct 26 2011 22:45:26 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LatestVersion", "3.20.0.4");
Zeile gelöscht : user_pref("CT2269050.Locale", "en");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipShow", false);
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2269050.OriginalFirstVersion", "3.7.0.6");
Zeile gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Mon Oct 03 2011 12:25:59 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Zeile gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Zeile gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Zeile gelöscht : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Zeile gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Zeile gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://search.babylon.com/?babsrc=HP_ss&affID=101241&mntrId=78f85ae5000000000000001d7e050599");
Zeile gelöscht : user_pref("CT2269050.SearchAPILastCheckTime", "Tue Nov 05 2013 15:40:11 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SearchBoxWidth", 100);
Zeile gelöscht : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("CT2269050.SearchEngineBeforeUnload", "Google");
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Tue Sep 10 2013 17:14:28 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT2269050&octid=CT2269050&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabUserEnabled", false);
Zeile gelöscht : user_pref("CT2269050.SearchProtectorEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Zeile gelöscht : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Zeile gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Tue Nov 05 2013 15:40:11 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Tue Nov 05 2013 15:40:08 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1383641781");
Zeile gelöscht : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Oct 24 2011 22:32:49 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Zeile gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gelöscht : user_pref("CT2269050.UserID", "UN70623224704791195");
Zeile gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Zeile gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2269050.WeatherPollDate", "Mon Oct 03 2011 12:26:02 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2269050._9b_7e.:2z527.from_oldbar.enc", "JH5wcWtxdzw3J28peXV0dXcvJjEjIyNPSEtMVS5TST0mPzArMDUvRTxHOTg8PWRgXFtfcWVxcEl0aWxNemdcRV5PSk9OTWRbZlhWVFpfJXpuV3BhXGJkZ3ZteGo7Lzpucj5BImokdG91d3cqIS[...]
Zeile gelöscht : user_pref("CT2269050._9b_7e.x305.from_oldbar.enc", "JH4qQTc3RDQzekY7PitzLXp9fCEyKTQ/VkZUUkxHSllaSFFQXlFSOWRZXEkySzk8Oz5QR1JdbGprb3htaFBqb3FxdCJWInZ5Zk9oVllYWm1kb3p7Mn1oNCkseGF6aGtqayB2Ii1AOjNGQD5HfklJ[...]
Zeile gelöscht : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Zeile gelöscht : user_pref("CT2269050.approveUntrustedApps", false);
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7B6E552175785926766[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E70716B71773C37276F2979757475772F26312323234F484B4C552E53493D263F302B30352F453C4739383C3D64605C5B5F716571704974696C4D7A675C455E4F4A4F4E4D645B665[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6A6B6D74746F7670");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737071737A7A757C76242F4B49474F42357D5D5C3D");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A504F6158637C7179207[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707360496254534E54675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "6C693B723E4273407A7078787520754D7B4D257B4E7E212A2120552924575829595E5C31");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6B3F716B717270447A4676717473474C2079204D7E");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6A6B6D74746F7478737873");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appsdefaultenabled", "66616C7365");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_couponbuddy", "6F6666");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_easytobook", "6F6666");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6666");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_pricegong", "6F6666");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_windowshopper", "6F6666");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstatereporttime", "31333737363031353934343133");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_calledsetupservice", "31");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A2245617379746F626F6F6B5F7461726765746564222C22637269746572696173223A5B7B22637269746572696149[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_currentversion", "312E31302E322E35");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_eventscache", "7B2239666139623031382D653832312D346532352D386662302D316431633533373634326664223A7B22746F706963223A2273656E645573616765222C2264617461223A7B2263[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_existingusersrecoverydone", "31");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_first_time", "31");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_gadgetopen", "30");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_lastlogintime", "31333737363031353932333035");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E742D52696368746C696E6965227D2C226761646765744465736372697074696F6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_new_welcome_experience", "31");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_settings1.10.2.5", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2234365F30222C22697354657374223[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_showwelcomegadget", "74727565");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_user_approval_interacted", "30");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_userid", "35376562636433392D633235612D343639662D386662302D366439626130373633396638");
Zeile gelöscht : user_pref("CT2269050.backendstorage.mam_gk_welcomedialogmode", "30");
Zeile gelöscht : user_pref("CT2269050.backendstorage.pg_enable", "74727565");
Zeile gelöscht : user_pref("CT2269050.backendstorage.sf_just_installed", "46414C5345");
Zeile gelöscht : user_pref("CT2269050.backendstorage.sf_status", "454E41424C4544");
Zeile gelöscht : user_pref("CT2269050.browser.search.defaultthis.engineName", true);
Zeile gelöscht : user_pref("CT2269050.components.1000034", false);
Zeile gelöscht : user_pref("CT2269050.components.1000082", false);
Zeile gelöscht : user_pref("CT2269050.components.1000234", false);
Zeile gelöscht : user_pref("CT2269050.components.129023235807856892", false);
Zeile gelöscht : user_pref("CT2269050.components.129121052374999726", false);
Zeile gelöscht : user_pref("CT2269050.components.129351672002618989", false);
Zeile gelöscht : user_pref("CT2269050.components.129351776130744254", false);
Zeile gelöscht : user_pref("CT2269050.components.129391330693125668", false);
Zeile gelöscht : user_pref("CT2269050.components.129466585396013141", false);
Zeile gelöscht : user_pref("CT2269050.components.129466585399606892", false);
Zeile gelöscht : user_pref("CT2269050.components.129575150554007677", false);
Zeile gelöscht : user_pref("CT2269050.countryCode", "DE");
Zeile gelöscht : user_pref("CT2269050.firstTimeDialogOpened", true);
Zeile gelöscht : user_pref("CT2269050.fixPageNotFoundErrorByUser", "TRUE");
Zeile gelöscht : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT2269050.fullUserID", "UN70623224704791195.UP.202405191115");
Zeile gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Wed Oct 26 2011 22:45:26 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2269050.homepageuserchanged", true);
Zeile gelöscht : user_pref("CT2269050.initDone", true);
Zeile gelöscht : user_pref("CT2269050.installType", "DirectDownload");
Zeile gelöscht : user_pref("CT2269050.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2269050.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":true}");
Zeile gelöscht : user_pref("CT2269050.isFirstRadioInstallation", false);
Zeile gelöscht : user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
Zeile gelöscht : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Zeile gelöscht : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2269050.keyword", true);
Zeile gelöscht : user_pref("CT2269050.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2269050&octid=CT2269050&SearchSource=15&CUI=UN70623224704791195&SSPV=&Lay=1&UM=\"}");
Zeile gelöscht : user_pref("CT2269050.lastVersion", "10.20.101.5");
Zeile gelöscht : user_pref("CT2269050.mam_gk_appsdata.from_oldbar.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwi[...]
Zeile gelöscht : user_pref("CT2269050.mam_gk_appsdefaultenabled.from_oldbar.enc", "ZmFsc2U=");
Zeile gelöscht : user_pref("CT2269050.mam_gk_appstate_couponbuddy.from_oldbar.enc", "b2Zm");
Zeile gelöscht : user_pref("CT2269050.mam_gk_appstate_easytobook.from_oldbar.enc", "b2Zm");
Zeile gelöscht : user_pref("CT2269050.mam_gk_appstate_easytobook_targeted.from_oldbar.enc", "b2Zm");
Zeile gelöscht : user_pref("CT2269050.mam_gk_appstate_pricegong.from_oldbar.enc", "b2Zm");
Zeile gelöscht : user_pref("CT2269050.mam_gk_appstate_windowshopper.from_oldbar.enc", "b2Zm");
Zeile gelöscht : user_pref("CT2269050.mam_gk_appstatereporttime.from_oldbar.enc", "MTM3NzYwMTU5NDQxMw==");
Zeile gelöscht : user_pref("CT2269050.mam_gk_calledsetupservice.from_oldbar.enc", "MQ==");
Zeile gelöscht : user_pref("CT2269050.mam_gk_configuration.from_oldbar.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI1ZDJlZjcwZi00MjE4LTQ4M2ItOGFlYi0zZDJlZTg[...]
Zeile gelöscht : user_pref("CT2269050.mam_gk_currentversion.from_oldbar.enc", "MS4xMC4yLjU=");
Zeile gelöscht : user_pref("CT2269050.mam_gk_eventscache.from_oldbar.enc", "eyI5ZmE5YjAxOC1lODIxLTRlMjUtOGZiMC0xZDFjNTM3NjQyZmQiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXciL[...]
Zeile gelöscht : user_pref("CT2269050.mam_gk_existingusersrecoverydone.from_oldbar.enc", "MQ==");
Zeile gelöscht : user_pref("CT2269050.mam_gk_first_time.from_oldbar.enc", "MQ==");
Zeile gelöscht : user_pref("CT2269050.mam_gk_gadgetopen.from_oldbar.enc", "MA==");
Zeile gelöscht : user_pref("CT2269050.mam_gk_lastlogintime.from_oldbar.enc", "MTM3NzYwMTU5MjMwNQ==");
Zeile gelöscht : user_pref("CT2269050.mam_gk_localization.from_oldbar.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50LVJpY2h0bGluaWUifSwiZ2FkZ2V0RGVzY3JpcHRpb25QcmltYXJ5Ijp7IlRleHQiOiJWYWx1ZSBBcHBzIGJlcmVp[...]
Zeile gelöscht : user_pref("CT2269050.mam_gk_new_welcome_experience.from_oldbar.enc", "MQ==");
Zeile gelöscht : user_pref("CT2269050.mam_gk_showwelcomegadget.from_oldbar.enc", "dHJ1ZQ==");
Zeile gelöscht : user_pref("CT2269050.mam_gk_user_approval_interacted.from_oldbar.enc", "MA==");
Zeile gelöscht : user_pref("CT2269050.mam_gk_userid.from_oldbar.enc", "NTdlYmNkMzktYzI1YS00NjlmLThmYjAtNmQ5YmEwNzYzOWY4");
Zeile gelöscht : user_pref("CT2269050.mam_gk_welcomedialogmode.from_oldbar.enc", "MA==");
Zeile gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.google.de%2F\",\"EB_MAIN_FRAME_TITLE\":\"Google\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://DV[...]
Zeile gelöscht : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129391330693125668,129466585399606892,129466585396013141,129121052374999726,129023235807856892,1000082,129351672002618989,[...]
Zeile gelöscht : user_pref("CT2269050.originalHomepage", "hxxp://search.babylon.com/?babsrc=HP_ss&affID=101241&mntrId=78f85ae5000000000000001d7e050599");
Zeile gelöscht : user_pref("CT2269050.originalSearchAddressUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=78f85ae5000000000000001d7e050599&tlver=1.4.35.10&affID=101241");
Zeile gelöscht : user_pref("CT2269050.originalSearchEngine", "Search the web (Babylon)");
Zeile gelöscht : user_pref("CT2269050.pg_enable.from_oldbar.enc", "dHJ1ZQ==");
Zeile gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2269050.searchFromAddressBarEnabledByUser", "true");
Zeile gelöscht : user_pref("CT2269050.searchInNewTabEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2269050.searchSuggestEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2269050\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTB.OurToolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB \"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_Configuration_lastUpdate", "1383675093432");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_login_10.20.101.5_lastUpdate", "1383739897002");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1383675093506");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1383675090907");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1383749459313");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1383675103455");
Zeile gelöscht : user_pref("CT2269050.settingsINI", true);
Zeile gelöscht : user_pref("CT2269050.sf_just_installed.from_oldbar.enc", "RkFMU0U=");
Zeile gelöscht : user_pref("CT2269050.sf_status.from_oldbar.enc", "RU5BQkxFRA==");
Zeile gelöscht : user_pref("CT2269050.showToolbarPermission", "false");
Zeile gelöscht : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Zeile gelöscht : user_pref("CT2269050.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT2269050.smartbar.homepage", true);
Zeile gelöscht : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Zeile gelöscht : user_pref("CT2269050.testingCtid", "");
Zeile gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Tue Nov 05 2013 15:40:11 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.toolbarBornServerTime", "3-10-2011");
Zeile gelöscht : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Mon Oct 17 2011 22:46:17 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.toolbarCurrentServerTime", "6-11-2013");
Zeile gelöscht : user_pref("CT2269050.toolbarLoginClientTime", "Tue Nov 05 2013 19:11:43 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.upgradeFromOBVersion", true);
Zeile gelöscht : user_pref("CT2269050.usagesFlag", 2);
Zeile gelöscht : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1383751582220,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"868f351132a86f100774a1debb1a80fe3\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DEFAULT", "\"1-203830-55425600\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1365594729\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"2a1a0d7b586ce1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"97e416bb586ce1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"9f8d2729abc2ce1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"80ee9485875dcc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=CT2269050", "\"1314606801\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"87dee330d341f8b9c21bd08c52f69444\"");
Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Cornelius Brack\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\r4i8zxdo.default\\conduitCommon\\modules\\3.7.0.6");
Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_fed23a6f", "356x332");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=78f85ae5000000000000001d7e050599&tlver=1.4.35.10&affID=101241");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "4aa93e4e-80cd-40c1-af27-4baf618689dd");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Oct 24 2011 22:46:21 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Oct 26 2011 22:46:54 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Oct 26 2011 22:46:46 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "56b1272d-5d2c-4832-b974-c989bc919747");
Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/?babsrc=HP_ss&affID=101241&mntrId=78f85ae5000000000000001d7e050599");
Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Search the web (Babylon)");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?CUI=UN70623224704791195&ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?CUI=UN70623224704791195&ctid=CT2269050&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=78f85ae5000000000000001d7e050599&tlver=1.4.35.10&affID=101241");
Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=101241");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.hmpg", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "78f85ae5000000000000001d7e050599");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15249");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=78f85ae5000000000000001d7e050599&tlver=1.4.35.10&affID=101241");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 6);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1014:50:15");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "24.0");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 122311583);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1014:50:15");
Zeile gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/2a71b3b28494cf1854d333288ccc18ba_DE.value", "%22var%20cat_2a71b3b28494cf1854d3332[...]
