Ich bin jetzt auch im Club. Weisser Bildschirm nach Start (Windows 7)

Spinmove · 21.05.2014, 20:50

Hallo zusammen!
Wie schon mehrere hier gepostet haben, habe ich das gleiche Problem.
Nachdem ich das Passwort eingebe wird mein Bildschirm weiss, kann nur noch den Cursor bewegen, sonst nichts.
Kann mir jemand helfen?
Was benötige ich um mein Notebook zu retten?

Eins vorweg, ich kenn mich überhaupt nicht mit Computerausdrücke aus, kann aber dagegen schnell lernen.

Danke

mort · 22.05.2014, 00:16

Hallo Spinmove und

Ich werde dir bei der Bereinigung des Computers helfen.

Arbeite meine Anleitungen nacheinander ab.
Poste deine Logs in Code-Tags: [code]Hier der Inhalt des Logs[/code]
Bedenke, dass wir in unserer Freizeit tätig sind. Bekommst du von mir innerhalb von 2 Tagen keine Antwort, schreibe mir eine PM.

Zitat:

Was benötige ich um mein Notebook zu retten?

Einfach meinen Anweisungen folgen.

Schritt 1

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Spinmove · 22.05.2014, 11:04

Hallo mort, vielen Dank für deine Zeit und Unterstützung!

Ich habe da ein kleines Problem. Meine Schwester hatte damals italienisch als Systemsprache gewählt, daher sind manche Sachen schwierig zu finden. Computer reparieren wird zb auf ita als "computer wiederherstellen" angegeben usw. Ich bin aber trotzdem bis in die Eingabeaufforderung gekommen, habe auch notepad eingegeben und Enter gedrückt, danach Datei speichern unter..und Computer gewählt.
Und jetzt kommt mein Problem, wo ist der Laufwerkbuchstabe hier zu sehen? Sorry ich kenn mich nicht aus.

hxxp://www.directupload.net/file/d/3630/ov6pkkv9_jpg.h

Und noch was, als ich zur Kontrolle kurz auf mein Usb Stick (disco rimovibile) geklickt habe, waren die beiden Tools Frst 32 und 64 nicht zu sehen. Ist das normal?

mort · 22.05.2014, 23:15

Zitat:

wo ist der Laufwerkbuchstabe hier zu sehen?

Der Laufwerkbuchstabe steht neben deinem Stick in den Klammern. In deinem Fall ist dieser Buchstabe "G", da neben deinem Disco-Stick der Buchstabe G steht.

Zitat:

Ist das normal?

Wenn du es mit dem Speichern-Fenster von Notepad anschaust, liegt das wahrscheinlich daran, dass es ".exe" Dateien sind und er dir nur ".txt" Dateien anzeigt.

Spinmove · 23.05.2014, 12:40

ich hoffe das es so stimmt

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by SYSTEM on MININT-GUL7AF8 on 23-05-2014 08:45:29
Running from G:\
Platform: Windows 7 Home Premium (X64) OS Language: Italian Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-03-23] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM\...\Run: [PLFSetL] => C:\Windows\\PLFSetL.exe
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-07-27] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-03] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-21] (Acer Corp.)
HKLM-x32\...\Run: [mcagent_exe] => C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe [1218008 2009-10-28] (McAfee, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1135912 2010-04-12] ()
HKLM-x32\...\Run: [HBLiteSA] => C:\Program Files (x86)\HBLite\bin\11.0.363.0\HBLiteSA.exe [771888 2011-03-22] (Pinball Corporation.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-11-29] (Geek Software GmbH)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-05-24] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-08-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-08-21] ()
HKU\etneo\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-29] (Google Inc.)
HKU\etneo\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\etneo\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\etneo\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3549528 2013-08-18] (Electronic Arts)
HKU\etneo\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKU\etneo\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
HKU\etneo\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKU\etneo\...\Winlogon: [Shell] C:\Users\etneo\AppData\Roaming\data.dat [62976 2011-11-16] () <==== ATTENTION 
Startup: C:\Users\etneo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\etneo\AppData\Local\Temp\b34btbztdb0vavaw.exe ()

==================== Services (Whitelisted) =================

S2 0117601400750179mcinstcleanup; C:\Windows\TEMP\011760~1.EXE [827456 2012-01-09] (McAfee, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [123384 2014-01-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe [865832 2009-10-28] (McAfee, Inc.)
S2 McNASvc; C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe [2482848 2009-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [696848 2009-10-28] (McAfee, Inc.)
S2 McProxy; C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe [359952 2009-07-08] (McAfee, Inc.)
S2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [155456 2009-11-04] (McAfee, Inc.)
S3 McSysmon; C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe [606736 2009-11-04] (McAfee, Inc.)
S2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [895696 2009-10-27] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files (x86)\McAfee\MSK\MskSrver.exe [26640 2009-10-02] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-15] ()

==================== Drivers (Whitelisted) ====================

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102472 2009-11-04] (McAfee, Inc.)
S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [308296 2009-11-04] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-11-04] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-11-04] (McAfee, Inc.)
S1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-01] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-23 08:45 - 2014-05-23 08:45 - 00000000 ____D () C:\FRST
2014-05-22 01:13 - 2014-05-22 01:13 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2978162629-1010601065-2023174795-1001
2014-05-22 01:13 - 2014-05-22 01:13 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2978162629-1010601065-2023174795-1001

==================== One Month Modified Files and Folders =======

2014-05-23 08:45 - 2014-05-23 08:45 - 00000000 ____D () C:\FRST
2014-05-22 01:16 - 2013-07-16 14:58 - 00000004 _____ () C:\Users\etneo\AppData\Roaming\settings.ini
2014-05-22 01:16 - 2012-06-18 22:36 - 00196608 _____ () C:\Windows\System32\Ikeext.etl
2014-05-22 01:16 - 2009-10-29 02:55 - 00026951 _____ () C:\Windows\System32\Config.MPF
2014-05-22 01:16 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 01:16 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 01:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2014-05-22 01:13 - 2014-05-22 01:13 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2978162629-1010601065-2023174795-1001
2014-05-22 01:13 - 2014-05-22 01:13 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2978162629-1010601065-2023174795-1001
2014-05-22 01:13 - 2012-10-25 02:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-22 01:12 - 2009-10-29 02:45 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-22 01:11 - 2012-01-22 02:21 - 00000374 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2014-05-22 01:11 - 2010-02-01 13:26 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-22 01:10 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 01:10 - 2009-07-13 20:51 - 00209978 _____ () C:\Windows\setupact.log
2014-05-22 00:39 - 2009-10-29 03:04 - 00779968 _____ () C:\Windows\PFRO.log
2014-05-22 00:18 - 2009-12-08 21:36 - 01585650 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 00:12 - 2010-09-10 09:35 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4CB7449B-01D5-48FE-8610-72B375589D66}

Files to move or delete:
====================
C:\Users\etneo\AppData\Roaming\data.dat
C:\Users\etneo\AppData\Roaming\settings.ini
C:\ProgramData\2GoqDIRo3.dat
C:\ProgramData\8895606.pad
C:\ProgramData\pNFCu1cp.exe
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\etneo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk


Some content of TEMP:
====================
C:\Users\etneo\AppData\Local\Temp\0.6832171267660215.exe
C:\Users\etneo\AppData\Local\Temp\APNStub.exe
C:\Users\etneo\AppData\Local\Temp\b34btbztdb0vavaw.exe
C:\Users\etneo\AppData\Local\Temp\blppfafnnbfinketnof.bfg
C:\Users\etneo\AppData\Local\Temp\contentDATs.exe
C:\Users\etneo\AppData\Local\Temp\EAD4663.exe
C:\Users\etneo\AppData\Local\Temp\EAD5F51.exe
C:\Users\etneo\AppData\Local\Temp\GLF3F9.tmp.tbDVDV.dll
C:\Users\etneo\AppData\Local\Temp\GLFF8DB.tmp.tbMess.dll
C:\Users\etneo\AppData\Local\Temp\IadHide4.dll
C:\Users\etneo\AppData\Local\Temp\ietD06F.tmp.exe
C:\Users\etneo\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\etneo\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\etneo\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\etneo\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\etneo\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\etneo\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\etneo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\etneo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\etneo\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\etneo\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\etneo\AppData\Local\Temp\lowproc.exe
C:\Users\etneo\AppData\Local\Temp\Messenger_Plus_Live_Switzerland-_DE.exe
C:\Users\etneo\AppData\Local\Temp\MSETUP4.EXE
C:\Users\etneo\AppData\Local\Temp\nsv422B.tmp.ConduitEngineEmbbed.exe
C:\Users\etneo\AppData\Local\Temp\nsvD601.tmp.ConduitEngineEmbbed.exe
C:\Users\etneo\AppData\Local\Temp\oct1506.tmp.exe
C:\Users\etneo\AppData\Local\Temp\octBC5D.tmp.exe
C:\Users\etneo\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\etneo\AppData\Local\Temp\SCC.dll
C:\Users\etneo\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\etneo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\etneo\AppData\Local\Temp\stubhelper.dll
C:\Users\etneo\AppData\Local\Temp\toolbar.exe
C:\Users\etneo\AppData\Local\Temp\UninstallEADM.dll
C:\Users\etneo\AppData\Local\Temp\wdwgjmjkgvbyehnqm.exe
C:\Users\etneo\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\etneo\AppData\Local\Temp\xvidupdate.exe
C:\Users\etneo\AppData\Local\Temp\_is1506.exe
C:\Users\etneo\AppData\Local\Temp\_is28F.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2013-07-08 22:26:29
Restore point made on: 2013-07-11 01:51:05
Restore point made on: 2013-07-15 03:44:56
Restore point made on: 2013-07-16 06:54:23
Restore point made on: 2013-07-20 12:47:34
Restore point made on: 2013-07-20 12:58:43
Restore point made on: 2013-07-20 12:59:39
Restore point made on: 2013-07-20 15:12:20
Restore point made on: 2013-08-16 04:16:19
Restore point made on: 2013-08-17 00:32:18
Restore point made on: 2014-05-22 00:16:14

==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 4025.98 MB
Available physical RAM: 3300.73 MB
Total Pagefile: 4024.13 MB
Available Pagefile: 3304.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:584.07 GB) (Free:282.01 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:1.87 GB) NTFS
Drive g: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 1E5FFB8D)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=584 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 63 MB) (Disk ID: 6CC0BADB)
Partition 1: (Active) - (Size=63 MB) - (Type=06)


LastRegBack: 2013-08-16 10:00

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

mort · 24.05.2014, 16:32

Sieht nicht nach etwas schlimmen aus.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\etneo\...\Winlogon: [Shell] C:\Users\etneo\AppData\Roaming\data.dat [62976 2011-11-16] () <==== ATTENTION 
Startup: C:\Users\etneo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\etneo\AppData\Local\Temp\b34btbztdb0vavaw.exe ()
C:\ProgramData\2GoqDIRo3.dat
C:\ProgramData\8895606.pad
C:\ProgramData\pNFCu1cp.exe
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\etneo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Wenn dein Computer wieder normal startet, mache so weiter:

Schritt 2

Verschiebe FRST vom USB-Stick auf den Desktop.