Zeile gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/3518e1eac042730aa1274618984462b3_DE.value", "%22var%20cat_3518e1eac042730aa127461[...]
Zeile gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]
Zeile gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/d5baae4ef839769f8eb7e9f9d82d8a40_DE.value", "%22var%20cat_d5baae4ef839769f8eb7e9f[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1411760d138e22458e422e3d914029d8");
Zeile gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr%40babylon.com:1.1.9,%7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.9.20130409112616,%7B800b5000-a755-47e1-992b-48a1c1357f07%7D:1.5.3,toolbar%40web.de:2.7[...]
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", true);
Zeile gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1383749455);
Zeile gelöscht : user_pref("icqtoolbar.history", "hxxp%3A%2F%2Fhilfe.tvbrowser.org%2F||hxxp%3A%2F%2Fhilfe.tvbrowser.org%2Fv||ski%20simulator%202012%20karte||ronhill%20video||fotostudio%20neum%C3%BCnster||ronhill13%20v[...]
Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1358012080");
Zeile gelöscht : user_pref("icqtoolbar.installsource", "1");
Zeile gelöscht : user_pref("icqtoolbar.itbsitescount", 0);
Zeile gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "24.0");
Zeile gelöscht : user_pref("icqtoolbar.showPc", false);
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "192320126517663280581279344479107");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1383749459);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.5.3");
Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN70623224704791195&UM=&q=");
Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT2269050");
Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13,hxxp://search.conduit.com/?CUI=UN70623224704791195&ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CU[...]
Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT2269050");
Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT2269050");
Zeile gelöscht : user_pref("smartbar.machineId", "C7CMJDLO/M3ZRMJKMHRXIUEUQS30LLRKAFFUCH3BX+PZ+08ZH9TTTF8KWHDYQTRMKQSKHZWB+HQRFHQSVCSS3G");
Zeile gelöscht : user_pref("sweetim.toolbar.cargo", "2.1002");
Zeile gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "ICQ Search");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://de.search.yahoo.com/search?fr=ffsp1&p=");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "ICQ Search");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://de.yahoo.com");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://www.google.de");
Zeile gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Zeile gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.simapp_id", "{C60347A0-EA96-4DCE-AE22-C792DF2A3BFA}");
Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=2.1002");
Zeile gelöscht : user_pref("sweetim.toolbar.version", "1.2.0.2");

-\\ Google Chrome v30.0.1599.101

[ Datei : C:\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : suggest_url
Gelöscht : keyword
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [70076 octets] - [06/11/2013 16:55:07]
AdwCleaner[S0].txt - [69933 octets] - [06/11/2013 16:56:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [69994 octets] ##########

--- --- ---

M-K-D-B · 06.11.2013, 17:06

Servus,

ok, fehlen nur noch JRT und MBAM.

cocobrack · 06.11.2013, 17:23

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by Cornelius Brack on 06.11.2013 at 17:18:02,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840268806-3441741845-855969553-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A81687A2-3ED7-4C36-8F7C-11BDB92560B3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F1B50D84-7D86-4AA3-B49F-FD2D0C3C63F2}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Cornelius Brack\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{00D0DA83-C0A8-4A8D-8254-A92DD70BEF07}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{02EAB2C1-FD26-470B-A228-5884BC1D464A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{03232679-A5CB-48F6-A01F-F988081A339F}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{033DDEAA-9627-447E-B1E7-FD4E48EEEEA8}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{05EC2661-AD15-4896-A6AD-B867BBED8FBE}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{0659A02D-63E0-46C0-A044-3761B79818AA}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{07159707-059E-4E1A-A336-362AA8BA5925}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{076E1FCE-C4CC-4900-AD59-A92FB5B6FF5B}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{08F861CC-BD7A-4946-80E6-99ADFFF0EE1A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{0946AF99-0154-4BBE-AA53-F9BED2070BAD}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{0A9CA477-E112-449E-8E64-EBC988202CCD}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{0C7381E9-5224-41D5-AEBE-751C68A11D06}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{0C923516-9A45-433F-BFE3-384AE0D9DB21}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{0D1BAD3B-A765-427F-BE9E-4B2EC1542A10}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{10351F92-2F1A-43D6-BE1F-594FA20AE648}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{105B2448-E5CF-44BF-AA5F-8CC15C1B7B3B}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{112048C9-FA18-4D89-B0DC-9AE2FCDB782A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{138C3FC7-2DD6-4FAC-9EB7-467C390FC964}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{13E9A0D3-199C-400E-BA4D-D4AB46EB189C}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{161D29C3-70B6-48C8-81DF-89133BF8F68A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{165CE795-EF67-40C4-AC83-88A01430E456}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{16FFD4D4-C5E3-4E4F-A37D-525ADFC8B9F8}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{171A6B25-488E-444A-84DB-7E829B04823B}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{17D0F0FD-82FA-4644-89C5-0B0EB8F47046}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{17FBF03C-C3BA-4C4A-8DE6-5DD83BD8B25B}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{189532F2-498E-4489-B669-FC9E879EA862}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{18A0C3EA-D8D5-4E29-AC11-E9C4543A7A60}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{1944D08E-E451-4F8D-8EFB-BA281A4F4648}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{1A94F014-5679-4D1A-80C4-E781D6C84217}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{1C9A2EF3-D492-4F3B-B4E0-7E2CF315377C}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{1DE7AF91-EA77-48A0-8799-ED2B523C88BA}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{1EC7DEA9-E2FB-4D2E-A86B-A9897831BE1D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{1EFA9C42-504B-4A8A-8655-AE9861B385D7}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{1F77B03F-5D5A-43D1-843A-8AD2C7716F6A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{202C4F33-32FD-4E29-8376-D48D5088FD62}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{20E54E6B-6777-4F40-8F14-A2DE1472515A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{20ED81A2-1FD9-450F-88EF-842D2C18E837}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{213F31FA-EE7D-4AE2-BEC0-35449FE55928}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{22162881-2B12-4003-BDA0-94FCDBCFD013}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{2243D33D-7B62-4812-BCDF-20320DE591EB}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{236D3A70-3E2A-4FF3-B381-0A0DCA9C9E27}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{2724F3B6-9376-4321-A109-B9D21DE62923}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{28A75742-83FC-4906-A4B7-C7531AB67930}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{28CD431C-E99D-49BB-8D39-D58185B854DB}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{294CF411-7C04-43F0-A597-1A29A291033E}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{2A3F4490-BF88-46AF-8758-95E7AE03949B}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{2AD5BBC1-71EF-4CE7-85C8-0187DD155FEE}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{2AE2D1F2-40B8-42DF-A1BB-CC423FCE1901}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{2AF081BF-EA39-4CC1-9C0E-C80C9C07875C}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{2B78C602-623B-4FC5-A6CC-9F0AC14DAD3E}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{2B978B90-2B88-4C59-B432-E4C4E31FFABF}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{2CCB139F-80AA-42BC-B5EE-2727122A7B1D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{2F583C48-0056-441C-8CFD-0FB99379B7B5}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{2F724981-6A43-4C52-BAD1-9B057E874CFD}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{2FC36D4D-C0DF-4A17-87E1-248B3B052AE8}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{34840E5C-FAF9-4551-BD47-B7DA7CBEC800}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{3625CA02-7A68-4D39-85AA-B6C649A7494D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{390D1A3E-1145-4DBC-A2B5-49CF2DD2A198}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{397A6CEF-1FAE-47E4-9D02-946EDBDDBD22}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{3A1B2C44-745C-456C-8E1A-0DA8EE84CFF4}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{3A4DDC13-D706-4946-B96D-9437FFD52180}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{3A64D769-7F75-4A7B-BE0C-FB1B69B3BC2A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{3ACB9070-0DE8-4CB2-9574-113B97DBD28C}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{3C138F6D-C76A-4CA0-92C1-50F9D39A27DD}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{3E299AE8-4054-4C80-833E-CA10F9FB151E}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{3E4FE714-5B65-4833-BB51-64C2AE1337FC}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{3EC0AAB7-8BE7-4685-8A02-F898A3A3655A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{40EB4867-284D-49D4-8B34-D685A79D2135}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{4255AD77-A4D9-49DE-BEEC-3EE18B31C4D6}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{42ADA8BD-A9E7-4A36-83A6-DF2725FE8209}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{43597959-C40E-43F6-BEF0-558FC74902FA}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{43C34A67-27A8-4083-999C-767E58E76F43}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{4501A210-826C-48A1-AD49-C2E07AAB876F}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{452A4DC0-FD2B-4C14-9E4F-1C1AFA140BA1}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{45A3DE45-95DD-458D-9494-ED684A931BA2}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{47BA5771-DB45-413E-8649-F066E7B2A2A2}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{47C465C2-6E5C-4F09-B41B-335334A38E9A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{48429A49-10FA-4967-9BB0-6B5FB66C74D3}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{48453267-854F-4253-BF92-6919BDA0FF83}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{4B448A25-B71B-4EB2-8FC8-715E1CA8F379}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{4D17AB3F-5912-4A51-937B-02951AEE5934}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{4E0C7695-6489-476D-A5F3-289DEB300043}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{4E96A03E-0485-4FA5-B611-49B4DCE98F28}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{4F1B1519-E3AE-4BB2-81EF-D026B6124345}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{504FEB7C-D13B-4F36-895B-8A807FF79959}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{50D9DDC2-3B92-4190-A420-264ED0940FC6}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{512A3252-9452-4F3F-BB56-07686E79BA7E}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{5257CD13-A9C2-4628-8F1F-FC613CC40792}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{533672DF-01BB-43FF-BF03-5AADB1DAE20C}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{53B33895-C53D-45C7-81DC-91A6602278C9}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{53DAF8D1-F71B-4E4A-AC57-7C3459F72197}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{53FC97E9-0E0D-494E-8C2B-B958DC66F6DC}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{5501EE3E-D1EB-453B-BAC8-C5DD9E627441}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{55FF682C-78EE-42C5-9A49-5B5883B2802C}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{58544336-13DE-4E72-B795-BF0BEA41B88D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{58FF88F3-3ECF-48FA-A1D5-0C61D02D6E6E}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{5981BEC8-7B9C-4A50-8E4D-918E4EC07682}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{5A7F7782-8F42-4EFD-851B-58D541DE9A16}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{5A968330-5CE1-4981-BE8B-05C426C628F8}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{5BF43505-25DB-4B83-BABE-B49B9C7FD43D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{5C3B4F97-C72C-48AB-9446-40FB479B6316}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{5CAAFC53-FF08-483E-B368-AEF4E5BAE022}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{5D6B5F80-F960-4568-84BB-19391B4D7FBA}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{5E788EC8-9C25-4DD1-B295-891F2E297856}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{5FDCD149-C6AC-4883-AF99-AE3E3410A27A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{6295567A-0F90-4D24-89A9-E7D2DDE737F4}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{62FBF64F-C8D4-40E5-A460-5E699DAA146F}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{644A7791-E6B9-476D-9F4E-BF1E2AB66D92}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{6461C8DC-4024-4534-99AF-A02C40D6B9E7}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{646D3C90-662D-40FD-A6BC-546E739917FE}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{652DF534-A631-4F9B-9131-D4249C319EB8}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{65E86C16-296C-4B8D-81F1-BC109D9F8481}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{66AD8FC0-0398-4174-B9C3-7573733BD546}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{68BABC77-4BEC-4517-98CA-21B2A0F24DB7}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{6ADB1501-D1B7-4D45-A939-E7E0E6866390}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{6BD48D2D-8907-4E5A-82BF-AC5CA5D762A2}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{6BDED18E-CFAF-4098-BA46-9BB43D0803DD}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{6D24150F-3411-4207-85AE-B1B9DD306414}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{6FC0105D-A93A-4931-AF9B-5B9FB7278CC9}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{71AAF55F-651C-4F68-B20F-5D55B15052FB}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{73AF6664-B734-4288-8947-5360C6627254}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{75719078-69AA-47F6-BC6C-D8DDC65C5EED}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{7835D768-783E-4EE0-A7F2-2E4AC1F2E9A3}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{793DFA78-B659-450B-9382-83310AEC88F8}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{7AC3478C-02B6-4187-B1FE-2975EDEF5637}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{7C53A582-2E2A-4CED-BDB3-6EE614C4429F}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{7CB94ED6-4F52-4660-A8DF-D6CEA5A944C0}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{7CC6F984-2E0E-4B6F-B29D-ED32F3986BE6}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{7D0E9558-6B26-471C-A1E9-B5470516D2B7}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{7FF2A375-7CEE-4BBB-AABB-FB8C4979A55A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{803B0AD0-46B7-448F-B5B6-F165BB805A15}