Starte dann FRST.
Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Spinmove · 24.05.2014, 20:06

Hallo mort, ich hab mein PC gestartet und wie gewohnt war mein Bildschirm weiss, ich habe 2,3 mal versucht dagegen zu "kämpfen" in dem ich ctrl, alt und del drückte und siehe da, aus unerklärlichen Gründen war mein Desktop zu sehen, habe deine Schritte befolgt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-05-2014 1
Ran by etneo at 2014-05-24 20:50:27 Run:1
Running from E:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\etneo\...\Winlogon: [Shell] C:\Users\etneo\AppData\Roaming\data.dat [62976 2011-11-16] () <==== ATTENTION 
Startup: C:\Users\etneo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\etneo\AppData\Local\Temp\b34btbztdb0vavaw.exe ()
C:\ProgramData\2GoqDIRo3.dat
C:\ProgramData\8895606.pad
C:\ProgramData\pNFCu1cp.exe
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\etneo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
*****************

HKU\etneo\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
C:\Users\etneo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => Moved successfully.
C:\Users\etneo\AppData\Local\Temp\b34btbztdb0vavaw.exe => Moved successfully.
C:\ProgramData\2GoqDIRo3.dat => Moved successfully.
C:\ProgramData\8895606.pad => Moved successfully.
C:\ProgramData\pNFCu1cp.exe => Moved successfully.
C:\ProgramData\wavav0bdtzbtb43b.bat => Moved successfully.
C:\ProgramData\wavav0bdtzbtb43b.reg => Moved successfully.
"C:\Users\etneo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk" => File/Directory not found.

==== End of Fixlog ====

und das wäre Schritt 2

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-05-2014 1
Ran by etneo (administrator) on ETNEO-PC on 24-05-2014 20:57:53
Running from C:\Users\etneo\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italian Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\Mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSK\msksrver.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSC\mcsvrcnt.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSC\mcupdui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [PLFSetL] => C:\Windows\\PLFSetL.exe
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-07-27] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-22] (Acer Corp.)
HKLM-x32\...\Run: [mcagent_exe] => C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe [1218008 2009-10-29] (McAfee, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1135912 2010-04-13] ()
HKLM-x32\...\Run: [HBLiteSA] => C:\Program Files (x86)\HBLite\bin\11.0.363.0\HBLiteSA.exe [771888 2011-03-23] (Pinball Corporation.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-11-29] (Geek Software GmbH)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-05-24] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-21-2978162629-1010601065-2023174795-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-29] (Google Inc.)
HKU\S-1-5-21-2978162629-1010601065-2023174795-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2978162629-1010601065-2023174795-1001\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2978162629-1010601065-2023174795-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3549528 2013-08-18] (Electronic Arts)
HKU\S-1-5-21-2978162629-1010601065-2023174795-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2978162629-1010601065-2023174795-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
HKU\S-1-5-21-2978162629-1010601065-2023174795-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKU\S-1-5-21-2978162629-1010601065-2023174795-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe [814472 2013-06-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-2978162629-1010601065-2023174795-1001\...\Winlogon: [Shell] C:\Users\etneo\AppData\Roaming\data.dat [62976 2011-11-17] () <==== ATTENTION 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0810&m=aspire_7715z&r=27360210p415l0374z185t49l2e726
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA677B144A27ACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD0.dll No File
URLSearchHook: HKLM-x32 - mobilewitch Toolbar - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - Messenger Plus Live Switzerland- DE Toolbar - {18c2d815-3a16-4493-9004-77949214a70e} - C:\Program Files (x86)\Messenger_Plus_Live_Switzerland-_DE\tbMes1.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD0.dll No File
URLSearchHook: HKCU - mobilewitch Toolbar - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.)
URLSearchHook: HKCU - Messenger Plus Live Switzerland- DE Toolbar - {18c2d815-3a16-4493-9004-77949214a70e} - C:\Program Files (x86)\Messenger_Plus_Live_Switzerland-_DE\tbMes1.dll (Conduit Ltd.)
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
URLSearchHook: HKCU - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=idYo611CKysf1FuekOV6LA&ind=2010072308&ptnrS=GRfox000&si=&n=77cf44f4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_itCH365CH365
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
SearchScopes: HKCU - {1386F9A4-86AD-43A6-A775-677D3BE16982} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=C6145A69-4637-4BA4-A8C9-3089D3EE4298&apn_sauid=8EA79C6C-CDC7-46C6-9DA6-10FD79C47AC0
SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=idYo611CKysf1FuekOV6LA&ind=2010072308&ptnrS=GRfox000&si=&n=77cf44f4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_itCH365CH365
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ShopperReports - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
BHO-x32: Messenger Plus Live Switzerland- DE Toolbar - {18c2d815-3a16-4493-9004-77949214a70e} - C:\Program Files (x86)\Messenger_Plus_Live_Switzerland-_DE\tbMes1.dll (Conduit Ltd.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin.dll (Conduit Ltd.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO-x32: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
BHO-x32: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD0.dll No File
BHO-x32: mobilewitch Toolbar - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD0.dll No File
Toolbar: HKLM-x32 - mobilewitch Toolbar - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Messenger Plus Live Switzerland- DE Toolbar - {18c2d815-3a16-4493-9004-77949214a70e} - C:\Program Files (x86)\Messenger_Plus_Live_Switzerland-_DE\tbMes1.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {18C2D815-3A16-4493-9004-77949214A70E} -  No File
Toolbar: HKCU - No Name - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} -  No File
Toolbar: HKCU - No Name - {FCBF663E-8530-46F8-A880-AC5ABE9D2B23} -  No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
DPF: HKLM-x32 {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.catania46.net/ct46/blgwp/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2596225&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npclntax_HBLiteSA.dll (Pinball Corporation.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\searchplugins\mywebsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ask Toolbar - C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Extensions\toolbar@ask.com [2012-06-26]
FF Extension: Messenger Plus Live Switzerland- DE Community Toolbar - C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Extensions\{18c2d815-3a16-4493-9004-77949214a70e} [2014-05-22]
FF Extension: IE Tab - C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-05-19]
FF Extension: DVDVideoSoftTB Community Toolbar - C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2014-05-22]
FF Extension: uTorrentBar Community Toolbar - C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2013-02-14]
FF Extension: DVDVideoSoft Toolbar - C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010-04-30]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-07-03]
FF Extension: QuestScan - C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096} [2013-07-03]
FF HKLM-x32\...\Firefox\Extensions: [ShopperReports@ShopperReports.com] - C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
FF Extension: ShopperReports - C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011-06-09]
FF HKLM-x32\...\Firefox\Extensions: [HBLite@HBLite.com] - C:\Program Files (x86)\HBLite\bin\11.0.363.0\firefox\extensions
FF Extension: No Name - C:\Program Files (x86)\HBLite\bin\11.0.363.0\firefox\extensions [2011-06-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2009-10-29]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: questscan.com
CHR DefaultSearchProvider: QuestScan
CHR DefaultSearchURL: hxxp://www.questscan.com/?tmp=redir_bho_bing&prt=QstscanPB&keywords={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\etneo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\etneo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll (McAfee, Inc.)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (HBLite Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll (Pinball Corporation.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Babylon Chrome OCR) - C:\Users\etneo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2012-07-06]
CHR Extension: (SiteAdvisor) - C:\Users\etneo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-07-06]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\etneo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-07-06]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2010-12-17]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-22]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

==================== Services (Whitelisted) =================

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [140424 2014-04-23] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe [865832 2009-10-29] (McAfee, Inc.)
R2 McNASvc; C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe [2482848 2009-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [696848 2009-10-28] (McAfee, Inc.)
R2 McProxy; C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe [359952 2009-07-08] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [155456 2009-11-04] (McAfee, Inc.)
R3 McSysmon; C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe [606736 2009-11-04] (McAfee, Inc.)
R2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [895696 2009-10-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files (x86)\McAfee\MSK\MskSrver.exe [26640 2009-10-02] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

==================== Drivers (Whitelisted) ====================

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102472 2009-11-04] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [308296 2009-11-04] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-11-04] (McAfee, Inc.)
R3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-11-04] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-24 20:57 - 2014-05-24 21:00 - 00035443 _____ () C:\Users\etneo\Desktop\FRST.txt
2014-05-24 20:57 - 2014-05-24 20:49 - 02066432 _____ (Farbar) C:\Users\etneo\Desktop\FRST64.exe
2014-05-24 20:47 - 2014-05-24 20:47 - 00000556 _____ () C:\Users\etneo\Desktop\Fixlist.txt
2014-05-24 20:45 - 2014-05-24 20:46 - 00000000 ___RD () C:\Users\etneo\Desktop\Desktop completo
2014-05-24 20:31 - 2014-05-24 20:31 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2978162629-1010601065-2023174795-1001
2014-05-24 20:31 - 2014-05-24 20:31 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2978162629-1010601065-2023174795-1001
2014-05-23 18:45 - 2014-05-24 20:57 - 00000000 ____D () C:\FRST
2014-05-22 11:13 - 2014-05-22 11:13 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2978162629-1010601065-2023174795-1001
2014-05-22 11:13 - 2014-05-22 11:13 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2978162629-1010601065-2023174795-1001

==================== One Month Modified Files and Folders =======

2014-05-24 21:00 - 2014-05-24 20:57 - 00035443 _____ () C:\Users\etneo\Desktop\FRST.txt
2014-05-24 20:57 - 2014-05-23 18:45 - 00000000 ____D () C:\FRST
2014-05-24 20:57 - 2010-02-01 23:26 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-24 20:51 - 2009-12-09 08:28 - 00698804 _____ () C:\Windows\system32\perfh010.dat
2014-05-24 20:51 - 2009-12-09 08:28 - 00127998 _____ () C:\Windows\system32\perfc010.dat
2014-05-24 20:51 - 2009-07-14 07:13 - 01541618 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-24 20:50 - 2010-02-01 23:03 - 00000000 ___RD () C:\Users\etneo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 20:50 - 2009-12-09 07:36 - 02044730 _____ () C:\Windows\WindowsUpdate.log
2014-05-24 20:49 - 2014-05-24 20:57 - 02066432 _____ (Farbar) C:\Users\etneo\Desktop\FRST64.exe
2014-05-24 20:48 - 2012-04-02 13:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-24 20:48 - 2012-04-02 13:18 - 00003916 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-24 20:48 - 2012-04-02 13:18 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-24 20:48 - 2011-08-07 00:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-24 20:47 - 2014-05-24 20:47 - 00000556 _____ () C:\Users\etneo\Desktop\Fixlist.txt
2014-05-24 20:46 - 2014-05-24 20:45 - 00000000 ___RD () C:\Users\etneo\Desktop\Desktop completo
2014-05-24 20:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-05-24 20:40 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-24 20:40 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-24 20:35 - 2010-09-10 19:35 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4CB7449B-01D5-48FE-8610-72B375589D66}
2014-05-24 20:31 - 2014-05-24 20:31 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2978162629-1010601065-2023174795-1001
2014-05-24 20:31 - 2014-05-24 20:31 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2978162629-1010601065-2023174795-1001
2014-05-24 20:31 - 2013-07-17 00:58 - 00000004 _____ () C:\Users\etneo\AppData\Roaming\settings.ini
2014-05-24 20:31 - 2012-01-22 12:21 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-24 20:30 - 2012-06-19 08:36 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-24 20:30 - 2009-10-29 12:45 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-24 20:29 - 2012-10-25 12:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-24 20:29 - 2010-02-01 23:26 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-24 20:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-24 20:28 - 2009-07-14 06:51 - 00210034 _____ () C:\Windows\setupact.log
2014-05-24 20:27 - 2009-10-29 13:04 - 00780628 _____ () C:\Windows\PFRO.log
2014-05-22 11:16 - 2009-10-29 12:55 - 00026951 _____ () C:\Windows\system32\Config.MPF
2014-05-22 11:13 - 2014-05-22 11:13 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2978162629-1010601065-2023174795-1001
2014-05-22 11:13 - 2014-05-22 11:13 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2978162629-1010601065-2023174795-1001

Files to move or delete:
====================
C:\Users\etneo\AppData\Roaming\data.dat
C:\Users\etneo\AppData\Roaming\settings.ini


Some content of TEMP:
====================
C:\Users\etneo\AppData\Local\Temp\0.6832171267660215.exe
C:\Users\etneo\AppData\Local\Temp\APNStub.exe
C:\Users\etneo\AppData\Local\Temp\blppfafnnbfinketnof.bfg
C:\Users\etneo\AppData\Local\Temp\contentDATs.exe
C:\Users\etneo\AppData\Local\Temp\EAD4663.exe
C:\Users\etneo\AppData\Local\Temp\EAD5F51.exe
C:\Users\etneo\AppData\Local\Temp\GLF3F9.tmp.tbDVDV.dll
C:\Users\etneo\AppData\Local\Temp\GLFF8DB.tmp.tbMess.dll
C:\Users\etneo\AppData\Local\Temp\IadHide4.dll
C:\Users\etneo\AppData\Local\Temp\ietD06F.tmp.exe
C:\Users\etneo\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\etneo\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\etneo\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\etneo\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\etneo\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\etneo\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\etneo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\etneo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\etneo\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\etneo\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\etneo\AppData\Local\Temp\lowproc.exe
C:\Users\etneo\AppData\Local\Temp\Messenger_Plus_Live_Switzerland-_DE.exe
C:\Users\etneo\AppData\Local\Temp\MSETUP4.EXE
C:\Users\etneo\AppData\Local\Temp\nsv422B.tmp.ConduitEngineEmbbed.exe
C:\Users\etneo\AppData\Local\Temp\nsvD601.tmp.ConduitEngineEmbbed.exe
C:\Users\etneo\AppData\Local\Temp\oct1506.tmp.exe
C:\Users\etneo\AppData\Local\Temp\octBC5D.tmp.exe
C:\Users\etneo\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\etneo\AppData\Local\Temp\SCC.dll
C:\Users\etneo\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\etneo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\etneo\AppData\Local\Temp\stubhelper.dll
C:\Users\etneo\AppData\Local\Temp\toolbar.exe
C:\Users\etneo\AppData\Local\Temp\UninstallEADM.dll
C:\Users\etneo\AppData\Local\Temp\wdwgjmjkgvbyehnqm.exe
C:\Users\etneo\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\etneo\AppData\Local\Temp\xvidupdate.exe
C:\Users\etneo\AppData\Local\Temp\_is1506.exe
C:\Users\etneo\AppData\Local\Temp\_is28F.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-16 20:00

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

[/CODE]

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2014 1
Ran by etneo at 2014-05-24 21:01:35
Running from C:\Users\etneo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee VirusScan (Enabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall (Disabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.0 - )
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7029 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7029 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0901 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 7 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Conduit Engine (HKLM-x32\...\conduitEngine) (Version:  - Conduit Ltd.) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.1.5 - DivX, Inc. )
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVDVideoSoft Toolbar (HKLM-x32\...\DVDVideoSoft Toolbar) (Version:  - )
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version:  - )
eMule (HKLM-x32\...\eMule) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
FIFA MANAGER 10 (HKLM-x32\...\FIFA MANAGER 10) (Version:  - Electronic Arts)
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Free Audio CD Burner version 1.2 (HKLM-x32\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free AVI Video Converter version 5.0.27.711 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.27.711 - DVDVideoSoft Ltd.)
Free Video Flip and Rotate version 2.0.0.1228 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version:  - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 4.0 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube Download version 3.1.22.319 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.22.319 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.3 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.0.0 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 28.0.1500.95 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4209.2358 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.153 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Hotbar (HKLM-x32\...\HBLiteSA) (Version: 11.0.363.0 - Pinball Corporation.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.00 - Acer Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version:  - McAfee, Inc.)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Plus! Live (HKLM-x32\...\Messenger Plus! Live) (Version: 4.84.0.382 - Yuna Software)
Messenger_Plus_Live_Switzerland-_DE Toolbar (HKLM-x32\...\Messenger_Plus_Live_Switzerland-_DE Toolbar) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678) (HKLM-x32\...\{90120000-0016-0410-0000-0000000FF1CE}_OMUI.it-it_{9F57BDED-B51B-4D2F-B360-5B4EFAAF0F1A}) (Version:  - Microsoft)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - Italian/Italiano (HKLM-x32\...\OMUI.it-it) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office O MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677) (HKLM-x32\...\{90120000-001A-0410-0000-0000000FF1CE}_OMUI.it-it_{2278E02A-AB15-4BF7-B2B4-5C0EEB4B7EEB}) (Version:  - Microsoft)
Microsoft Office Outlook MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669) (HKLM-x32\...\{90120000-0018-0410-0000-0000000FF1CE}_OMUI.it-it_{C76C02F1-B07F-4974-876A-A18DEC9887C8}) (Version:  - Microsoft)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (Italian) (HKLM-x32\...\{95120000-00AF-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Italian) 2007 (x32 Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word 2007 Help - Aggiornamento (KB963665) (HKLM-x32\...\{90120000-001B-0410-0000-0000000FF1CE}_OMUI.it-it_{E5B82DB3-DD7D-4C45-BC5E-09864B26F9BC}) (Version:  - Microsoft)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Picture It! Foto 2001 (HKLM-x32\...\{D28FDA7D-15C6-48A2-9868-6BCB28BE6254}) (Version: 5.0.0.0000 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{34A08914-7A33-4040-A959-1577BF5AFF8A}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Witch Remote Control (HKLM-x32\...\Mobile Witch Remote Control) (Version:  - )
mobilewitch Toolbar (HKLM-x32\...\mobilewitch Toolbar) (Version:  - )
Mozilla Firefox 22.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 de)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.5.1.8 - Symantec Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version:  - www.orbitdownloader.com)
Origin (HKLM-x32\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.)
Pacchetto di compatibilità per Office System 2007 (HKLM-x32\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
PDF24 Creator 5.1.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pokki (HKCU\...\Pokki) (Version: 0.263.13.319 - Pokki)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Registrazione utente Canon MP270 series (HKLM-x32\...\Registrazione utente Canon MP270 series) (Version:  - )
Samsung PC Studio (x32 Version: 3.0.0.60609 - Samsung Electronics Co., Ltd.) Hidden
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
ShopperReports (HKLM-x32\...\ShopperReportsSA) (Version: 3.0.517.0 - SmartShopper) <==== ATTENTION
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.8.201307151333 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.165 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.165 - Sony)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0100-0410-0000-0000000FF1CE}_OMUI.it-it_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0410-0000-0000000FF1CE}_OMUI.it-it_{9D702FFD-3C2B-44D0-9B8B-CA1A30CA555B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
uTorrentBar Toolbar (HKLM-x32\...\uTorrentBar Toolbar) (Version: 6.2.2.4 - uTorrentBar) <==== ATTENTION
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Vodafone 804SS USB driver Software (HKLM-x32\...\Vodafone 804SS USB driver) (Version:  - )
Vodafone WCDMA Composite Device Drive Software (HKLM-x32\...\Vodafone WCDMA Composite Device Drive) (Version:  - )
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR gestione archivi (HKLM-x32\...\WinRAR archiver) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.1 - Xvid Team)