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{81BF3458-F053-4D2B-8BDE-727E4A4A52D6}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{822C8013-82A0-40DD-BD15-14D2BE0CA8E9}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{849A4F5B-7144-4A3C-B3A5-2C65E7FBEF9D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{851B4720-5049-4E2D-B4EE-7E6A166843E0}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{8530BDC1-E5F4-489F-BFEE-43E50C324025}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{87B0BD68-47E1-45C6-BD8F-681B2E093E8E}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{8801ABE8-CCDE-4B4C-9A4A-BA086E17F06E}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{881D8B68-CCD2-4828-84D5-E6180A542DFE}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{8832D1A5-A5F3-4A43-91FD-B8273921FD18}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{8884B0C0-6D1A-4AD0-BE2A-8716A3243C2D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{88F42BE1-A590-4FCD-ACF9-644D3919C082}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{89E495A3-46DB-4BED-88B1-FB93A5F858D7}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{89FFFBBA-C7D6-4375-83D0-B6A1D98A7B2D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{8AD4142B-BE28-49F2-9115-FC12DD1EEB31}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{8DD6846E-C962-4FA7-BEC0-54A8301D714E}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{8EB13128-A233-40F9-9ED5-0891130CFCE7}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{8F3FDE70-4A90-4998-904E-64EE5550E0BA}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{8FDFA6CA-0FC6-4547-B7D2-529E275C9B68}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{8FE73627-C71B-4AFC-85AD-CCC5100DF4C3}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{93181B34-4EA9-4A14-9712-69438AF7371B}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{95AB60F1-BF6F-415C-A080-244B608BA243}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{9670E9A4-AC09-48A7-BD49-868CE25BDA18}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{969AD394-6B68-4820-8046-0A1C751DFF53}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{972BF8FE-5F82-4CA5-A543-A015A39B66DC}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{99DB7294-86DC-4A69-A848-FB5D80DEAD0C}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{9C21E614-10AC-4E06-8A1F-CA45110939A2}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{9D43B103-7884-4064-9680-B05F4070509D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{9EFC6564-3098-4A5A-9A56-7FF7221D6B4D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{9F8BFE3E-E7F7-47F2-97C2-640F56B52DF8}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{9FB88E4D-B4A6-42D9-8F30-C6DC8A198372}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{A2E09A5B-BFBC-4C05-A0B0-016216BD2675}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{A59EEFDA-8BAC-4A01-A1F9-42DE064AD008}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{A65F413B-5461-4A01-870A-C8D198C1A1DF}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{A66CC784-7D0D-4A95-B14C-98F7EAA29685}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{A6B39AC0-1B5C-4957-93A7-33670542A26D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{A8F58AD1-9926-472E-B441-65BE509ED6E5}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{A9884592-0293-41D3-8553-AEAC63DFD500}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{A9C182CE-8E4A-45F0-AF2A-20752F10AC62}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{AAFDAC55-AF68-4D5A-AC19-78CB79183496}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{AD07A9C9-F1B3-4D02-87D8-A2B7C4D3468F}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{AD5FFE88-97F0-4E67-9D1D-4516A1F6436F}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{ADC80FF8-B14B-45D9-9A15-A8C0FD833ED7}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{AE5224D8-F50D-4D41-89B3-D2C9FD2DAEF4}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{AE5E77EC-62AC-445E-8695-9DBAA5213B5A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{AF541C12-7CB8-4A57-8027-3CA96FE6E0C1}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{AFFC9E4B-D88D-4BC2-8E36-055109399122}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{B001AD02-B6E8-4743-929F-FB42C0CAFA0A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{B1263B55-6C72-48B7-B24B-00573909687D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{B29E81E1-1B90-41FF-9778-5AEA93F66214}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{B2DE226A-AC8A-47A4-8482-2F70F814E8BC}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{B3165926-AAEC-4835-9AAB-24D67A2F2165}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{B495356D-07BB-49C9-A0C6-799742266746}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{B5C5A383-FE65-4162-8B71-65B1B4DCD0B1}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{B6E2B000-C6C5-41AF-AADE-B346BAF0D43C}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{B74A971F-B4A3-4341-85A7-A928ECE2F5E2}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{B794C75E-0245-43B7-A714-9426977991AF}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{B83B9107-D7E2-4B1A-B779-F7E34950EF9B}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{B877BD05-AC79-4202-A5C0-9EC5F7BABD59}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{BA76546C-4198-40FA-AF37-2B45CCFE9302}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{BB043798-D970-4CED-B6F3-04B7666EC38B}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{BB23ACD3-D359-4151-BE83-F891896D1F8E}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{BB53596A-A574-49DD-BF4E-287AA98DFA69}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{BC313EB7-621E-4FD1-B2F7-F8D8F5D3246F}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{BE62AA3D-57BF-4D7E-8A14-94A19E7F9A67}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{BF350EB8-99FB-4B52-927A-725FD70584F5}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{BF73A4A1-E8B9-4F5D-AEBB-3EA3481A1019}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{BFD9A015-BEB2-4C30-B0B1-E9C439061571}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{C1571248-1C94-49D0-A37A-88617045A53B}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{C2776D65-72BE-40A3-AF6B-C1B9C6FEF16B}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{C2D4CD01-933F-48F8-B747-BBA03DCD12B6}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{C3867C03-10D6-4963-85E9-18C602578127}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{C3DAD344-6D31-4B83-B066-4883668759E5}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{C3FBF054-31D4-4514-8591-3A0F5BF6EEA0}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{C50E8567-2BD3-409A-B282-36C431387816}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{C5D24F33-DAFF-4192-9CEE-856536655A79}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{C94140B2-D3DC-440B-9307-1FFF137B3B0C}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{C95A97F1-BA1B-4EFB-A122-9F48D815AB92}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{CBD4BB49-48E3-48F4-A467-10398F503805}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{CC108A69-9491-49F2-B1D9-69D7FE20E356}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{CC3A17C3-5E7C-4D4C-AD7A-62DA33FD7A2A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{CCBAE61E-A872-4663-96DB-6DF84E962216}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{CD7E4176-A65F-4B76-AA86-653228DFFE1E}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{CEAE69D8-08F6-4703-9EAA-3D430F16EB7B}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{CFC9C808-CBEC-416A-9C9E-58E6E3D10D5F}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{CFD852EB-8D28-4AED-8C34-4D1AEAE22965}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{D13802D0-0D81-48F3-AB64-78E9422C4BD8}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{D590F060-F7E3-40B6-9C02-9D265AD11F4E}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{D5AD74E3-F320-47B5-B6AF-D886471D48CA}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{D5B7CF9E-7BED-43E6-8AC4-CF007A045B3A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{D617253A-0CEA-4ED2-900E-22A351B2A817}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{D862F6F0-41C7-4D78-A856-71EB9D788265}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{D8ABA50E-16E5-4C57-894C-A95FEA0DD41F}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{D8BAF279-D5D8-4236-BC09-4C01D0C37916}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{D97079FC-7452-4388-9AFA-517302BBA4D7}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{D9EA6A04-D2C2-4F87-8482-543FE0B81A99}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{DC33E3D2-9539-4861-A96A-54670ABA2B12}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{DC750BA3-C7A6-48E9-923A-7D818F56F2A4}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{DCC7BF53-A54C-4261-9321-F047C14C05BB}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{DDCD1811-2D47-46B8-A56A-A57FAF20F386}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{DECC1120-36C6-4947-8C90-B18308A9873F}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E0B4013F-0706-44E9-A341-C802580F141D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E11F5E29-12AF-4C25-ADC4-3EEAA77DE5E5}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E1707F8F-F5C3-4250-9796-672B1B40F5FF}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E1DC4545-1C73-4A2C-A817-B4C355152913}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E1F9CB6A-2869-47A6-BD37-2C4D8C07A74C}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E2BAA2D0-02B3-43F4-94E0-6CAAE406C58D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E2FAD2C6-A0F9-449D-91C5-F5080495D3F7}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E31A47C9-43ED-4F4A-AC88-C792E9914391}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E3C6D71F-9A3C-4056-91E6-755307E81EFE}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E3C8420B-DBF9-49FC-ADFE-18DEEBE70F83}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E4C75AE9-3809-4EC8-BCED-D5A891FD7198}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E5E35CE3-AFB2-46AA-846F-317AB229BC30}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E8815380-3382-4856-A775-1F4023D71A6E}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{E92705A5-23A6-4127-B203-3C93C5DCB4F8}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{EA8C7229-C154-401E-926F-63C30CE935C1}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{EAE360FB-3C10-42A1-831E-3917D17DECE9}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{EAE4F5A5-9BF2-435E-B18F-5FE1A7BAF060}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{EBED6FCD-6E28-4D87-9E46-8F473293DC83}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{EE273068-6E52-4F90-999F-955A8FE7BDD0}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{EEC11D50-70C5-4064-9EA6-6F94B2832EAC}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{EF0B68F0-E5E2-4CC6-A6CC-A54F39F809FE}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{EF41AE6A-4A6E-4D77-8526-F691C08FB6DA}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{EFDF62C1-2946-412F-9AD0-E4493F873BB7}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{F1026FDB-A55C-41F0-BFAB-3F10652049A6}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{F36EB27B-625A-4C6D-96FA-E24D65039729}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{F3B77B9B-FA77-49E8-AD08-BBB65776265C}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{F3DEEAE7-440C-483D-930A-7F21D6818ED0}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{F421CAE4-6696-4839-8FCC-7D417702788C}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{F4C25E04-F465-4EA3-8F1E-60E83EB08A68}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{F57EADBA-5318-4CA1-BFD5-9CACB36B0F2D}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{F5EFCB93-97CB-48CA-A7B0-73E3C51FC58A}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{F644FE63-DF7A-49D9-8C84-215A00AC69F0}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{F895D933-300D-4574-A0D6-03912F055809}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{F996052D-80B6-4CCB-8D60-FD1277764783}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{FABF7F8D-8A37-4D2C-A515-70CF1C3608E9}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{FB59CF27-D68C-4DD0-905A-23B9E113E228}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{FDBFC2D8-64BC-4A40-B898-AFECDC49F3B0}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{FFD19ADE-4B44-481B-8BA3-193EE5F7E152}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{FFF491AB-BCC1-40C5-B7EA-72F8F3E46119}
Successfully deleted: [Empty Folder] C:\Users\Cornelius Brack\appdata\local\{FFF94155-7BEA-4194-BF3C-32872ECA875B}

~~~ FireFox

Successfully deleted: [File] C:\Users\Cornelius Brack\AppData\Roaming\mozilla\firefox\profiles\r4i8zxdo.default\extensions\trtv3@trtv.com.xpi
Successfully deleted: [Folder] C:\Users\Cornelius Brack\AppData\Roaming\mozilla\firefox\profiles\r4i8zxdo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
Successfully deleted the following from C:\Users\Cornelius Brack\AppData\Roaming\mozilla\firefox\profiles\r4i8zxdo.default\prefs.js

user_pref("CT2269050./9b+7e3x305.from_oldbar.enc", "JH4vQT87NjM/R0Y/fUk+QS52MH4iJCE1LDdHS1lXS0pIWFhOXjdiVzpTXkkySzo9PztQR1JibGJddXhtdmp8UXxxdGFKY1JVV1JoX2p6LSYsLCR+LzIuaTUqLXl
user_pref("CT2269050./9b+7ebx305.from_oldbar.enc", "JH4+OTFBMD0zRUA2Mn5KP0IvdzF7fSM1LDdWWUlITk9RUlxOTFVTW1RgWlo+aV5hTjdQOz1BVEtWdXVlbXNneW1tfFUhdXhlTmdSVFdrYm0tIiUuIGczKGokL3l
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/833447eaff04548ccb80787286a7cad9_DE.value", "%22var%20ca
user_pref("extensions.iminent.admin", false);
user_pref("extensions.iminent.aflt", "orgnl");
user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
user_pref("extensions.iminent.autoRvrt", "false");
user_pref("extensions.iminent.dfltLng", "");
user_pref("extensions.iminent.excTlbr", false);
user_pref("extensions.iminent.ffxUnstlRst", false);
user_pref("extensions.iminent.id", "78f85ae5000000000000001d7e050599");
user_pref("extensions.iminent.instlDay", "15961");
user_pref("extensions.iminent.instlRef", "");
user_pref("extensions.iminent.newTab", false);
user_pref("extensions.iminent.prdct", "iminent");
user_pref("extensions.iminent.prtnrId", "iminent");
user_pref("extensions.iminent.rvrt", "false");
user_pref("extensions.iminent.smplGrp", "none");
user_pref("extensions.iminent.tlbrId", "base");
user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
user_pref("extensions.iminent.vrsn", "1.8.25.0");
user_pref("extensions.iminent.vrsnTs", "1.8.25.014:49:41");
user_pref("extensions.iminent.vrsni", "1.8.25.0");
user_pref("iminent.LayoutId", "1");
user_pref("iminent.ShowThankyouPixel", "0");
user_pref("iminent.enabledAds", "false");
user_pref("iminent.registerToolbarEvent100", "1379152161835");
user_pref("iminent.registerToolbarEvent101", "1379149570375");
user_pref("iminent.registerToolbarEvent102", "1379346461612");
user_pref("iminent.registerToolbarEvent109", "1379346507120");
user_pref("iminent.registerToolbarEvent111", "1379346507127");
user_pref("iminent.registerToolbarEvent112", "1379346529527");
user_pref("iminent.registerToolbarEvent122", "1379346507135");
user_pref("iminent.version", "7.36.1.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.36.1.1\",\"InstallEventCTime\":1379076718440,\"InstallEvent\":\"True\"}");
Emptied folder: C:\Users\Cornelius Brack\AppData\Roaming\mozilla\firefox\profiles\r4i8zxdo.default\minidumps [205 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.11.2013 at 17:22:07,41
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M-K-D-B · 06.11.2013, 18:20

Servus,

fehlt nur noch die Logdatei von MBAM, dann kann es weitergehen.