==================== Restore Points  =========================

09-07-2013 06:25:39 Windows Update
11-07-2013 09:49:54 Windows Update
15-07-2013 11:42:04 Windows Update
16-07-2013 14:54:08 Windows Backup
20-07-2013 20:45:40 Windows Update
20-07-2013 20:58:29 Uninstalled Sony Ericsson Drivers
20-07-2013 20:59:06 Installed Sony Ericsson Drivers
20-07-2013 23:11:20 Sony PC Companion
16-08-2013 12:14:57 Windows Update
17-08-2013 08:31:11 Windows Update
22-05-2014 08:15:17 Windows Backup

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0077A72D-91D6-4DAD-BFC3-5A76B0B8C260} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2978162629-1010601065-2023174795-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {1916E3CE-4512-4878-9181-B592C987FAE6} - System32\Tasks\McDefragTask => C:\Program Files (x86)\McAfee\MQC\QcConsol.exe [2009-09-25] (McAfee, Inc.)
Task: {33258CA9-8094-42B4-B8F6-E72D33195954} - System32\Tasks\{E4EAEF02-F789-46F2-AF48-90DF93EEFFEB} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-03-01] (Skype Technologies S.A.)
Task: {3409FF5E-1D19-4873-9F18-9978C72CFA7E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2978162629-1010601065-2023174795-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {452A02A8-2FEB-4EA7-9146-A636C389E5AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01] (Google Inc.)
Task: {553D2F12-F354-4A0D-B757-7D07A3223ED9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01] (Google Inc.)
Task: {6D6D671A-342E-4FD3-9B70-642AC9E37231} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-24] (Adobe Systems Incorporated)
Task: {8971DBA3-3741-48FA-B8EA-A210836937AD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2978162629-1010601065-2023174795-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {906D8824-5692-4EA4-9E81-89A9679D4CEB} - System32\Tasks\Norton Security Scan for etneo => C:\Program Files (x86)\Norton Security Scan\Engine\3.5.1.8\Nss.exe [2012-04-03] (Symantec Corporation)
Task: {A1A3EF16-EB34-41A8-82DA-D1B72704093D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2978162629-1010601065-2023174795-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {AE11AC61-64FE-4AAF-9069-410C03C10BB1} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-05-04] () <==== ATTENTION
Task: {B38F0759-4869-4453-A2E1-62802B0AD611} - System32\Tasks\{FC8D64BA-D629-48B9-80E4-3103A1CAE1E7} => C:\Program Files (x86)\EA SPORTS\FIFA MANAGER 10\Manager10.exe [2009-10-05] (Electronic Arts Inc.)
Task: {D844A12A-DEA4-4AC3-976E-76226D4F21B4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2978162629-1010601065-2023174795-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E0D0C143-A39B-47E1-BDEC-FD3225433F80} - System32\Tasks\{7D2DDA80-FCF0-462F-87AE-F73098F1FA5D} => Firefox.exe hxxp://ui.skype.com/ui/0/4.2.0.158/it/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {ECC73874-8A1C-4106-BCD1-9CB50EA42DDC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2978162629-1010601065-2023174795-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {F1CC9A0C-A42A-439F-B56B-2F1055493E04} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F2AB030D-98BD-4659-BA66-9C182428F7C4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2978162629-1010601065-2023174795-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\McDefragTask.job => C:\Windows\system32\defrag.exe
Task: C:\Windows\Tasks\Norton Security Scan for etneo.job => C:\PROGRA~2\NORTON~2\Engine\351~1.8\Nss.exe

==================== Loaded Modules (whitelisted) =============

2013-05-30 20:41 - 2013-05-30 20:41 - 01741080 _____ () C:\Users\etneo\AppData\Local\Pokki\ocdeskband_0.dll
2010-04-09 19:02 - 2010-03-15 12:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-07-03 12:43 - 2013-07-03 12:43 - 03285912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\Users\etneo\Downloads\Geldklammer.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2014 11:12:29 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Errore non specificato durante l'esecuzione di Ripristino configurazione di sistema (Windows Update). Informazioni aggiuntive: 0x80070057.

Error: (05/21/2014 11:51:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Explorer.EXE, versione: 6.1.7601.17567, timestamp: 0x4d672ee4
Nome del modulo che ha generato l'errore: msvcrt.dll, versione: 7.0.7601.17744, timestamp: 0x4eeb033f
Codice eccezione: 0xc0000005
Offset errore 0x0000000000001049
ID processo che ha generato l'errore: 0x864
Ora di avvio dell'applicazione che ha generato l'errore: 0xExplorer.EXE0
Percorso dell'applicazione che ha generato l'errore: Explorer.EXE1
Percorso del modulo che ha generato l'errore: Explorer.EXE2
ID segnalazione: Explorer.EXE3

Error: (08/17/2013 01:53:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Origin.exe, versione: 9.0.15.65, timestamp: 0x507ef375
Nome del modulo che ha generato l'errore: QtGui4.dll, versione: 4.8.2.0, timestamp: 0x4ff4ab1c
Codice eccezione: 0xc0000005
Offset errore 0x000b7df0
ID processo che ha generato l'errore: 0x10ac
Ora di avvio dell'applicazione che ha generato l'errore: 0xOrigin.exe0
Percorso dell'applicazione che ha generato l'errore: Origin.exe1
Percorso del modulo che ha generato l'errore: Origin.exe2
ID segnalazione: Origin.exe3

Error: (08/17/2013 00:22:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: NobuActivation.exe, versione: 1.2.0.36, timestamp: 0x4a6a4437
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x00577fa8
ID processo che ha generato l'errore: 0x1068
Ora di avvio dell'applicazione che ha generato l'errore: 0xNobuActivation.exe0
Percorso dell'applicazione che ha generato l'errore: NobuActivation.exe1
Percorso del modulo che ha generato l'errore: NobuActivation.exe2
ID segnalazione: NobuActivation.exe3

Error: (08/17/2013 00:22:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: DivXUpdate.exe, versione: 1.0.0.458, timestamp: 0x4bc3a2c7
Nome del modulo che ha generato l'errore: ole32.dll, versione: 6.1.7601.17514, timestamp: 0x4ce7b96f
Codice eccezione: 0xc0000005
Offset errore 0x00039342
ID processo che ha generato l'errore: 0x778
Ora di avvio dell'applicazione che ha generato l'errore: 0xDivXUpdate.exe0
Percorso dell'applicazione che ha generato l'errore: DivXUpdate.exe1
Percorso del modulo che ha generato l'errore: DivXUpdate.exe2
ID segnalazione: DivXUpdate.exe3

Error: (08/17/2013 10:44:40 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Impossibile inizializzare il monitoraggio delle prestazioni per l'oggetto Gatherer. I contatori non sono stati caricati oppure non è possibile aprire l'oggetto memoria condivisa. Questo problema influisce solo sulla disponibilità dei contatori delle prestazioni. Riavviare il computer.

Contesto: applicazione , catalogo SystemIndex

Error: (08/17/2013 10:31:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Servizi di crittografia: impossibile elaborare la chiamata OnIdentity() nell'oggetto writer del sistema.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver.

System Error:
Impossibile trovare il file specificato.
.

Error: (08/16/2013 08:06:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generazione del contesto di attivazione non riuscita per "assemblyIdentity1". Errore nel file manifesto o dei criteri "assemblyIdentity2", riga assemblyIdentity3.
Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" dell'attributo "version" nell'elemento "assemblyIdentity" non è valido.

Error: (07/23/2013 02:25:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Impossibile trovare l'assembly dipendente rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.

Error: (07/21/2013 11:07:41 AM) (Source: swg) (EventID: 1) (User: )
Description: There was an error in s.  File s


System errors:
=============
Error: (05/22/2014 11:16:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (05/22/2014 10:43:15 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Il servizio Client di Criteri di gruppo non è stato arrestato correttamente dopo la ricezione di un controllo di pre-arresto del sistema.

Error: (05/22/2014 10:39:59 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Precedente arresto del sistema inatteso a 10:18:40 su ‎22.‎05.‎2014.

Error: (05/22/2014 10:01:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver: 
spldr

Error: (05/22/2014 10:01:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio McAfee Proxy Service è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.

Error: (05/22/2014 10:01:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Link-Layer Topology Discovery Responder non è stato avviato per il seguente errore: 
%%646

Error: (05/22/2014 10:01:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Link-Layer Topology Discovery Mapper I/O Driver non è stato avviato per il seguente errore: 
%%646

Error: (05/21/2014 00:38:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/21/2014 00:37:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio NTI Backup Now 5 Scheduler Service non è stato avviato per il seguente errore: 
%%1053

Error: (05/21/2014 00:37:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio NTI Backup Now 5 Scheduler Service.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 4025.98 MB
Available physical RAM: 2417.21 MB
Total Pagefile: 8050.14 MB
Available Pagefile: 6339.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:584.07 GB) (Free:281.29 GB) NTFS
Drive e: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 1E5FFB8D)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=584 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 63 MB) (Disk ID: 6CC0BADB)
Partition 1: (Active) - (Size=63 MB) - (Type=06)

==================== End Of Log ============================

mort · 25.05.2014, 09:32

Sieht nach viel Adware aus, ist aber nicht schlimm. Wir machen nur noch ein paar Kontrollscans.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\etneo\AppData\Roaming\data.dat
C:\Users\etneo\AppData\Roaming\settings.ini
2013-05-30 20:41 - 2013-05-30 20:41 - 01741080 _____ () C:\Users\etneo\AppData\Local\Pokki\ocdeskband_0.dll
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Klicke bitte auf den Windowsbutton in der Taskleiste und dort auf "Systemsteuerung". Wenn du dort bist, gehe auf "Programme deinstallieren" unter "Programme". Hier kannst du nun folgende Programm deinstallieren.

Ask Toolbar
Ask Toolbar Updater
Conduit Engine
DVDVideoSoft Toolbar
DVDVideoSoftTB Toolbar
McAfee Security Scan Plus
Messenger_Plus_Live_Switzerland-_DE Toolbar
mobilewitch Toolbar
Pokki
ShopperReports
Uninstall 1.0.0.1
uTorrentBar Toolbar

Schritt 3

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 4

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 5

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 6

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Spinmove · 26.05.2014, 13:25

hallo mort, ich stecke bei schritt 5 fest..der suchlauf ist abgeschlossen, habe auf fertig stellen geklickt und das eset fenster geschlossen..
ich finde jetzt die logfiles nicht..vielleicht such ich im falschen ort?
wo muss ich genau hingehen?

mort · 26.05.2014, 15:40

Schon hier geschaut?
http://www.trojaner-board.de/125889-...tml#post941546

Spinmove · 26.05.2014, 21:18

sorry, ich habe mich wahrscheinlich falsch ausgedrückt..
im schritt 5 komme ich nicht weiter..

unter punkt "explorer öffnen" und danach punkt "C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert)."

ich verstehe nicht was für ein explorer ich öffnen muss um an die datein anzukommen?

mort · 26.05.2014, 22:27

Der normale Windows-Explorer mit dem man durch die Dateisysteme geht. Drücke links unten auf den Start-Knopf und wähle im Menü "Computer". Von dort aus solltest du an die Datei kommen.

Spinmove · 27.05.2014, 08:59

Name: Immagine.jpg
Hits: 472
Größe: 43,2 KB

und genau da hatte ich gesucht..unter computer..
ich habe die zwei "links" kopiert und eingefügt

C:\Programme\Eset\EsetOnlineScanner\log.txt

und dann

C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt

aber es kam nichts dabei raus..nur ne meldung dass diese links nicht existieren, ich sollte die rechtschreibung prüfen

mort · 28.05.2014, 19:26

Versuche mal per Hand an das Log zu kommen. Also hier auf C: und danach auf Programme (x86), bis du beim Log bist.

Spinmove · 28.05.2014, 21:50

so, ich glaub ich habs

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by etneo at 2014-05-25 23:52:01 Run:2
Running from C:\Users\etneo\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\etneo\AppData\Roaming\data.dat
C:\Users\etneo\AppData\Roaming\settings.ini
2013-05-30 20:41 - 2013-05-30 20:41 - 01741080 _____ () C:\Users\etneo\AppData\Local\Pokki\ocdeskband_0.dll
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
*****************

C:\Users\etneo\AppData\Roaming\data.dat => Moved successfully.
C:\Users\etneo\AppData\Roaming\settings.ini => Moved successfully.
C:\Users\etneo\AppData\Local\Pokki\ocdeskband_0.dll => Moved successfully.
C:\ProgramData\Temp => ":0B9176C0" ADS removed successfully.
C:\ProgramData\Temp => ":444C53BA" ADS removed successfully.
C:\ProgramData\Temp => ":4CF61E54" ADS removed successfully.
C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully.
C:\ProgramData\Temp => ":ABE89FFE" ADS removed successfully.

==== End of Fixlog ====

Code:

ATTFilter

# AdwCleaner v3.210 - Rapporto creato 26/05/2014 in 00:04:25
# Aggiornato 19/05/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : etneo - ETNEO-PC
# In esecuzione da : C:\Users\etneo\Desktop\adwcleaner_3.210.exe
# Opzione : Pulisci

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Cartella Eliminato : C:\ProgramData\Ask
Cartella Eliminato : C:\ProgramData\HBLiteSA
Cartella Eliminato : C:\ProgramData\Partner
Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
Cartella Eliminato : C:\Program Files (x86)\Babylon
Cartella Eliminato : C:\Program Files (x86)\Conduit
Cartella Eliminato : C:\Program Files (x86)\ConduitEngine
Cartella Eliminato : C:\Program Files (x86)\HBLite
Cartella Eliminato : C:\Program Files (x86)\orbitdownloader
Cartella Eliminato : C:\Users\etneo\AppData\Local\Temp\AskSearch
Cartella Eliminato : C:\Users\etneo\AppData\Local\Temp\CT2269050
Cartella Eliminato : C:\Users\etneo\AppData\LocalLow\BabylonToolbar
Cartella Eliminato : C:\Users\etneo\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\etneo\AppData\LocalLow\ConduitEngine
Cartella Eliminato : C:\Users\etneo\AppData\LocalLow\DVDVideoSoftTB
Cartella Eliminato : C:\Users\etneo\AppData\LocalLow\MyWebSearch
Cartella Eliminato : C:\Users\etneo\AppData\LocalLow\PriceGong
Cartella Eliminato : C:\Users\etneo\AppData\Roaming\dvdvideosoftiehelpers
Cartella Eliminato : C:\Users\etneo\AppData\Roaming\OpenCandy
Cartella Eliminato : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Conduit
Cartella Eliminato : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\ConduitCommon
Cartella Eliminato : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Smartbar
Cartella Eliminato : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\CT2596225
Cartella Eliminato : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\CT2269050
Cartella Eliminato : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\CT2786678
Cartella Eliminato : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Cartella Eliminato : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
Cartella Eliminato : C:\Program Files (x86)\Mozilla Firefox\Extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
Cartella Eliminato : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Extensions\{18c2d815-3a16-4493-9004-77949214a70e}
Cartella Eliminato : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Cartella Eliminato : C:\Users\etneo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
File Eliminato : C:\Windows\SysWOW64\conduitEngine.tmp
File Eliminato : C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll
File Eliminato : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\searchplugins\Askcom.xml
File Eliminato : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\searchplugins\Conduit.xml
File Eliminato : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\searchplugins\mywebsearch.xml

***** [ Collegamenti ] *****


***** [ Registro ] *****

Valore Eliminati : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [hblite@hblite.com]
Chiave Eliminati : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Chiave Eliminati : HKCU\Software\Classes\pokki
Chiave Eliminati : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chiave Eliminati : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\Conduit.Engine
Chiave Eliminati : HKLM\SOFTWARE\Classes\hbliteax.info
Chiave Eliminati : HKLM\SOFTWARE\Classes\hbliteax.info.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\hbliteax.userprofiles
Chiave Eliminati : HKLM\SOFTWARE\Classes\hbliteax.userprofiles.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminati : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chiave Eliminati : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\ShopperReports.Reporter
Chiave Eliminati : HKLM\SOFTWARE\Classes\ShopperReports.Reporter.1
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Valore Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [HBLiteSA]
Chiave Eliminati : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Chiave Eliminati : HKLM\SOFTWARE\Classes\Toolbar.CT2596225
Chiave Eliminati : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{7025E484-D4B0-441A-9F0B-69063BD679CE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{8258B35C-05B8-4C0E-9525-9BCCC70F8F2D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{A89256AD-EC17-4A83-BEF5-4B8BC4F39306}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{4E674574-3F0B-491D-8AE3-F90B43A34FD6}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{248B8A7C-96A1-42B6-A6C9-8E68D2E571DF}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Valore Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valore Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Valore Eliminati : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valore Eliminati : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Valore Eliminati : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Valore Eliminati : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valore Eliminati : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Valore Eliminati : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Valore Eliminati : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]
Valore Eliminati : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]
Chiave Eliminati : HKCU\Software\1ClickDownload
Chiave Eliminati : HKCU\Software\Conduit
Chiave Eliminati : HKCU\Software\hblitesa
Chiave Eliminati : HKCU\Software\InstallCore
Chiave Eliminati : HKCU\Software\Orbit
Chiave Eliminati : HKCU\Software\YahooPartnerToolbar
Chiave Eliminati : HKCU\Software\AppDataLow\Toolbar
Chiave Eliminati : HKCU\Software\AppDataLow\Software\conduitEngine
Chiave Eliminati : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Chiave Eliminati : HKCU\Software\AppDataLow\Software\PriceGong
Chiave Eliminati : HKCU\Software\AppDataLow\Software\SmartBar
Chiave Eliminati : HKLM\Software\Conduit
Chiave Eliminati : HKLM\Software\conduitEngine
Chiave Eliminati : HKLM\Software\HBLite
Chiave Eliminati : HKLM\Software\Iminent
Chiave Eliminati : HKLM\Software\Orbit
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hblitesa
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v29.0.1 (de)

[ File : C:\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\prefs.js ]