cocobrack · 06.11.2013, 20:23

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.06.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Cornelius Brack :: CORNELIUSBRACK [Administrator]

06.11.2013 17:27:22
mbam-log-2013-11-06 (17-27-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|G:\|I:\|J:\|K:\|L:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 525298
Laufzeit: 2 Stunde(n), 44 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 6
C:\$Recycle.Bin\S-1-5-21-1840268806-3441741845-855969553-1001\$R9M1ESC.exe (PUP.Optional.OneClickDownloader.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-1840268806-3441741845-855969553-1001\$RAKFD5T.exe (PUP.Optional.OneClickDownloader.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-1840268806-3441741845-855969553-1001\$RPG775Z.exe (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\ffxtlbr@babylon.com\components\FFHst.dll.vir (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\OpenCandy\OpenCandy_480173DC476845F193740351D397D6D2\DLMgr3WrapperUniBlue.exe.vir (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Config.Msi\3908ec.rbf (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Endlich geschaft

M-K-D-B · 07.11.2013, 16:00

Servus,

Wir spüren die letzten Reste auf, damit wir sie später entfernen können:

Schritt 1
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*Iminent*
*crossrider*
*Babylon*
*ICQToolbar*
*DriverScanner*
*myfree codec*
*Conduit*
*OpenCandy*
*searchresultstb*
*SweetIM*
*iLivid*
*DataMngr*

:folderfind
*Iminent*
*crossrider*
*Babylon*
*ICQToolbar*
*DriverScanner*
*myfree codec*
*Conduit*
*OpenCandy*
*searchresultstb*
*SweetIM*
*iLivid*
*DataMngr*

:regfind
iminent
crossrider
Babylon
ICQToolbar
DriverScanner
myfree codec
Conduit
OpenCandy
searchresultstb
SweetIM
iLivid
DataMngr

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von FRST,
die Logdatei von SystemLook,
die Beantwortung der gestellten Fragen.

cocobrack · 07.11.2013, 17:07

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Cornelius Brack (administrator) on CORNELIUSBRACK on 07-11-2013 17:02:11
Running from C:\Users\Cornelius Brack\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
() C:\Program Files\Guard-ICQ\GuardICQ.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files\Guard-ICQ\GuardICQ.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Spotify Ltd) C:\Users\Cornelius Brack\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Guard.Mail.ru.gui] - C:\Program Files\Guard-ICQ\GuardICQ.exe [1564368 2012-10-07] ()
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Cornelius Brack\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-24] (Spotify Ltd)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
MountPoints2: {88ac7d23-66e5-11e1-8807-0019dbf62289} - H:\AutoRun.exe
MountPoints2: {88ac7d79-66e5-11e1-8807-0019dbf62289} - H:\AutoRun.exe
MountPoints2: {e807e0e8-44db-11df-94b7-806e6f6e6963} - F:\Beruf_Karriere.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1C89614AE000CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie10
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {1AC29700-6F65-4EE6-AD66-68FA88F985C1} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {309589F9-6A52-42E9-A507-BC3E1F3AD755} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {3B7DDEBF-91C8-4C25-B347-374BF250EE77} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {3DD9D4CB-7569-496F-B238-806934F5D6FC} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {AA888166-5520-4D15-8CB7-080974E0C528} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2BD76CAE-886B-4A80-AD9F-62C70BA095E9}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{3DD56755-ACAC-4EFB-8C2B-A3540E049A42}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default
FF SearchEngineOrder.1: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-2.2 - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: DVDVideoSoftTB  - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: WOT - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: ciuvo-extension - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: firefox-hotfix - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\firefox-hotfix@mozilla.org.xpi
FF Extension: toolbar - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\toolbar@web.de.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\

Chrome: 
=======
CHR Extension: (Skype Click to Call) - C:\Users\CORNEL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Norton Identity Protection) - C:\Users\CORNEL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [1564368 2012-10-07] ()
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-03-04] (Logitech Inc.)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2010-10-31] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-04-30] ()
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [1096280 2013-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-27] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] ()
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2012-03-05] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2012-03-05] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [181760 2012-03-05] (Huawei Technologies Co., Ltd.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20131106.001\IDSvix86.sys [393816 2013-10-25] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-04-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20131106.025\NAVENG.SYS [93272 2013-11-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20131106.025\NAVEX15.SYS [1612376 2013-11-05] (Symantec Corporation)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-04-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMNETS.SYS [318584 2012-04-18] (Symantec Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-06 17:26 - 2013-11-06 17:26 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-06 17:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-06 17:25 - 2013-11-06 17:25 - 00001696 _____ C:\Users\Cornelius Brack\Desktop\mbam-setup-1.75.0.1300(1).exe - Verknüpfung.lnk
2013-11-06 17:24 - 2013-11-06 17:24 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Cornelius Brack\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-11-06 17:22 - 2013-11-06 17:22 - 00035846 _____ C:\Users\Cornelius Brack\Desktop\JRT.txt
2013-11-06 17:05 - 2013-11-06 17:05 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 17:04 - 2013-11-06 17:04 - 00001492 _____ C:\Users\Cornelius Brack\Desktop\JRT.exe - Verknüpfung.lnk
2013-11-06 17:03 - 2013-11-06 17:03 - 01034531 _____ (Thisisu) C:\Users\Cornelius Brack\Downloads\JRT.exe
2013-11-06 16:54 - 2013-11-06 16:56 - 00000000 ____D C:\AdwCleaner
2013-11-06 16:54 - 2013-11-06 16:54 - 00001561 _____ C:\Users\Cornelius Brack\Desktop\adwcleaner.exe - Verknüpfung.lnk
2013-11-06 16:51 - 2013-11-06 16:51 - 01073262 _____ C:\Users\Cornelius Brack\Downloads\adwcleaner.exe
2013-11-06 16:46 - 2013-11-06 16:46 - 00001503 _____ C:\Users\Cornelius Brack\Desktop\FRST.exe - Verknüpfung.lnk
2013-11-06 16:41 - 2013-11-06 16:42 - 00025862 _____ C:\Users\Cornelius Brack\Downloads\Addition.txt
2013-11-06 16:37 - 2013-11-06 16:37 - 00000000 ____D C:\FRST
2013-11-06 16:31 - 2013-11-06 16:31 - 01089445 _____ (Farbar) C:\Users\Cornelius Brack\Downloads\FRST.exe
2013-11-04 01:05 - 2013-11-04 01:05 - 00008451 _____ C:\Users\Cornelius Brack\Downloads\spssdata(1).csv
2013-11-01 23:15 - 2013-11-01 23:15 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata2.csv
2013-11-01 23:14 - 2013-11-04 17:29 - 00048195 _____ C:\Users\Cornelius Brack\Documents\Auswertung Umfrage.xlsx
2013-11-01 22:43 - 2013-11-01 22:43 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata1.csv
2013-11-01 22:07 - 2013-11-01 22:42 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata.csv
2013-11-01 15:22 - 2013-11-01 15:22 - 00000000 ____D C:\Users\Cornelius Brack\Documents\FUSSBALL MANAGER 14
2013-11-01 15:20 - 2013-11-01 15:20 - 00001178 _____ C:\Users\Public\Desktop\FUSSBALL MANAGER 14.lnk
2013-10-31 23:14 - 2013-10-31 23:30 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\Origin
2013-10-30 20:17 - 2013-11-01 23:14 - 00096256 _____ C:\Users\Cornelius Brack\Documents\Auswertung Umfrage.xls
2013-10-29 15:15 - 2013-11-06 20:19 - 00005388 _____ C:\Windows\PFRO.log
2013-10-27 20:56 - 2013-11-07 15:11 - 00001904 _____ C:\Windows\setupact.log
2013-10-27 20:56 - 2013-10-27 20:56 - 00000000 _____ C:\Windows\setuperr.log
2013-10-25 19:56 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-25 19:56 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-25 19:56 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-25 19:56 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-25 19:56 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-25 19:56 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-25 19:15 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-25 19:15 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-25 19:15 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-25 19:15 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-25 19:15 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-25 19:15 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-25 19:15 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-25 19:15 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-25 19:15 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-25 19:15 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-25 19:15 - 2013-08-05 02:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-10-25 19:15 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-25 19:15 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-25 19:15 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-25 19:15 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-25 19:15 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-25 19:15 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-25 19:15 - 2013-07-12 11:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-25 19:15 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-25 19:15 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-25 19:15 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-25 19:15 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-25 19:15 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-25 19:15 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-25 19:15 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-25 19:15 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-25 19:15 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-25 19:15 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-25 19:15 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-25 19:15 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-25 19:14 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-25 19:12 - 2013-08-02 02:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-10-25 19:12 - 2013-08-02 02:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-10-25 19:12 - 2013-08-02 02:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 01:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-10-25 19:12 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-20 21:46 - 2013-10-20 21:46 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 21:45 - 2013-10-20 21:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 21:45 - 2013-10-20 21:44 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-20 21:45 - 2013-10-20 21:44 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-20 21:45 - 2013-10-20 21:44 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-20 21:45 - 2013-10-20 21:44 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-20 21:39 - 2013-10-20 21:39 - 00915368 _____ (Oracle Corporation) C:\Users\Cornelius Brack\Downloads\jxpiinstall(1).exe
2013-10-16 21:12 - 2013-10-16 21:14 - 67022728 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\FM12DBUpdate(1).exe
2013-10-16 18:29 - 2013-10-16 18:37 - 324367280 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\Manager_12_Update_3.exe
2013-10-16 18:20 - 2013-10-16 18:21 - 37973368 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\FM12DBUpdate2(1).exe
2013-10-16 13:27 - 2013-10-16 13:36 - 183608160 _____ (Symantec Corporation) C:\Users\Cornelius Brack\Downloads\norton_internet_security_setup.exe

==================== One Month Modified Files and Folders =======

2013-11-07 16:57 - 2010-05-15 18:13 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\Skype
2013-11-07 16:33 - 2010-04-13 17:33 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-07 16:20 - 2012-04-15 22:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-07 15:20 - 2009-07-14 05:34 - 00013552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-07 15:20 - 2009-07-14 05:34 - 00013552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-07 15:18 - 2010-04-10 21:04 - 01982553 _____ C:\Windows\WindowsUpdate.log
2013-11-07 15:15 - 2010-04-13 17:33 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-07 15:11 - 2013-10-27 20:56 - 00001904 _____ C:\Windows\setupact.log
2013-11-07 15:11 - 2010-04-30 21:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-07 15:11 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-06 20:19 - 2013-10-29 15:15 - 00005388 _____ C:\Windows\PFRO.log
2013-11-06 20:18 - 2013-09-22 00:10 - 00000000 ____D C:\Windows\865537E164904193A4B6669C62711852.TMP
2013-11-06 17:26 - 2013-11-06 17:26 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-06 17:26 - 2013-09-23 13:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-06 17:25 - 2013-11-06 17:25 - 00001696 _____ C:\Users\Cornelius Brack\Desktop\mbam-setup-1.75.0.1300(1).exe - Verknüpfung.lnk
2013-11-06 17:24 - 2013-11-06 17:24 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Cornelius Brack\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-11-06 17:22 - 2013-11-06 17:22 - 00035846 _____ C:\Users\Cornelius Brack\Desktop\JRT.txt
2013-11-06 17:05 - 2013-11-06 17:05 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 17:04 - 2013-11-06 17:04 - 00001492 _____ C:\Users\Cornelius Brack\Desktop\JRT.exe - Verknüpfung.lnk
2013-11-06 17:03 - 2013-11-06 17:03 - 01034531 _____ (Thisisu) C:\Users\Cornelius Brack\Downloads\JRT.exe
2013-11-06 16:56 - 2013-11-06 16:54 - 00000000 ____D C:\AdwCleaner
2013-11-06 16:56 - 2012-01-19 01:09 - 00000000 ____D C:\ProgramData\Uniblue
2013-11-06 16:56 - 2010-06-13 09:48 - 00000000 ____D C:\ProgramData\ICQ
2013-11-06 16:54 - 2013-11-06 16:54 - 00001561 _____ C:\Users\Cornelius Brack\Desktop\adwcleaner.exe - Verknüpfung.lnk
2013-11-06 16:51 - 2013-11-06 16:51 - 01073262 _____ C:\Users\Cornelius Brack\Downloads\adwcleaner.exe
2013-11-06 16:46 - 2013-11-06 16:46 - 00001503 _____ C:\Users\Cornelius Brack\Desktop\FRST.exe - Verknüpfung.lnk
2013-11-06 16:42 - 2013-11-06 16:41 - 00025862 _____ C:\Users\Cornelius Brack\Downloads\Addition.txt
2013-11-06 16:41 - 2011-07-23 13:35 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\vlc
2013-11-06 16:37 - 2013-11-06 16:37 - 00000000 ____D C:\FRST
2013-11-06 16:31 - 2013-11-06 16:31 - 01089445 _____ (Farbar) C:\Users\Cornelius Brack\Downloads\FRST.exe
2013-11-06 08:02 - 2010-04-10 21:14 - 01526094 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-04 21:55 - 2010-04-30 21:09 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Local\CrashDumps
2013-11-04 17:29 - 2013-11-01 23:14 - 00048195 _____ C:\Users\Cornelius Brack\Documents\Auswertung Umfrage.xlsx
2013-11-04 01:05 - 2013-11-04 01:05 - 00008451 _____ C:\Users\Cornelius Brack\Downloads\spssdata(1).csv
2013-11-02 19:36 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-02 19:32 - 2013-05-15 16:40 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-11-02 18:53 - 2012-01-02 15:18 - 00000000 ____D C:\Users\Cornelius Brack\Documents\Bewerbung
2013-11-02 18:15 - 2012-01-17 14:50 - 00203264 ___SH C:\Users\Cornelius Brack\Thumbs.db
2013-11-02 18:15 - 2010-04-10 21:13 - 00000000 ____D C:\Users\Cornelius Brack
2013-11-02 09:55 - 2011-06-08 20:43 - 00000000 ____D C:\Program Files\Origin
2013-11-01 23:15 - 2013-11-01 23:15 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata2.csv
2013-11-01 23:14 - 2013-10-30 20:17 - 00096256 _____ C:\Users\Cornelius Brack\Documents\Auswertung Umfrage.xls
2013-11-01 22:43 - 2013-11-01 22:43 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata1.csv
2013-11-01 22:42 - 2013-11-01 22:07 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata.csv
2013-11-01 15:22 - 2013-11-01 15:22 - 00000000 ____D C:\Users\Cornelius Brack\Documents\FUSSBALL MANAGER 14
2013-11-01 15:21 - 2011-06-08 20:43 - 00000000 ____D C:\ProgramData\Origin
2013-11-01 15:20 - 2013-11-01 15:20 - 00001178 _____ C:\Users\Public\Desktop\FUSSBALL MANAGER 14.lnk
2013-11-01 12:30 - 2011-06-08 20:43 - 00000000 ____D C:\Program Files\Origin Games
2013-10-31 23:30 - 2013-10-31 23:14 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\Origin
2013-10-31 23:16 - 2011-06-08 20:49 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Local\Origin
2013-10-30 21:05 - 2013-07-13 15:57 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\Spotify
2013-10-30 19:50 - 2013-07-13 15:59 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Local\Spotify
2013-10-27 20:56 - 2013-10-27 20:56 - 00000000 _____ C:\Windows\setuperr.log
2013-10-27 17:17 - 2010-04-10 22:07 - 00000000 ____D C:\Users\Cornelius Brack\Tracing
2013-10-27 17:15 - 2010-04-10 22:01 - 00000000 ____D C:\Windows\Panther
2013-10-27 11:09 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-25 20:16 - 2009-07-14 05:33 - 00418832 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-25 20:15 - 2010-10-03 10:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-25 20:13 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-25 20:11 - 2010-04-10 23:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-25 20:08 - 2013-08-04 10:18 - 00000000 ____D C:\Windows\system32\MRT
2013-10-21 11:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-10-20 21:53 - 2012-09-15 19:06 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\TV-Browser
2013-10-20 21:46 - 2013-10-20 21:46 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 21:45 - 2013-10-20 21:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 21:44 - 2013-10-20 21:45 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-20 21:44 - 2013-10-20 21:45 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-20 21:44 - 2013-10-20 21:45 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-20 21:44 - 2013-10-20 21:45 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-20 21:44 - 2010-05-13 15:12 - 00000000 ____D C:\Program Files\Java
2013-10-20 21:39 - 2013-10-20 21:39 - 00915368 _____ (Oracle Corporation) C:\Users\Cornelius Brack\Downloads\jxpiinstall(1).exe
2013-10-16 21:21 - 2010-05-15 18:13 - 00000000 ____D C:\ProgramData\Skype
2013-10-16 21:20 - 2010-05-15 18:13 - 00000000 ___RD C:\Program Files\Skype
2013-10-16 21:14 - 2013-10-16 21:12 - 67022728 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\FM12DBUpdate(1).exe
2013-10-16 18:37 - 2013-10-16 18:29 - 324367280 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\Manager_12_Update_3.exe
2013-10-16 18:21 - 2013-10-16 18:20 - 37973368 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\FM12DBUpdate2(1).exe
2013-10-16 17:20 - 2012-04-15 22:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-16 17:20 - 2011-06-03 16:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-16 13:36 - 2013-10-16 13:27 - 183608160 _____ (Symantec Corporation) C:\Users\Cornelius Brack\Downloads\norton_internet_security_setup.exe

Some content of TEMP:
====================
C:\Users\Cornelius Brack\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 11:29

==================== End Of Log ============================

--- --- ---

--- --- ---

Nach dem Scan gab es nur diesen einen bei FRST!