Riga eliminata : user_pref("CT2269050..clientLogIsEnabled", false);
Riga eliminata : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Riga eliminata : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Riga eliminata : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Riga eliminata : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
Riga eliminata : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Riga eliminata : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Riga eliminata : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Riga eliminata : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Riga eliminata : user_pref("CT2269050.BrowserCompStateIsOpen_130100683276316706", true);
Riga eliminata : user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true);
Riga eliminata : user_pref("CT2269050.CTID", "CT2269050");
Riga eliminata : user_pref("CT2269050.CurrentServerDate", "24-5-2014");
Riga eliminata : user_pref("CT2269050.DialogsAlignMode", "LTR");
Riga eliminata : user_pref("CT2269050.DialogsGetterLastCheckTime", "Thu May 22 2014 10:12:14 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2269050.DownloadReferralCookieData", "");
Riga eliminata : user_pref("CT2269050.EMailNotifierPollDate", "Sat Aug 07 2010 02:13:10 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2269050.FirstServerDate", "7-8-2010");
Riga eliminata : user_pref("CT2269050.FirstTime", true);
Riga eliminata : user_pref("CT2269050.FirstTimeFF3", true);
Riga eliminata : user_pref("CT2269050.FirstTimeSettingsDone", true);
Riga eliminata : user_pref("CT2269050.FixPageNotFoundErrors", true);
Riga eliminata : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Riga eliminata : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Riga eliminata : user_pref("CT2269050.HasUserGlobalKeys", true);
Riga eliminata : user_pref("CT2269050.Initialize", true);
Riga eliminata : user_pref("CT2269050.InitializeCommonPrefs", true);
Riga eliminata : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Riga eliminata : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Riga eliminata : user_pref("CT2269050.InstalledDate", "Sat Aug 07 2010 02:13:10 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2269050.InvalidateCache", false);
Riga eliminata : user_pref("CT2269050.IsGrouping", false);
Riga eliminata : user_pref("CT2269050.IsMulticommunity", false);
Riga eliminata : user_pref("CT2269050.IsOpenThankYouPage", false);
Riga eliminata : user_pref("CT2269050.IsOpenUninstallPage", false);
Riga eliminata : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat May 24 2014 20:33:39 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Riga eliminata : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Riga eliminata : user_pref("CT2269050.LastLogin_2.7.0.14", "Sat Aug 07 2010 02:13:12 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 20:22:09 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 23:37:48 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2269050.LastLogin_3.14.1.0", "Fri Aug 24 2012 10:25:06 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2269050.LastLogin_3.15.1.0", "Wed Nov 14 2012 12:45:46 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2269050.LastLogin_3.16.0.100", "Mon Feb 11 2013 12:11:43 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2269050.LastLogin_3.16.0.3", "Sat Dec 29 2012 22:08:28 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2269050.LastLogin_3.18.0.7", "Sun Jul 21 2013 11:06:58 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2269050.LastLogin_3.19.0.3", "Sat May 24 2014 20:33:37 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2269050.LatestVersion", "3.20.0.4");
Riga eliminata : user_pref("CT2269050.Locale", "en");
Riga eliminata : user_pref("CT2269050.LoginCache", 4);
Riga eliminata : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Riga eliminata : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Riga eliminata : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Riga eliminata : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Riga eliminata : user_pref("CT2269050.RadioIsPodcast", false);
Riga eliminata : user_pref("CT2269050.RadioLastCheckTime", "Sat Aug 07 2010 02:13:13 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Riga eliminata : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Riga eliminata : user_pref("CT2269050.RadioMediaID", "12473383");
Riga eliminata : user_pref("CT2269050.RadioMediaType", "Media Player");
Riga eliminata : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Riga eliminata : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Riga eliminata : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Riga eliminata : user_pref("CT2269050.SavedHomepage", "hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=idYo611CKysf1FuekOV6LA");
Riga eliminata : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1");
Riga eliminata : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Riga eliminata : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Riga eliminata : user_pref("CT2269050.SearchInNewTabEnabled", true);
Riga eliminata : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Riga eliminata : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat May 24 2014 20:33:21 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Riga eliminata : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Riga eliminata : user_pref("CT2269050.SearchProtectorToolbarDisabled", true);
Riga eliminata : user_pref("CT2269050.ServiceMapLastCheckTime", "Sat May 24 2014 20:33:37 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Riga eliminata : user_pref("CT2269050.SettingsLastCheckTime", "Sat May 24 2014 20:33:19 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2269050.SettingsLastUpdate", "1400777489");
Riga eliminata : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Riga eliminata : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Aug 07 2010 02:13:10 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Riga eliminata : user_pref("CT2269050.ToolbarDisabled", false);
Riga eliminata : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Riga eliminata : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Riga eliminata : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,trovi.com,seccint.com,cpccint.com,appstrm.com,OurTool[...]
Riga eliminata : user_pref("CT2269050.UserID", "UN45574047607613631");
Riga eliminata : user_pref("CT2269050.WeatherNetwork", "");
Riga eliminata : user_pref("CT2269050.WeatherPollDate", "Sat Aug 07 2010 02:13:10 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2269050.WeatherUnit", "C");
Riga eliminata : user_pref("CT2269050.alertChannelId", "666138");
Riga eliminata : user_pref("CT2269050.clientLogIsEnabled", true);
Riga eliminata : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Riga eliminata : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Riga eliminata : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Riga eliminata : user_pref("CT2269050.initDone", true);
Riga eliminata : user_pref("CT2269050.myStuffEnabled", true);
Riga eliminata : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Riga eliminata : user_pref("CT2269050.myStuffSearchUrl", "hxxp://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Riga eliminata : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Riga eliminata : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Riga eliminata : user_pref("CT2269050.revertSettingsEnabled", true);
Riga eliminata : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Riga eliminata : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Riga eliminata : user_pref("CT2269050.testingCtid", "");
Riga eliminata : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sat May 24 2014 20:33:37 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Riga eliminata : user_pref("CT2269050.usagesFlag", 2);
Riga eliminata : user_pref("CT2596225..clientLogIsEnabled", false);
Riga eliminata : user_pref("CT2596225..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Riga eliminata : user_pref("CT2596225..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Riga eliminata : user_pref("CT2596225.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Riga eliminata : user_pref("CT2596225.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
Riga eliminata : user_pref("CT2596225.BrowserCompStateIsOpen_129454524025775667", true);
Riga eliminata : user_pref("CT2596225.BrowserCompStateIsOpen_129454524027181919", true);
Riga eliminata : user_pref("CT2596225.BrowserCompStateIsOpen_129725743505967127", true);
Riga eliminata : user_pref("CT2596225.BrowserCompStateIsOpen_129786067760249560", true);
Riga eliminata : user_pref("CT2596225.BrowserCompStateIsOpen_1367163258000", true);
Riga eliminata : user_pref("CT2596225.CT2596225", "CT2596225");
Riga eliminata : user_pref("CT2596225.CommunitiesChangesLastCheckTime", "Sun May 25 2014 23:24:49 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2596225.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=ToolbarsInfo&ctids=CT2595464,CT2596255,CT2596225");
Riga eliminata : user_pref("CT2596225.CurrentServerDate", "25-5-2014");
Riga eliminata : user_pref("CT2596225.DSInstall", true);
Riga eliminata : user_pref("CT2596225.DialogsAlignMode", "LTR");
Riga eliminata : user_pref("CT2596225.DialogsGetterLastCheckTime", "Thu May 22 2014 10:12:14 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2596225.DownloadReferralCookieData", "");
Riga eliminata : user_pref("CT2596225.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Riga eliminata : user_pref("CT2596225.FirstServerDate", "18-4-2012");
Riga eliminata : user_pref("CT2596225.FirstTime", true);
Riga eliminata : user_pref("CT2596225.FirstTimeFF3", true);
Riga eliminata : user_pref("CT2596225.FixPageNotFoundErrors", false);
Riga eliminata : user_pref("CT2596225.GroupingLastCheckTime", "Sun May 25 2014 22:32:47 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2596225.GroupingLastResponse", false);
Riga eliminata : user_pref("CT2596225.GroupingServerCheckInterval", 1440);
Riga eliminata : user_pref("CT2596225.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Riga eliminata : user_pref("CT2596225.HPInstall", true);
Riga eliminata : user_pref("CT2596225.HasUserGlobalKeys", true);
Riga eliminata : user_pref("CT2596225.Initialize", true);
Riga eliminata : user_pref("CT2596225.InitializeCommonPrefs", true);
Riga eliminata : user_pref("CT2596225.InstallationAndCookieDataSentCount", 3);
Riga eliminata : user_pref("CT2596225.InstallationType", "Unknown");
Riga eliminata : user_pref("CT2596225.InstalledDate", "Wed Apr 18 2012 14:04:26 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2596225.IsGrouping", true);
Riga eliminata : user_pref("CT2596225.IsInitSetupIni", true);
Riga eliminata : user_pref("CT2596225.IsMulticommunity", false);
Riga eliminata : user_pref("CT2596225.IsOpenThankYouPage", true);
Riga eliminata : user_pref("CT2596225.IsOpenUninstallPage", true);
Riga eliminata : user_pref("CT2596225.LanguagePackLastCheckTime", "Sun May 25 2014 20:33:39 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2596225.LanguagePackReloadIntervalMM", 1440);
Riga eliminata : user_pref("CT2596225.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Riga eliminata : user_pref("CT2596225.LastLogin_3.12.0.7", "Wed Apr 25 2012 17:58:27 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2596225.LastLogin_3.12.2.3", "Wed May 30 2012 20:22:00 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2596225.LastLogin_3.13.0.6", "Sun Jul 15 2012 19:47:22 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2596225.LastLogin_3.14.1.0", "Fri Aug 24 2012 19:28:38 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2596225.LastLogin_3.15.1.0", "Wed Nov 14 2012 09:53:51 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2596225.LastLogin_3.16.0.3", "Sat Feb 09 2013 22:43:16 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2596225.LastLogin_3.18.0.7", "Fri Jul 19 2013 02:16:01 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2596225.LastLogin_3.19.0.3", "Sun May 25 2014 21:01:55 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2596225.LatestVersion", "3.20.0.4");
Riga eliminata : user_pref("CT2596225.Locale", "de-ch");
Riga eliminata : user_pref("CT2596225.MCDetectTooltipHeight", "83");
Riga eliminata : user_pref("CT2596225.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Riga eliminata : user_pref("CT2596225.MCDetectTooltipWidth", "295");
Riga eliminata : user_pref("CT2596225.MyStuffEnabledAtInstallation", true);
Riga eliminata : user_pref("CT2596225.OriginalFirstVersion", "3.12.0.7");
Riga eliminata : user_pref("CT2596225.SavedHomepage", "hxxp://www.catania46.net/ct46/blgwp/");
Riga eliminata : user_pref("CT2596225.SearchCaption", "Messenger Plus Live Switzerland- DE Customized Web Search");
Riga eliminata : user_pref("CT2596225.SearchFromAddressBarIsInit", true);
Riga eliminata : user_pref("CT2596225.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2596225&SearchSource=2&q=");
Riga eliminata : user_pref("CT2596225.SearchInNewTabEnabled", true);
Riga eliminata : user_pref("CT2596225.SearchInNewTabIntervalMM", 1440);
Riga eliminata : user_pref("CT2596225.SearchInNewTabLastCheckTime", "Sun May 25 2014 20:33:20 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2596225.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Riga eliminata : user_pref("CT2596225.SearchProtectorToolbarDisabled", false);
Riga eliminata : user_pref("CT2596225.SendProtectorDataViaLogin", true);
Riga eliminata : user_pref("CT2596225.ServiceMapLastCheckTime", "Sun May 25 2014 20:33:37 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2596225.SettingsLastCheckTime", "Sun May 25 2014 23:24:49 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2596225.SettingsLastUpdate", "1398851044");
Riga eliminata : user_pref("CT2596225.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2596225&SearchSource=13");
Riga eliminata : user_pref("CT2596225.ToolbarShrinkedFromSetup", false);
Riga eliminata : user_pref("CT2596225.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,trovi.com,seccint.com,cpccint.com,appstrm.com,OurTool[...]
Riga eliminata : user_pref("CT2596225.UserID", "UN32418466147126883");
Riga eliminata : user_pref("CT2596225.addressBarTakeOverEnabledInHidden", "true");
Riga eliminata : user_pref("CT2596225.backendstorage.ct2596225ads1", "25374225323261647325323225334125354225374225323261696425323225334125323235313237352532322532432532327469746C652532322533412532322575323730392532304[...]
Riga eliminata : user_pref("CT2596225.backendstorage.ct2596225current_term", "");
Riga eliminata : user_pref("CT2596225.backendstorage.ct2596225sdate", "3132");
Riga eliminata : user_pref("CT2596225.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Riga eliminata : user_pref("CT2596225.browser.search.defaultthis.engineName", true);
Riga eliminata : user_pref("CT2596225.components.1000034", true);
Riga eliminata : user_pref("CT2596225.components.1000234", true);
Riga eliminata : user_pref("CT2596225.countryCode", "CH");
Riga eliminata : user_pref("CT2596225.ct2596225ads1.from_oldbar.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyNTEyNzUlMjIlMkMlMjJ0aXRsZSUyMiUzQSUyMiV1MjcwOSUyMER1JTIwaGFzdCUyMCUyODMlMjklMjBMb3ZlJTIwQ2hhdHMlMj[...]
Riga eliminata : user_pref("CT2596225.ct2596225current_term.from_oldbar.enc", "AA==");
Riga eliminata : user_pref("CT2596225.ct2596225sdate.from_oldbar.enc", "MTI=");
Riga eliminata : user_pref("CT2596225.firstTimeDialogOpened", true);
Riga eliminata : user_pref("CT2596225.fixPageNotFoundErrorByUser", "false");
Riga eliminata : user_pref("CT2596225.fixPageNotFoundErrorInHidden", "true");
Riga eliminata : user_pref("CT2596225.fullUserID", "UN32418466147126883.UP.20140525234655");
Riga eliminata : user_pref("CT2596225.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com;social.tbccint.com;apps.tbccint.com;services.a[...]
Riga eliminata : user_pref("CT2596225.homepageProtectorEnableByLogin", true);
Riga eliminata : user_pref("CT2596225.hxxp___cmg1_conduit_widgets_com_pitsi.state.from_oldbar.enc", "T1BFTg==");
Riga eliminata : user_pref("CT2596225.initDone", true);
Riga eliminata : user_pref("CT2596225.installType", "Unknown");
Riga eliminata : user_pref("CT2596225.isCheckedStartAsHidden", true);
Riga eliminata : user_pref("CT2596225.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Riga eliminata : user_pref("CT2596225.isFirstTimeToolbarLoading", "false");
Riga eliminata : user_pref("CT2596225.isPerformedSmartBarTransition", "true");
Riga eliminata : user_pref("CT2596225.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Riga eliminata : user_pref("CT2596225.keyword", true);
Riga eliminata : user_pref("CT2596225.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT2596225&octid=CT2596225&ISID=ISID_ID&SearchSource=15&CUI=UN32418466147126883&SSPV=&[...]
Riga eliminata : user_pref("CT2596225.lastVersion", "10.20.101.5");
Riga eliminata : user_pref("CT2596225.missingMachineIdSent", "true");
Riga eliminata : user_pref("CT2596225.myStuffEnabled", true);
Riga eliminata : user_pref("CT2596225.myStuffPublihserMinWidth", 400);
Riga eliminata : user_pref("CT2596225.myStuffSearchUrl", "hxxp://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Riga eliminata : user_pref("CT2596225.myStuffServiceIntervalMM", 1440);
Riga eliminata : user_pref("CT2596225.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Riga eliminata : user_pref("CT2596225.navigateToUrlOnSearch", false);
Riga eliminata : user_pref("CT2596225.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://MessengerPlusLiveSwitzerlandDE.OurTool[...]
Riga eliminata : user_pref("CT2596225.originalHomepage", "hxxp://www.catania46.net/ct46/blgwp/");
Riga eliminata : user_pref("CT2596225.originalSearchAddressUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=idYo611CKysf1FuekOV6LA&psa=&ind=2010072308&ptnrS=GRfox000&si=&st=kwd&n=77cf44f4&[...]
Riga eliminata : user_pref("CT2596225.originalSearchEngine", "Google");
Riga eliminata : user_pref("CT2596225.revertSettingsEnabled", true);
Riga eliminata : user_pref("CT2596225.searchFromAddressBarEnabledByUser", "true");
Riga eliminata : user_pref("CT2596225.searchInNewTabEnabledByUser", "true");
Riga eliminata : user_pref("CT2596225.searchInNewTabEnabledInHidden", "true");
Riga eliminata : user_pref("CT2596225.searchProtectorDialogDelayInSec", 10);
Riga eliminata : user_pref("CT2596225.searchProtectorEnableByLogin", true);
Riga eliminata : user_pref("CT2596225.searchSuggestEnabledByUser", "true");
Riga eliminata : user_pref("CT2596225.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Riga eliminata : user_pref("CT2596225.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Riga eliminata : user_pref("CT2596225.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Riga eliminata : user_pref("CT2596225.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2596225\"}");
Riga eliminata : user_pref("CT2596225.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MessengerPlusLiveSwitzerlandDE.OurToolbar.com//xpi\"}");
Riga eliminata : user_pref("CT2596225.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Messenger Plus Live Switzerland- DE \"}");
Riga eliminata : user_pref("CT2596225.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Riga eliminata : user_pref("CT2596225.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Riga eliminata : user_pref("CT2596225.serviceLayer_services_Configuration_lastUpdate", "1401054417926");
Riga eliminata : user_pref("CT2596225.serviceLayer_services_login_10.20.101.5_lastUpdate", "1401054419461");
Riga eliminata : user_pref("CT2596225.serviceLayer_services_searchAPI_lastUpdate", "1401054418444");
Riga eliminata : user_pref("CT2596225.serviceLayer_services_serviceMap_lastUpdate", "1401054417409");
Riga eliminata : user_pref("CT2596225.serviceLayer_services_toolbarSettings_lastUpdate", "1401054417670");
Riga eliminata : user_pref("CT2596225.serviceLayer_services_translation_lastUpdate", "1401054419003");
Riga eliminata : user_pref("CT2596225.settingsINI", true);
Riga eliminata : user_pref("CT2596225.showToolbarPermission", "false");
Riga eliminata : user_pref("CT2596225.smartbar.CTID", "CT2596225");
Riga eliminata : user_pref("CT2596225.smartbar.Uninstall", "0");
Riga eliminata : user_pref("CT2596225.smartbar.homepage", true);
Riga eliminata : user_pref("CT2596225.smartbar.toolbarName", "Messenger Plus Live Switzerland- DE ");
Riga eliminata : user_pref("CT2596225.testingCtid", "");
Riga eliminata : user_pref("CT2596225.toolbarAppMetaDataLastCheckTime", "Sun May 25 2014 20:33:38 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2596225.toolbarBornServerTime", "18-4-2012");
Riga eliminata : user_pref("CT2596225.toolbarCurrentServerTime", "26-5-2014");
Riga eliminata : user_pref("CT2596225.toolbarLoginClientTime", "Sun May 25 2014 23:46:59 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2596225.upgradeFromOBVersion", true);
Riga eliminata : user_pref("CT2596225.usagesFlag", 2);
Riga eliminata : user_pref("CT2596225_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1401055158236,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Riga eliminata : user_pref("CT2786678..clientLogIsEnabled", false);
Riga eliminata : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Riga eliminata : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Riga eliminata : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Riga eliminata : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Riga eliminata : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Riga eliminata : user_pref("CT2786678.BrowserCompStateIsOpen_130067977588633691", true);
Riga eliminata : user_pref("CT2786678.BrowserCompStateIsOpen_1359634298000", true);
Riga eliminata : user_pref("CT2786678.CTID", "CT2786678");
Riga eliminata : user_pref("CT2786678.CurrentServerDate", "29-6-2013");
Riga eliminata : user_pref("CT2786678.DialogsAlignMode", "LTR");
Riga eliminata : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sat Jun 29 2013 15:19:26 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.DownloadReferralCookieData", "");
Riga eliminata : user_pref("CT2786678.EMailNotifierPollDate", "Tue Nov 23 2010 16:21:49 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.FeedLastCount5690698542593514850", 183);
Riga eliminata : user_pref("CT2786678.FeedPollDate129301619375443753", "Tue Nov 23 2010 16:16:50 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.FeedPollDate129301619375443759", "Tue Nov 23 2010 16:16:50 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.FeedPollDate129301619375444699", "Tue Nov 23 2010 16:16:50 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.FeedPollDate129301619375444705", "Tue Nov 23 2010 16:16:50 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.FeedPollDate129301619375444711", "Tue Nov 23 2010 16:16:50 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.FeedPollDate129301619375444717", "Tue Nov 23 2010 16:16:50 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.FeedPollDate129301619375444723", "Tue Nov 23 2010 16:16:50 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.FeedPollDate129301619375444729", "Tue Nov 23 2010 16:16:50 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.FeedPollDate129301619375444735", "Tue Nov 23 2010 16:16:50 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.FeedPollDate129301619375444741", "Tue Nov 23 2010 16:16:50 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.FeedPollDate129301619375444747", "Tue Nov 23 2010 16:16:50 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Riga eliminata : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Riga eliminata : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Riga eliminata : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Riga eliminata : user_pref("CT2786678.FirstServerDate", "23-11-2010");