M-K-D-B · 07.11.2013, 17:08

Servus,

Zitat:

Zitat von cocobrack

Nach dem Scan gab es nur diesen einen bei FRST!

weil du meine Anleitung nicht genau befolgt hast... nochmal lesen und neu ausführen.

cocobrack · 07.11.2013, 17:31

SystemLook 30.07.11 by jpshortstuff
Log created at 17:08 on 07/11/2013 by Cornelius Brack
Administrator - Elevation successful

========== filefind ==========

Searching for "*Iminent*"
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\iminent.xml.vir --a---- 1368 bytes [12:49 13/09/2013] [12:49 13/09/2013] 3FF67AC466058B3BE657AE19C55AB49E

Searching for "*crossrider*"
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.57_0\crossriderManifest.json.vir --a---- 737 bytes [12:50 13/09/2013] [12:50 13/09/2013] C186E13766026B5B830BE81856461D25
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.57_0\extensionData\plugins\13_CrossriderAppUtils.js.vir --a---- 5955 bytes [12:50 13/09/2013] [12:50 13/09/2013] A15314F10FA928B5C242EDDC4B91F503
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.57_0\extensionData\plugins\14_CrossriderUtils.js.vir --a---- 12369 bytes [12:50 13/09/2013] [12:50 13/09/2013] 56E07DB48844B5EB4DD57F053D87A38D
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.57_0\extensionData\plugins\78_CrossriderInfo.js.vir --a---- 2220 bytes [12:50 13/09/2013] [12:50 13/09/2013] EC3226E86137F361EEEF8F1244A0225A
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.57_0\js\lib\crossriderAPI.js.vir --a---- 11366 bytes [12:50 13/09/2013] [12:50 13/09/2013] 7B3ADEF52BEDD686D98A3C0F45278020
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\13_CrossriderAppUtils.js --a---- 7056 bytes [16:57 06/11/2013] [19:48 05/11/2013] 5C624086605726A12BFEC9C83F5E0CF2
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\14_CrossriderUtils.js --a---- 12369 bytes [16:57 06/11/2013] [19:48 05/11/2013] 56E07DB48844B5EB4DD57F053D87A38D
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\78_CrossriderInfo.js --a---- 2234 bytes [16:57 06/11/2013] [19:48 05/11/2013] AFC19F46F2798D47DCE5568D444A571A
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin\crossrider_statusbar.png --a---- 1361 bytes [16:57 06/11/2013] [19:48 05/11/2013] 8B1EB9CB80417EC0022D278A44AB1DC7

Searching for "*Babylon*"
C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\Babylon.xml.vir --a---- 2288 bytes [13:28 01/10/2013] [12:49 02/10/2011] F04CF51B7C79720A0E3502156AE3CCC4
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Local\Babylon\Setup\Babylon.dat.vir --a---- 11198 bytes [12:49 02/10/2011] [21:27 08/08/2011] 0EA4B325AEDED4466C4CF6F8DAE88ECF
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\ffxtlbr@babylon.com\content\babylon.css.vir --a---- 2740 bytes [09:02 22/03/2011] [09:02 22/03/2011] 8473A23281D302880A9E6508321201BE
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\ffxtlbr@babylon.com\content\babylon.xul.vir --a---- 10941 bytes [10:37 11/07/2011] [10:37 11/07/2011] 97BF7CBF63DFFEEC117A1A7F788D71DA
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\ffxtlbr@babylon.com\defaults\preferences\babylon.js.vir --a---- 603 bytes [12:49 02/10/2011] [12:49 02/10/2011] AAD1CBE901A1BEE5689FBD50121F7D8C
C:\Program Files\Microsoft Games\Age of Empires\campaign\Stimmen aus Babylon.cpn -r----- 913682 bytes [15:41 26/06/2013] [15:41 26/06/2013] 16E685EF1B62F4559D8C7DEBECE25F5F
C:\Program Files\Microsoft Games\Age of Empires\data\Auf Leben und Tod Babylon.ai ------- 3686 bytes [15:41 26/06/2013] [15:41 26/06/2013] 70330ABC18E7EE52EFFD23D275020A8F
C:\Program Files\Microsoft Games\Age of Empires\data\Babylon Schwertkämpfer.ai ------- 3467 bytes [15:41 26/06/2013] [15:41 26/06/2013] AD9B93F6EBC90543998B0B15DF62738F
C:\Program Files\Microsoft Games\Age of Empires\data\Babylon Späher.ai ------- 3784 bytes [15:41 26/06/2013] [15:41 26/06/2013] 3AF7F90F21C6A984BF521090AE0E8304
C:\Program Files\Microsoft Games\Age of Empires\data2\Auf Leben und Tod Babylon Wasser.ai ------- 3923 bytes [15:44 26/06/2013] [15:44 26/06/2013] FCA0381BA745DBBE7E5334A88AE5C188
C:\Program Files\Microsoft Games\Age of Empires\data2\Auf Leben und Tod Babylon.ai ------- 3884 bytes [15:44 26/06/2013] [15:44 26/06/2013] 694C7031F3FB4C2B8F48D1759E013234
C:\Program Files\Microsoft Games\Age of Empires\data2\Babylon Schwertkämpfer.ai ------- 3959 bytes [15:44 26/06/2013] [15:44 26/06/2013] 8C2D6BA1A5A177E3F55533129B8EF144
C:\Program Files\Microsoft Games\Age of Empires\data2\Babylon Späher.ai ------- 4184 bytes [15:44 26/06/2013] [15:44 26/06/2013] 502C138C587D0CF5CD91162133C3A7BD
C:\Program Files\Microsoft Games\Age of Empires\data2\Babylon Wasser.ai ------- 4445 bytes [15:44 26/06/2013] [15:44 26/06/2013] 1F44DD1124C3006C7B40ACB5A5D5151E
C:\Users\Cornelius Brack\Music\Boney M\The Best of 10 Years\18 Rivers of Babylon (2).wma --a---- 1721094 bytes [16:32 10/02/2012] [07:33 08/02/2012] 6590485EE186A7A3A2C98D6E959D8891
C:\Users\Cornelius Brack\Music\Boney M\The Collection\01 Rivers of Babylon (2).wma --a---- 3884212 bytes [16:32 10/02/2012] [07:29 08/02/2012] DFCB3D589A81C24BEEBB2EF3220B2440
C:\Users\Cornelius Brack\Music\Various Artists\Bravo Hits Lato 2010 Disc 2\10 Babylon.wma --a---- 3710700 bytes [12:47 10/05/2012] [16:53 09/05/2012] 0248C2486A995B2C39A7EEA05E4A7582

Searching for "*ICQToolbar*"
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}\chrome\content\icqtoolbar.js.vir --a---- 39929 bytes [13:34 25/11/2012] [12:48 24/07/2012] 64A8C19256690BE7190F083785445B44
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}\chrome\content\icqtoolbar.xul.vir --a---- 17076 bytes [13:34 25/11/2012] [12:48 24/07/2012] 24B0816F4BB4AAC1C33C746962C93D1D
C:\Programme\ICQ6Toolbar\ICQToolBar.dll --a---- 962808 bytes [18:19 08/12/2009] [13:01 16/08/2009] 772C626D0D9F340AA003F0E096B944E1

Searching for "*DriverScanner*"
No files found.

Searching for "*myfree codec*"
No files found.

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\ConduitCommon\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_eq ualizer_dead.gif.vir --a---- 119 bytes [10:26 03/10/2011] [10:26 03/10/2011] A5220F9E01F826B14FB6E2C3F4ECE421
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\ConduitCommon\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_mi nimize.gif.vir --a---- 590 bytes [10:26 03/10/2011] [10:26 03/10/2011] EFFF305AD2F5AA1DB77F7786B490DC61
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\ConduitCommon\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pl ay.gif.vir --a---- 676 bytes [10:26 03/10/2011] [10:26 03/10/2011] 40A8862A7994FA5600025CFDF7A8B81E
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\ConduitCommon\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_st op.gif.vir --a---- 703 bytes [10:26 03/10/2011] [10:26 03/10/2011] 253E89E7D1686D67C40FFB20FF78FEEF
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\ConduitCommon\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vo l.gif.vir --a---- 712 bytes [10:26 03/10/2011] [10:26 03/10/2011] 5AB7200023489A910B502A6EEE23674D
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\CT2269050\conduit.xml.vir --a---- 921 bytes [18:11 05/11/2013] [15:26 06/11/2013] 148BF47826807CE510BB23312000797E
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\CT2269050\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_displa y_xml.xml.vir --a---- 5803 bytes [10:25 03/10/2011] [10:25 03/10/2011] 6BF50FDA3BC02B1E91036766306A9AB6
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Chrome\CT2269050\content\ConduitAbstractionLayer.js.vir --a---- 36250 bytes [16:57 05/11/2013] [16:57 05/11/2013] B6892B634B7D453DBEACFC7988445110
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Chrome\CT2269050\content\ConduitAbstractionLayerBack.js.vir --a---- 36250 bytes [16:57 05/11/2013] [16:57 05/11/2013] B6892B634B7D453DBEACFC7988445110
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Chrome\CT2269050\content\ConduitAbstractionLayerFront.js.vir --a---- 36250 bytes [16:57 05/11/2013] [16:57 05/11/2013] B6892B634B7D453DBEACFC7988445110
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Chrome\CT2269050\content\tb\al\aboutBox\images\conduit-logo-OLD.png.vir --a---- 1305 bytes [16:57 05/11/2013] [16:57 05/11/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Chrome\CT2269050\content\tb\al\aboutBox\images\conduit-logo.png.vir --a---- 3926 bytes [16:57 05/11/2013] [16:57 05/11/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Chrome\CT2269050\content\tb\al\options\images\conduit-logo.png.vir --a---- 3926 bytes [16:57 05/11/2013] [16:57 05/11/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib\log4conduit.jsm.vir --a---- 760 bytes [16:57 05/11/2013] [16:57 05/11/2013] 93898FE6A232C5FCD838D8168F65D802
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins\npConduitFirefoxPlugin.dll.vir --a---- 206624 bytes [16:57 05/11/2013] [16:57 05/11/2013] 9A14DD14D035B32824AF9DBAA4337991
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [21:32 09/08/2012] [21:32 09/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Chrome\CT2269050\content\ConduitAbstractionLayer.js --a---- 36250 bytes [16:57 06/11/2013] [16:57 06/11/2013] B6892B634B7D453DBEACFC7988445110
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Chrome\CT2269050\content\ConduitAbstractionLayerBack.js --a---- 36250 bytes [16:57 06/11/2013] [16:57 06/11/2013] B6892B634B7D453DBEACFC7988445110
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Chrome\CT2269050\content\ConduitAbstractionLayerFront.js --a---- 36250 bytes [16:57 06/11/2013] [16:57 06/11/2013] B6892B634B7D453DBEACFC7988445110
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Chrome\CT2269050\content\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [16:57 06/11/2013] [16:57 06/11/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Chrome\CT2269050\content\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [16:57 06/11/2013] [16:57 06/11/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Chrome\CT2269050\content\tb\al\options\images\conduit-logo.png --a---- 3926 bytes [16:57 06/11/2013] [16:57 06/11/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib\log4conduit.jsm --a---- 760 bytes [16:57 06/11/2013] [16:57 06/11/2013] 93898FE6A232C5FCD838D8168F65D802
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins\npConduitFirefoxPlugin.dll --a---- 206624 bytes [16:58 06/11/2013] [16:58 06/11/2013] 9A14DD14D035B32824AF9DBAA4337991

Searching for "*OpenCandy*"
No files found.

Searching for "*searchresultstb*"
No files found.

Searching for "*SweetIM*"
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\SweetIm.xml.vir --a---- 3930 bytes [20:44 31/05/2010] [21:07 22/05/2011] A52ADC92FC90AD1E8FB99265426B797C
C:\Dokumente und Einstellungen\CoCo\Cookies\coco@sweetim[4].txt --a---- 1187 bytes [22:29 01/03/2010] [22:29 01/03/2010] 36A4ACF54FCF865CE8E1F4220717D7EE
C:\Dokumente und Einstellungen\CoCo\Cookies\coco@www.sweetim[1].txt --a---- 82 bytes [21:58 01/03/2010] [21:58 01/03/2010] 22D61054A854AB9AD0FBF1AD68F34A47
C:\Dokumente und Einstellungen\CoCo\Cookies\coco@www.sweetim[2].txt --a---- 74 bytes [21:58 01/03/2010] [21:58 01/03/2010] F36BFD5AF8A0661F72731DE652D3300F

Searching for "*iLivid*"
No files found.

Searching for "*DataMngr*"
C:\Users\Cornelius Brack\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [16:04 06/11/2013] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C

========== folderfind ==========

Searching for "*Iminent*"
No folders found.

Searching for "*crossrider*"
No folders found.

Searching for "*Babylon*"
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Local\Babylon d------ [15:56 06/11/2013]
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Babylon d------ [15:56 06/11/2013]
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\ffxtlbr@babylon.com d------ [15:56 06/11/2013]
C:\Program Files\ICQ7M\Xtraz\icq\theme\babylon_feed d------ [14:10 07/10/2012]

Searching for "*ICQToolbar*"
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\ICQToolbarData d------ [15:56 06/11/2013]
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar d------ [18:19 08/12/2009]
C:\Dokumente und Einstellungen\CoCo\Lokale Einstellungen\Temp\Low\ICQToolbar d------ [18:20 08/12/2009]

Searching for "*DriverScanner*"
No folders found.

Searching for "*myfree codec*"
C:\AdwCleaner\Quarantine\C\Program Files\myfree codec d------ [15:56 06/11/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec d------ [15:56 06/11/2013]

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\ConduitCommon d------ [15:56 06/11/2013]

Searching for "*OpenCandy*"
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\OpenCandy d------ [15:56 06/11/2013]
C:\AdwCleaner\Quarantine\C\Users\Cornelius Brack\AppData\Roaming\OpenCandy\OpenCandy_480173DC476845F193740351D397D6D2 d------ [15:56 06/11/2013]

Searching for "*searchresultstb*"
No folders found.

Searching for "*SweetIM*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*DataMngr*"
No folders found.

========== regfind ==========

Searching for "iminent"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.exe]
"Path"="C:\Program Files\Iminent\Iminent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.Messengers.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.Messengers.exe]
"Path"="C:\Program Files\Iminent\Iminent.Messengers.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8d48999d_0]
@="{0.0.0.00000000}.{df5527b5-74a9-47c3-b652-e521f6048512}|\Device\HarddiskVolume1\Program Files\Iminent\Iminent.Messengers.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"00000000000000000000000000000000"="C:\Program Files\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"00000000000000000000000000000000"="C:\Program Files\Iminent\USearch.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287]
"00000000000000000000000000000000"="C:\Program Files\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"00000000000000000000000000000000"="C:\Program Files\Iminent\SearchTheWeb.xml"
[HKEY_USERS\S-1-5-21-1840268806-3441741845-855969553-1001\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.exe]
[HKEY_USERS\S-1-5-21-1840268806-3441741845-855969553-1001\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.exe]
"Path"="C:\Program Files\Iminent\Iminent.exe"
[HKEY_USERS\S-1-5-21-1840268806-3441741845-855969553-1001\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.Messengers.exe]
[HKEY_USERS\S-1-5-21-1840268806-3441741845-855969553-1001\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.Messengers.exe]
"Path"="C:\Program Files\Iminent\Iminent.Messengers.exe"
[HKEY_USERS\S-1-5-21-1840268806-3441741845-855969553-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8d48999d_0]
@="{0.0.0.00000000}.{df5527b5-74a9-47c3-b652-e521f6048512}|\Device\HarddiskVolume1\Program Files\Iminent\Iminent.Messengers.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "crossrider"
No data found.

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "ICQToolbar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840268806-3441741845-855969553-1001\Software\ICQ\ICQToolBar]
[HKEY_USERS\S-1-5-21-1840268806-3441741845-855969553-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840268806-3441741845-855969553-1001\Software\ICQ\ICQToolBar]

Searching for "DriverScanner"
No data found.

Searching for "myfree codec"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{FD501041-8EBE-11CE-8183-00AA00577DA2}]
"FriendlyName"="MyFree Codec Filter"

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="icq.com conduit.com sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"3C9969540349183469B424848DB7949F"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\3C9969540349183469B424848DB7949F]
"File"="iSyncConduit.dll"
[HKEY_USERS\S-1-5-21-1840268806-3441741845-855969553-1001\Software\Conduit]
[HKEY_USERS\S-1-5-21-1840268806-3441741845-855969553-1001\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="icq.com conduit.com sweetim.com"

Searching for "OpenCandy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Cheat Engine\OpenCandy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2]
"PurchaseUrl"="hxxp://www.liutilities.com/products/campaigns/rbtrial/adv/opencandy/9/"

Searching for "searchresultstb"
No data found.

Searching for "SweetIM"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="icq.com conduit.com sweetim.com"
[HKEY_USERS\S-1-5-21-1840268806-3441741845-855969553-1001\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="icq.com conduit.com sweetim.com"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Cornelius Brack\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Cornelius Brack\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-1840268806-3441741845-855969553-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Cornelius Brack\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-1840268806-3441741845-855969553-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Cornelius Brack\AppData\Local\iLivid]

Searching for "DataMngr"
No data found.

Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\WIA\Devices\CNQ2414]
"ProductId"="IX-24145H "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{28C5D1F6-BE67-44D1-A345-31918118A52B}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{97D9239C-2BA3-4e1d-A710-B626DC4602A6}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
</Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B452CE2-3E81-4740-8E26-3FC9BC9F3437}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
<Descriptor descriptorID="{9A82F712-5A9D-4409-9539-666BBCDFE12D}"/>
<Descriptor descriptorID="{6AB026D3-FAD5-4a18-A53B-2CAFA358AE8F}"/>
<Descriptor descriptorID="{1A796A5D-1E25-4862-9443-1550578FF4C4}"/>
<Descriptor descriptorID="{E04AAEE8-950C-43c4-B75C-D87736A7FAFD}"/>
<Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
</Rating>
<Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{068D40C4-7809-4c67-8FEA-DA457CF990B4}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{8B6C5624-3E4C-4BB8-A4B9-1F32C4D89C8A}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
<Descriptor descriptorID="{9A82F712-5A9D-4409-9539-666BBCDFE12D}"/>
<Descriptor descriptorID="{6AB026D3-FAD5-4a18-A53B-2CAFA358AE8F}"/>
<Descriptor descriptorID="{1A796A5D-1E25-4862-9443-1550578FF4C4}"/>
<Descriptor descriptorID="{E04AAEE8-950C-43c4-B75C-D87736A7FAFD}"/>
<Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
</Rating>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rati
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{9F139328-9B00-448D-B775-17A5833DFD37}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{9236ED52-B5FE-4227-8EB3-353C0BDABECF}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{464299D0-6D57-47e8-AA53-A849CBEA12CB}"/>
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{7A53B0BE-B92D-4e8a-A11F-8E6F9F3C575B}">
<Descriptor descriptorID="{56C2626D-3794-473c-B57F-40D31D012C4C}"/>
</Rating>
<Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{BB63F1DB-83FB-4790-ABE5-920E0AC864BD}"/>
<Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{FCC61B08-1352-4e5b-9D96-986EAB2FC503}"/>
<Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{CB36002A-1329-4450-AA6D-83AEAB4741AF}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
<Descriptor descriptorID="{0CFCF432-3544-4f78-9426-07A36843E6BA}"/>
<Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
</Rating>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
<Descriptor descriptorID="{6AB00271-515B-4a4d-8A6E-9E66BF96A437}"/>
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
</Rating>
<Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{FCA7464C-E974-4A5A-9AA2-D26D2119251E}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{B3F8E60B-DF77-4104-88AC-F5919C64649A}"/>
<Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{997B7D18-2AFA-49dc-847B-0E8A69723040}"/>
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
<Descriptor descriptorID="{9A82F712-5A9D-4409-9539-666BBCDFE12D}"/>
<Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
</Rating>
<R
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#0810240538A099&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_5.00#301506005BB93301&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SIGMATEL&PROD_MSCN&REV_0100#0002F68C81 304B15&0#]
"DeviceDesc"="MSCN "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#0810240538A099&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_5.00#301506005BB93301&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SIGMATEL&PROD_MSCN&REV_0100#0002F68C81 304B15&0#]
"DeviceDesc"="MSCN "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#0810240538A099&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_5.00#301506005BB93301&0 #]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SIGMATEL&PROD_MSCN&REV_0100#0002F6 8C81304B15&0#]
"DeviceDesc"="MSCN "

-= EOF =-

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Cornelius Brack (administrator) on CORNELIUSBRACK on 07-11-2013 17:20:30
Running from C:\Users\Cornelius Brack\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
() C:\Program Files\Guard-ICQ\GuardICQ.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files\Guard-ICQ\GuardICQ.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Spotify Ltd) C:\Users\Cornelius Brack\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
() C:\Users\Cornelius Brack\Downloads\SystemLook.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Guard.Mail.ru.gui] - C:\Program Files\Guard-ICQ\GuardICQ.exe [1564368 2012-10-07] ()
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Cornelius Brack\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-24] (Spotify Ltd)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
MountPoints2: {88ac7d23-66e5-11e1-8807-0019dbf62289} - H:\AutoRun.exe
MountPoints2: {88ac7d79-66e5-11e1-8807-0019dbf62289} - H:\AutoRun.exe
MountPoints2: {e807e0e8-44db-11df-94b7-806e6f6e6963} - F:\Beruf_Karriere.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1C89614AE000CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie10
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {1AC29700-6F65-4EE6-AD66-68FA88F985C1} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {309589F9-6A52-42E9-A507-BC3E1F3AD755} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {3B7DDEBF-91C8-4C25-B347-374BF250EE77} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {3DD9D4CB-7569-496F-B238-806934F5D6FC} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {AA888166-5520-4D15-8CB7-080974E0C528} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2BD76CAE-886B-4A80-AD9F-62C70BA095E9}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{3DD56755-ACAC-4EFB-8C2B-A3540E049A42}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default
FF SearchEngineOrder.1: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-2.2 - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: DVDVideoSoftTB  - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: WOT - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: ciuvo-extension - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: firefox-hotfix - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\firefox-hotfix@mozilla.org.xpi
FF Extension: toolbar - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\toolbar@web.de.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\

Chrome: 
=======
CHR Extension: (Skype Click to Call) - C:\Users\CORNEL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Norton Identity Protection) - C:\Users\CORNEL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [1564368 2012-10-07] ()
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-03-04] (Logitech Inc.)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2010-10-31] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-04-30] ()
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [1096280 2013-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-27] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] ()
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2012-03-05] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2012-03-05] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [181760 2012-03-05] (Huawei Technologies Co., Ltd.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20131106.001\IDSvix86.sys [393816 2013-10-25] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-04-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20131106.025\NAVENG.SYS [93272 2013-11-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20131106.025\NAVEX15.SYS [1612376 2013-11-05] (Symantec Corporation)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-04-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMNETS.SYS [318584 2012-04-18] (Symantec Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-07 17:08 - 2013-11-07 17:21 - 00063048 _____ C:\Users\Cornelius Brack\Downloads\SystemLook.txt
2013-11-07 17:08 - 2013-11-07 17:08 - 00001114 _____ C:\Users\Cornelius Brack\Desktop\SystemLook.exe - Verknüpfung.lnk
2013-11-07 17:07 - 2013-11-07 17:07 - 00139264 _____ C:\Users\Cornelius Brack\Downloads\SystemLook.exe
2013-11-06 17:26 - 2013-11-06 17:26 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-06 17:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-06 17:25 - 2013-11-06 17:25 - 00001696 _____ C:\Users\Cornelius Brack\Desktop\mbam-setup-1.75.0.1300(1).exe - Verknüpfung.lnk
2013-11-06 17:24 - 2013-11-06 17:24 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Cornelius Brack\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-11-06 17:22 - 2013-11-06 17:22 - 00035846 _____ C:\Users\Cornelius Brack\Desktop\JRT.txt
2013-11-06 17:05 - 2013-11-06 17:05 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 17:04 - 2013-11-06 17:04 - 00001492 _____ C:\Users\Cornelius Brack\Desktop\JRT.exe - Verknüpfung.lnk
2013-11-06 17:03 - 2013-11-06 17:03 - 01034531 _____ (Thisisu) C:\Users\Cornelius Brack\Downloads\JRT.exe
2013-11-06 16:54 - 2013-11-06 16:56 - 00000000 ____D C:\AdwCleaner
2013-11-06 16:54 - 2013-11-06 16:54 - 00001561 _____ C:\Users\Cornelius Brack\Desktop\adwcleaner.exe - Verknüpfung.lnk
2013-11-06 16:51 - 2013-11-06 16:51 - 01073262 _____ C:\Users\Cornelius Brack\Downloads\adwcleaner.exe
2013-11-06 16:46 - 2013-11-06 16:46 - 00001503 _____ C:\Users\Cornelius Brack\Desktop\FRST.exe - Verknüpfung.lnk
2013-11-06 16:41 - 2013-11-06 16:42 - 00025862 _____ C:\Users\Cornelius Brack\Downloads\Addition.txt
2013-11-06 16:37 - 2013-11-06 16:37 - 00000000 ____D C:\FRST
2013-11-06 16:31 - 2013-11-06 16:31 - 01089445 _____ (Farbar) C:\Users\Cornelius Brack\Downloads\FRST.exe
2013-11-04 01:05 - 2013-11-04 01:05 - 00008451 _____ C:\Users\Cornelius Brack\Downloads\spssdata(1).csv
2013-11-01 23:15 - 2013-11-01 23:15 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata2.csv
2013-11-01 23:14 - 2013-11-04 17:29 - 00048195 _____ C:\Users\Cornelius Brack\Documents\Auswertung Umfrage.xlsx
2013-11-01 22:43 - 2013-11-01 22:43 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata1.csv
2013-11-01 22:07 - 2013-11-01 22:42 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata.csv
2013-11-01 15:22 - 2013-11-01 15:22 - 00000000 ____D C:\Users\Cornelius Brack\Documents\FUSSBALL MANAGER 14
2013-11-01 15:20 - 2013-11-01 15:20 - 00001178 _____ C:\Users\Public\Desktop\FUSSBALL MANAGER 14.lnk
2013-10-31 23:14 - 2013-10-31 23:30 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\Origin
2013-10-30 20:17 - 2013-11-01 23:14 - 00096256 _____ C:\Users\Cornelius Brack\Documents\Auswertung Umfrage.xls
2013-10-29 15:15 - 2013-11-06 20:19 - 00005388 _____ C:\Windows\PFRO.log
2013-10-27 20:56 - 2013-11-07 15:11 - 00001904 _____ C:\Windows\setupact.log
2013-10-27 20:56 - 2013-10-27 20:56 - 00000000 _____ C:\Windows\setuperr.log
2013-10-25 19:56 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-25 19:56 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-25 19:56 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-25 19:56 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-25 19:56 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-25 19:56 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-25 19:56 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-25 19:15 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-25 19:15 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-25 19:15 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-25 19:15 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-25 19:15 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-25 19:15 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-25 19:15 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-25 19:15 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-25 19:15 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-25 19:15 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-25 19:15 - 2013-08-05 02:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-10-25 19:15 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-25 19:15 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-25 19:15 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-25 19:15 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-25 19:15 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-25 19:15 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-25 19:15 - 2013-07-12 11:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-25 19:15 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-25 19:15 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-25 19:15 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-25 19:15 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-25 19:15 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-25 19:15 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-25 19:15 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-25 19:15 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-25 19:15 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-25 19:15 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-25 19:15 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-25 19:15 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-25 19:14 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-25 19:12 - 2013-08-02 02:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-10-25 19:12 - 2013-08-02 02:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-10-25 19:12 - 2013-08-02 02:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 01:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-10-25 19:12 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-25 19:12 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-20 21:46 - 2013-10-20 21:46 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 21:45 - 2013-10-20 21:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 21:45 - 2013-10-20 21:44 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-20 21:45 - 2013-10-20 21:44 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-20 21:45 - 2013-10-20 21:44 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-20 21:45 - 2013-10-20 21:44 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-20 21:39 - 2013-10-20 21:39 - 00915368 _____ (Oracle Corporation) C:\Users\Cornelius Brack\Downloads\jxpiinstall(1).exe
2013-10-16 21:12 - 2013-10-16 21:14 - 67022728 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\FM12DBUpdate(1).exe
2013-10-16 18:29 - 2013-10-16 18:37 - 324367280 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\Manager_12_Update_3.exe
2013-10-16 18:20 - 2013-10-16 18:21 - 37973368 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\FM12DBUpdate2(1).exe
2013-10-16 13:27 - 2013-10-16 13:36 - 183608160 _____ (Symantec Corporation) C:\Users\Cornelius Brack\Downloads\norton_internet_security_setup.exe

==================== One Month Modified Files and Folders =======

2013-11-07 17:21 - 2013-11-07 17:08 - 00063048 _____ C:\Users\Cornelius Brack\Downloads\SystemLook.txt
2013-11-07 17:20 - 2012-04-15 22:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-07 17:08 - 2013-11-07 17:08 - 00001114 _____ C:\Users\Cornelius Brack\Desktop\SystemLook.exe - Verknüpfung.lnk
2013-11-07 17:07 - 2013-11-07 17:07 - 00139264 _____ C:\Users\Cornelius Brack\Downloads\SystemLook.exe
2013-11-07 16:57 - 2010-05-15 18:13 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\Skype
2013-11-07 16:33 - 2010-04-13 17:33 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-07 15:20 - 2009-07-14 05:34 - 00013552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-07 15:20 - 2009-07-14 05:34 - 00013552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-07 15:18 - 2010-04-10 21:04 - 01982553 _____ C:\Windows\WindowsUpdate.log
2013-11-07 15:15 - 2010-04-13 17:33 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-07 15:11 - 2013-10-27 20:56 - 00001904 _____ C:\Windows\setupact.log
2013-11-07 15:11 - 2010-04-30 21:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-07 15:11 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-06 20:19 - 2013-10-29 15:15 - 00005388 _____ C:\Windows\PFRO.log
2013-11-06 20:18 - 2013-09-22 00:10 - 00000000 ____D C:\Windows\865537E164904193A4B6669C62711852.TMP
2013-11-06 17:26 - 2013-11-06 17:26 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-06 17:26 - 2013-09-23 13:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-06 17:25 - 2013-11-06 17:25 - 00001696 _____ C:\Users\Cornelius Brack\Desktop\mbam-setup-1.75.0.1300(1).exe - Verknüpfung.lnk
2013-11-06 17:24 - 2013-11-06 17:24 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Cornelius Brack\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-11-06 17:22 - 2013-11-06 17:22 - 00035846 _____ C:\Users\Cornelius Brack\Desktop\JRT.txt
2013-11-06 17:05 - 2013-11-06 17:05 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 17:04 - 2013-11-06 17:04 - 00001492 _____ C:\Users\Cornelius Brack\Desktop\JRT.exe - Verknüpfung.lnk
2013-11-06 17:03 - 2013-11-06 17:03 - 01034531 _____ (Thisisu) C:\Users\Cornelius Brack\Downloads\JRT.exe
2013-11-06 16:56 - 2013-11-06 16:54 - 00000000 ____D C:\AdwCleaner
2013-11-06 16:56 - 2012-01-19 01:09 - 00000000 ____D C:\ProgramData\Uniblue
2013-11-06 16:56 - 2010-06-13 09:48 - 00000000 ____D C:\ProgramData\ICQ
2013-11-06 16:54 - 2013-11-06 16:54 - 00001561 _____ C:\Users\Cornelius Brack\Desktop\adwcleaner.exe - Verknüpfung.lnk
2013-11-06 16:51 - 2013-11-06 16:51 - 01073262 _____ C:\Users\Cornelius Brack\Downloads\adwcleaner.exe
2013-11-06 16:46 - 2013-11-06 16:46 - 00001503 _____ C:\Users\Cornelius Brack\Desktop\FRST.exe - Verknüpfung.lnk
2013-11-06 16:42 - 2013-11-06 16:41 - 00025862 _____ C:\Users\Cornelius Brack\Downloads\Addition.txt
2013-11-06 16:41 - 2011-07-23 13:35 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\vlc
2013-11-06 16:37 - 2013-11-06 16:37 - 00000000 ____D C:\FRST
2013-11-06 16:31 - 2013-11-06 16:31 - 01089445 _____ (Farbar) C:\Users\Cornelius Brack\Downloads\FRST.exe
2013-11-06 08:02 - 2010-04-10 21:14 - 01526094 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-04 21:55 - 2010-04-30 21:09 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Local\CrashDumps
2013-11-04 17:29 - 2013-11-01 23:14 - 00048195 _____ C:\Users\Cornelius Brack\Documents\Auswertung Umfrage.xlsx
2013-11-04 01:05 - 2013-11-04 01:05 - 00008451 _____ C:\Users\Cornelius Brack\Downloads\spssdata(1).csv
2013-11-02 19:36 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-02 19:32 - 2013-05-15 16:40 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-11-02 18:53 - 2012-01-02 15:18 - 00000000 ____D C:\Users\Cornelius Brack\Documents\Bewerbung
2013-11-02 18:15 - 2012-01-17 14:50 - 00203264 ___SH C:\Users\Cornelius Brack\Thumbs.db
2013-11-02 18:15 - 2010-04-10 21:13 - 00000000 ____D C:\Users\Cornelius Brack
2013-11-02 09:55 - 2011-06-08 20:43 - 00000000 ____D C:\Program Files\Origin
2013-11-01 23:15 - 2013-11-01 23:15 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata2.csv
2013-11-01 23:14 - 2013-10-30 20:17 - 00096256 _____ C:\Users\Cornelius Brack\Documents\Auswertung Umfrage.xls
2013-11-01 22:43 - 2013-11-01 22:43 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata1.csv
2013-11-01 22:42 - 2013-11-01 22:07 - 00011849 _____ C:\Users\Cornelius Brack\Downloads\spssdata.csv
2013-11-01 15:22 - 2013-11-01 15:22 - 00000000 ____D C:\Users\Cornelius Brack\Documents\FUSSBALL MANAGER 14
2013-11-01 15:21 - 2011-06-08 20:43 - 00000000 ____D C:\ProgramData\Origin
2013-11-01 15:20 - 2013-11-01 15:20 - 00001178 _____ C:\Users\Public\Desktop\FUSSBALL MANAGER 14.lnk
2013-11-01 12:30 - 2011-06-08 20:43 - 00000000 ____D C:\Program Files\Origin Games
2013-10-31 23:30 - 2013-10-31 23:14 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\Origin
2013-10-31 23:16 - 2011-06-08 20:49 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Local\Origin
2013-10-30 21:05 - 2013-07-13 15:57 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\Spotify
2013-10-30 19:50 - 2013-07-13 15:59 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Local\Spotify
2013-10-27 20:56 - 2013-10-27 20:56 - 00000000 _____ C:\Windows\setuperr.log
2013-10-27 17:17 - 2010-04-10 22:07 - 00000000 ____D C:\Users\Cornelius Brack\Tracing
2013-10-27 17:15 - 2010-04-10 22:01 - 00000000 ____D C:\Windows\Panther
2013-10-27 11:09 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-25 20:16 - 2009-07-14 05:33 - 00418832 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-25 20:15 - 2010-10-03 10:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-25 20:13 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-25 20:11 - 2010-04-10 23:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-25 20:08 - 2013-08-04 10:18 - 00000000 ____D C:\Windows\system32\MRT
2013-10-21 11:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-10-20 21:53 - 2012-09-15 19:06 - 00000000 ____D C:\Users\Cornelius Brack\AppData\Roaming\TV-Browser
2013-10-20 21:46 - 2013-10-20 21:46 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 21:45 - 2013-10-20 21:45 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 21:44 - 2013-10-20 21:45 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-20 21:44 - 2013-10-20 21:45 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-20 21:44 - 2013-10-20 21:45 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-20 21:44 - 2013-10-20 21:45 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-20 21:44 - 2010-05-13 15:12 - 00000000 ____D C:\Program Files\Java
2013-10-20 21:39 - 2013-10-20 21:39 - 00915368 _____ (Oracle Corporation) C:\Users\Cornelius Brack\Downloads\jxpiinstall(1).exe
2013-10-16 21:21 - 2010-05-15 18:13 - 00000000 ____D C:\ProgramData\Skype
2013-10-16 21:20 - 2010-05-15 18:13 - 00000000 ___RD C:\Program Files\Skype
2013-10-16 21:14 - 2013-10-16 21:12 - 67022728 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\FM12DBUpdate(1).exe
2013-10-16 18:37 - 2013-10-16 18:29 - 324367280 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\Manager_12_Update_3.exe
2013-10-16 18:21 - 2013-10-16 18:20 - 37973368 _____ (Electronic Arts Inc.) C:\Users\Cornelius Brack\Downloads\FM12DBUpdate2(1).exe
2013-10-16 17:20 - 2012-04-15 22:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-16 17:20 - 2011-06-03 16:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-16 13:36 - 2013-10-16 13:27 - 183608160 _____ (Symantec Corporation) C:\Users\Cornelius Brack\Downloads\norton_internet_security_setup.exe

Some content of TEMP:
====================
C:\Users\Cornelius Brack\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 11:29

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Cornelius Brack at 2013-11-07 17:23:24
Running from C:\Users\Cornelius Brack\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR (Version: 3.5.0.880)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 9.5.4 - Deutsch (Version: 9.5.4)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
AVM FRITZ!Box Dokumentation
AVM FRITZ!Box Druckeranschluss
Biathlon Champion 2007
CameraHelperMsi (Version: 13.31.1038.0)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.2.0.34)
Canon MP Navigator EX 4.0
Canon Solution Menu EX
Canon Utilities CameraWindow (Version: 7.3.0.4)
Canon Utilities CameraWindow DC (Version: 7.4.1.10)
Canon Utilities CameraWindow DC 8 (Version: 8.0.0.19)
Canon Utilities MyCamera (Version: 7.3.0.5)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.4.0.7)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)
CanoScan LiDE 110 Scanner Driver
CCleaner (Version: 3.12)
CVE-2012-4969
D3DX10 (Version: 15.4.2368.0902)
Die Sims Deluxe 
erLT (Version: 1.20.138.34)
FUSSBALL MANAGER 12 (Version: 1.0.0.3)
FUSSBALL MANAGER 14 (Version: 1.0.0.0)
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
Gothic II (Version: Gothic II)
Grand Theft Auto Vice City (Version: 1.00.000)
Guard.ICQ
iCloud (Version: 2.0.2.187)
ICQ7M (Version: 7.8)
iTunes (Version: 11.0.1.12)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 15.4.3502.0922)
Kyocera Product Library (Version: 2.0.0713)
Logitech Vid HD (Version: 7.2 (7248))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Age of Empires
Microsoft Age of Empires Expansion
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0)
Mobile Partner (Version: 21.005.15.02.35)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MP4 To MP3 Converter V3.0
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton Internet Security (Version: 19.9.1.14)
NVIDIA 3D Vision Controller-Treiber 295.73 (Version: 295.73)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA nView Desktop Manager (Version: 6.14.10.12546)
NVIDIA PhysX (Version: 9.12.0209)
NVIDIA PhysX-Systemsoftware 9.12.0209 (Version: 9.12.0209)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Origin (Version: 9.3.2.2730)
OutlookAddInNet3Setup (Version: 1.0.0)
Patrizier 4 (Version: 1.3.0)
ProtectDisc Driver, Version 11 (Version: 11.0.0.14)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.72.80.56)
Revo Uninstaller 1.93 (Version: 1.93)
Safari (Version: 5.34.57.2)
Samsung Kies (Version: 2.0.1.11053_99)
Samsung New PC Studio (Version: 1.00.0000)
Samsung Story Album Viewer (Version: 1.0.0.13054_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.9 (Version: 6.9.106)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
Stronghold 2 (Version: 1.40.1000)
Stronghold Crusader Extreme (Version: 1.20.0000)
Stronghold Legends (Version: 1.20.0000)
swMSM (Version: 12.0.0.1)
System Requirements Lab
TeamViewer 8 (Version: 8.0.16642)
TransportGigant: Down Under (Version: 2.00)
TV-Browser 3.3.1 (Version: 3.3.1)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.0 (Version: 2.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Messenger

==================== Restore Points  =========================

25-10-2013 18:16:37 Windows Update
27-10-2013 15:40:50 Revo Uninstaller's restore point - Skigebiet Simulator 2012
01-11-2013 14:18:28 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0675622D-FE23-4809-B03A-520EC4BB6AE8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {136D1CA7-B236-4AF6-95DB-D3D28052BC17} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2A3E99A9-AE6B-4D64-A0D7-D1120FCCBBC9} - System32\Tasks\{B6FFADFF-8851-42B8-8FC5-FFA4616EEB6C} => C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
Task: {2BF51521-7725-4BD8-8C9B-B9C747051286} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\wscstub.exe [2013-02-02] (Symantec Corporation)
Task: {31DA3142-7220-4B8A-8D94-002B5E3B0F72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-13] (Google Inc.)
Task: {3ED110B7-A6D5-4FC4-8E54-D8F245695D31} - System32\Tasks\{B0E79058-8BFA-45A4-9F00-C8E4F0902203} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.115/de/abandoninstall?page=tsProgressBar
Task: {5F940EFC-4A25-463B-AB9A-A9334AF45561} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe [2012-02-04] (Symantec Corporation)
Task: {64C40CC1-49C9-4B84-88E0-7E5FD54D8321} - System32\Tasks\{DCEBE916-EF92-4C6E-85FF-9FA6654A17E6} => C:\Program Files\Skype\Phone\Skype.exe [2013-10-02] (Skype Technologies S.A.)
Task: {6850CB10-1415-405E-9731-A69CE1CFBBFF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1840268806-3441741845-855969553-1001
Task: {76C10DB3-9D43-4B0E-9F64-BCA25C18ECA8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {81A040FA-D732-497B-BC3F-FA2FB263F911} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-13] (Google Inc.)
Task: {89FFD982-F74F-483D-B01B-B32D9A04AF33} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft)
Task: {993003F3-12FB-4797-A8E6-B9A31A83CD98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-16] (Adobe Systems Incorporated)
Task: {9947C8EC-29F4-41C8-8949-58A9C8D817B3} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {AC489E08-AA60-4807-8B82-18BCA8D7BB4B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe [2012-02-04] (Symantec Corporation)
Task: {B3B212FB-14D2-470D-B89E-EB5927545F71} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {B511FFD3-FFD9-44C6-A737-DE7233E6476B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-05 20:06 - 2013-01-18 15:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-01 23:14 - 2011-03-01 23:14 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-03-01 23:14 - 2011-03-01 23:14 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-10-25 19:57 - 2013-10-25 19:57 - 01931264 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\dda7fe74dac6ecd178928032a7737f47\Kies.UI.ni.dll
2013-09-22 00:38 - 2013-09-22 00:38 - 00079360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\e3ed6d800bc802eb464df3d6edbe262d\Kies.MVVM.ni.dll
2013-09-22 00:39 - 2013-09-22 00:39 - 00080896 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ZipStore\1dd23f0d663e85fd7471859147b682e7\ZipStore.ni.dll
2013-09-22 00:38 - 2013-09-22 00:38 - 00189952 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\897b793626102d13fe581f59a1009f0e\Kies.Common.DeviceServiceLib.Interface.ni.dll
2013-10-25 20:00 - 2013-10-25 20:00 - 00367104 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\864ed58a5d0dad29d91694a47148b417\DevicePhoto.ni.dll
2013-10-25 20:00 - 2013-10-25 20:00 - 00301568 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\184c708c2aff187c0282217ed5d6aff9\DeviceVideo.ni.dll
2013-10-25 20:00 - 2013-10-25 20:00 - 00616448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\6be1468e9e409a8704c5c5e895eea29e\DevicePodcast.ni.dll
2013-09-22 00:43 - 2013-09-22 00:43 - 00307200 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\6577f6dfb5a450d0bbe907f4ac5c7ca6\DummyStorePlugin.ni.dll
2013-09-22 00:43 - 2013-09-22 00:43 - 14972928 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\fbaadafecb211c0faea42e24cb927249\Kies.Theme.ni.dll
2013-10-25 19:59 - 2013-10-25 19:59 - 00581632 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0479897f82c81e0c5c2f23951882c07e\Kies.Common.DeviceServiceLib.FileService.ni.dll
2013-09-22 00:39 - 2013-09-22 00:39 - 00046592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\edc38c2279bb5fcb9741cd2fdf10e20a\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2013-10-25 19:59 - 2013-10-25 19:59 - 01002496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\2f8e060dcb222f52e78034fb0185c26f\DeviceCommonLib.ni.dll
2013-09-22 00:42 - 2013-09-22 00:42 - 00232960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\c5efe841e2998c266e0f5e29bed04b55\ASF_cSharpAPI.ni.dll
2013-10-01 14:28 - 2013-10-01 14:29 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2013 03:42:34 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (11/06/2013 08:20:17 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)


System errors:
=============
Error: (11/07/2013 05:02:42 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (11/07/2013 03:14:19 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/07/2013 03:13:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/07/2013 03:13:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/07/2013 03:13:50 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/07/2013 03:11:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Dienst "Bonjour"" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/06/2013 11:00:09 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/06/2013 08:21:41 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/06/2013 08:21:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/06/2013 08:21:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (10/06/2012 02:16:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1220 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 2047.3 MB
Available physical RAM: 1275.94 MB
Total Pagefile: 4094.59 MB
Available Pagefile: 2738.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:142.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (alte_ext_HDD) (Fixed) (Total:465.76 GB) (Free:210.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D743D743)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 1F9154FC)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

So jetzt alles geliefert und auch alles richtig gelesen

M-K-D-B · 07.11.2013, 17:49

Servus,

wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.src
FF Extension: Plus-HD-2.2 - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: DVDVideoSoftTB  - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.exe" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.Messengers.exe" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840268806-3441741845-855969553-1001\Software\ICQ\ICQToolBar" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Conduit" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Cheat Engine\OpenCandy" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2" /f
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von FRST,
die Logdatei von HitmanPro,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

cocobrack · 08.11.2013, 22:06

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013
Ran by Cornelius Brack at 2013-11-08 09:41:04 Run:1
Running from C:\Users\Cornelius Brack\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.src
FF Extension: Plus-HD-2.2 - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: DVDVideoSoftTB - C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.exe" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.Messengers.exe" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840268806-3441741845-855969553-1001\Software\ICQ\ICQToolBar" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Conduit" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Cheat Engine\OpenCandy" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2" /f
end

*****************

HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Value deleted successfully.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Value deleted successfully.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Key not found.
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-11.xml => Moved successfully.
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-12.xml => Moved successfully.
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-13.xml => Moved successfully.
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-14.xml => Moved successfully.
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin-15.xml => Moved successfully.
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.gif => Moved successfully.
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\searchplugins\icqplugin.src => Moved successfully.
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com => Moved successfully.
C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} => Moved successfully.
dgderdrv => Service deleted successfully.
pccsmcfd => Service deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar => Moved successfully.

========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.exe" /f =========

Der Vorgang wurde erfolgreich beendet.

========= End of Reg: =========

========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.Messengers.exe" /f =========

Der Vorgang wurde erfolgreich beendet.

========= End of Reg: =========

========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840268806-3441741845-855969553-1001\Software\ICQ\ICQToolBar" /f =========

Der Vorgang wurde erfolgreich beendet.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}" /f =========

FEHLER: Die L”schvorganganforderung wurde nur teilweise abgeschlossen.

========= End of Reg: =========

========= reg delete "HKEY_CURRENT_USER\Software\Conduit" /f =========

Der Vorgang wurde erfolgreich beendet.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Cheat Engine\OpenCandy" /f =========

Der Vorgang wurde erfolgreich beendet.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue\Registry Booster2" /f =========

Der Vorgang wurde erfolgreich beendet.

========= End of Reg: =========

==== End of Fixlog ====

Code:

ATTFilter

HitmanPro 3.7.8.208
www.hitmanpro.com

   Computer name . . . . : CORNELIUSBRACK
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : CorneliusBrack\Cornelius Brack
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-11-08 09:44:36
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 10m 2s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 21

   Objects scanned . . . : 1.735.171
   Files scanned . . . . : 58.556
   Remnants scanned  . . : 902.588 files / 774.027 keys

Potential Unwanted Programs _________________________________________________

   C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\smartbar\ (Rocketfuel)
   HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon)
   HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon)
   HKU\S-1-5-21-1840268806-3441741845-855969553-1001\Software\AppDataLow\Software\SmartBar\ (Conduit)
   HKU\S-1-5-21-1840268806-3441741845-855969553-1001\Software\Conduit\ (Conduit)

Cookies _____________________________________________________________________

   C:\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Cornelius Brack\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\cookies.sqlite:ad.zanox.com
   C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\cookies.sqlite:adultfriendfinder.com
   C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\cookies.sqlite:apmebf.com
   C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\cookies.sqlite:atdmt.com
   C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\cookies.sqlite:banners.sexypartners.net
   C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\cookies.sqlite:doubleclick.net
   C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\cookies.sqlite:exoclick.com
   C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\cookies.sqlite:livejasmin.com
   C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\cookies.sqlite:mediaplex.com
   C:\Users\Cornelius Brack\AppData\Roaming\Mozilla\Firefox\Profiles\r4i8zxdo.default\cookies.sqlite:smartadserver.com

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3a6704590ac5a94c8767c55b6cf0ab3d
# engine=15805
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-08 11:52:47
# local_time=2013-11-08 12:52:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 99 859031 146508152 0 0
# compatibility_mode=5893 16776574 100 94 10163412 135542758 0 0
# scanned=307705
# found=0
# cleaned=0
# scan_time=9979

Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security Online
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
CCleaner
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (24.0)
Google Chrome 29.0.1547.76
Google Chrome 30.0.1599.101
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Moin Moin

habe alles durchgeführt!

ich glaube der PC müsste jetzt sauber sein!

Gruß Coco

06.11.2013, 17:06	#6
M-K-D-B /// TB-Ausbilder	Leuter Werbung und Link im Internet! Servus, ok, fehlen nur noch JRT und MBAM.

06.11.2013, 18:20	#8
M-K-D-B /// TB-Ausbilder	Leuter Werbung und Link im Internet! Servus, fehlt nur noch die Logdatei von MBAM, dann kann es weitergehen.

Leuter Werbung und Link im Internet!

Plagegeister aller Art und deren Bekämpfung: Leuter Werbung und Link im Internet!