Riga eliminata : user_pref("CT2786678.FirstTime", true);
Riga eliminata : user_pref("CT2786678.FirstTimeFF3", true);
Riga eliminata : user_pref("CT2786678.FixPageNotFoundErrors", false);
Riga eliminata : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Riga eliminata : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Riga eliminata : user_pref("CT2786678.HasUserGlobalKeys", true);
Riga eliminata : user_pref("CT2786678.Initialize", true);
Riga eliminata : user_pref("CT2786678.InitializeCommonPrefs", true);
Riga eliminata : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Riga eliminata : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Riga eliminata : user_pref("CT2786678.InstalledDate", "Tue Nov 23 2010 16:16:49 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.IsGrouping", false);
Riga eliminata : user_pref("CT2786678.IsMulticommunity", false);
Riga eliminata : user_pref("CT2786678.IsOpenThankYouPage", false);
Riga eliminata : user_pref("CT2786678.IsOpenUninstallPage", false);
Riga eliminata : user_pref("CT2786678.LanguagePackLastCheckTime", "Fri Jun 28 2013 18:44:12 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Riga eliminata : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Riga eliminata : user_pref("CT2786678.LastLogin_3.12.0.7", "Wed Apr 25 2012 23:25:45 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2786678.LastLogin_3.12.2.3", "Wed May 30 2012 20:22:07 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2786678.LastLogin_3.13.0.6", "Mon Jul 16 2012 23:15:00 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2786678.LastLogin_3.14.1.0", "Sun Aug 26 2012 22:55:35 GMT+0200 (ora legale Europa occidentale)");
Riga eliminata : user_pref("CT2786678.LastLogin_3.15.1.0", "Wed Nov 14 2012 12:45:47 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.LastLogin_3.16.0.3", "Mon Feb 11 2013 12:11:43 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.LastLogin_3.18.0.7", "Sat Jun 29 2013 15:19:29 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.LastLogin_3.2.3.3", "Tue Nov 23 2010 16:16:48 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.LatestVersion", "3.18.0.7");
Riga eliminata : user_pref("CT2786678.Locale", "en");
Riga eliminata : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Riga eliminata : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Riga eliminata : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Riga eliminata : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Riga eliminata : user_pref("CT2786678.SavedHomepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
Riga eliminata : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Riga eliminata : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Riga eliminata : user_pref("CT2786678.SearchInNewTabEnabled", true);
Riga eliminata : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Riga eliminata : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Jun 29 2013 15:19:23 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Riga eliminata : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Riga eliminata : user_pref("CT2786678.SearchProtectorToolbarDisabled", true);
Riga eliminata : user_pref("CT2786678.ServiceMapLastCheckTime", "Sat Jun 29 2013 15:19:25 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.SettingsLastCheckTime", "Sat Jun 29 2013 15:19:22 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.SettingsLastUpdate", "1372493506");
Riga eliminata : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Riga eliminata : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Tue Nov 23 2010 16:16:45 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");
Riga eliminata : user_pref("CT2786678.ToolbarDisabled", true);
Riga eliminata : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Riga eliminata : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Riga eliminata : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Riga eliminata : user_pref("CT2786678.UserID", "UN04412345504531256");
Riga eliminata : user_pref("CT2786678.WeatherNetwork", "");
Riga eliminata : user_pref("CT2786678.WeatherPollDate", "Tue Nov 23 2010 16:16:52 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.WeatherUnit", "C");
Riga eliminata : user_pref("CT2786678.alertChannelId", "1178763");
Riga eliminata : user_pref("CT2786678.backendstorage.cbcountry_001", "4348");
Riga eliminata : user_pref("CT2786678.backendstorage.cbfirsttime", "53756E2041756720313220323031322031323A30383A353020474D542B3032303020286F7261206C6567616C65204575726F7061206F63636964656E74616C6529");
Riga eliminata : user_pref("CT2786678.backendstorage.url_history0001", "687474703A2F2F7777772E66616365626F6F6B2E636F6D2F233A3A3A636C69636B68616E646C65723A3A3A313334343736363233313939302C2C2C687474703A2F2F7777772E66616[...]
Riga eliminata : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Riga eliminata : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Riga eliminata : user_pref("CT2786678.initDone", true);
Riga eliminata : user_pref("CT2786678.myStuffEnabled", true);
Riga eliminata : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Riga eliminata : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Riga eliminata : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Riga eliminata : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Riga eliminata : user_pref("CT2786678.revertSettingsEnabled", true);
Riga eliminata : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Riga eliminata : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Riga eliminata : user_pref("CT2786678.testingCtid", "");
Riga eliminata : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sat Jun 29 2013 15:19:26 GMT+0200 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Tue Nov 23 2010 16:16:57 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CT2786678.usagesFlag", 2);
Riga eliminata : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2596225&SearchSource=13");
Riga eliminata : user_pref("CommunityToolbar.ConduitSearchList", "Messenger Plus Live Switzerland- DE Customized Web Search");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"90ad75dfe94682d46e0192b9d2b767e63\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2596225/CT2596225", "\"2d02ebbc7d255501fe50d3c752ae40603\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"cd0248073fe35fe07b32502580c9d2483\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=1178763&fid=1174448", "\"0\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/CH", "\"0\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/CH", "\"0\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1365594729\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2596225", "\"1367217045\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1362324159\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"dfe74040abc2ce1:0\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"a238378f7d0708034a0defa297cb8b8b\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2596225", "\"a238378f7d0708034a0defa297cb8b8b\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"dbe4460d95840339477519b3f77dc11a\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634250095346670000\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634248284990000000");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=CT2786678", "\"1289989723\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"951ff1dceb0c5a6d0df39ce8aebf385c\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-ch", "\"a71284858bbcd9a1336956240cde94f8\"");
Riga eliminata : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"ca42534684e848da75347a6640ab1cb5\"");
Riga eliminata : user_pref("CommunityToolbar.EngineOwner", "");
Riga eliminata : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Riga eliminata : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Riga eliminata : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Riga eliminata : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Riga eliminata : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Riga eliminata : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Riga eliminata : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=idYo611CKysf1FuekOV6LA&psa=&ind=2010072308&ptnrS=GRfox000&si=&st=kwd&[...]
Riga eliminata : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,CT2786678,CT2596225");
Riga eliminata : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,ConduitEngine,CT2786678,CT2596225");
Riga eliminata : user_pref("CommunityToolbar.ToolbarsList4", "CT2596225");
Riga eliminata : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Riga eliminata : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Nov 25 2011 18:33:01 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Riga eliminata : user_pref("CommunityToolbar.alert.locale", "en");
Riga eliminata : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Riga eliminata : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Nov 25 2011 18:33:01 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Riga eliminata : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Riga eliminata : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Riga eliminata : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Riga eliminata : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Riga eliminata : user_pref("CommunityToolbar.alert.userId", "acf731ca-5865-4306-8479-94104bb90680");
Riga eliminata : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Nov 23 2010 16:16:50 GMT+0100 (ora solare Europa occidentale)");
Riga eliminata : user_pref("CommunityToolbar.globalUserId", "9904f059-e010-47e8-adcc-782ff4b7a848");
Riga eliminata : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2596225");
Riga eliminata : user_pref("CommunityToolbar.killedEngine", true);
Riga eliminata : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.catania46.net/ct46/blgwp/");
Riga eliminata : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Riga eliminata : user_pref("CommunityToolbar.undefined", "");
Riga eliminata : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?CUI=UN32418466147126883&ctid=CT2596225&SearchSource=13");
Riga eliminata : user_pref("Smartbar.ConduitSearchEngineList", "Messenger Plus Live Switzerland- DE Customized Web Search");
Riga eliminata : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2596225&SearchSource=3&q={searchTerms}&CUI=UN32418466147126883");
Riga eliminata : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=idYo611CKysf1FuekOV6LA&psa=&ind=2010072308&ptnrS=GRfox000&si=&st=kwd&n=77cf44[...]
Riga eliminata : user_pref("Smartbar.keywordURLSelectedCTID", "CT2596225");
Riga eliminata : user_pref("browser.babylon.HPOnNewTab", "1");
Riga eliminata : user_pref("browser.search.defaultengine", "Ask.com");
Riga eliminata : user_pref("browser.search.defaultenginename", "Messenger Plus Live Switzerland- DE Customized Web Search");
Riga eliminata : user_pref("browser.search.defaultthis.engineName", "Messenger Plus Live Switzerland- DE Customized Web Search");
Riga eliminata : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2596225&SearchSource=3&q={searchTerms}");
Riga eliminata : user_pref("browser.search.order.1", "Ask.com");
Riga eliminata : user_pref("browser.search.selectedEngine", "Messenger Plus Live Switzerland- DE Customized Web Search");
Riga eliminata : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?CUI=UN32418466147126883&ctid=CT2596225&SearchSource=13");
Riga eliminata : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
Riga eliminata : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Riga eliminata : user_pref("extensions.BabylonToolbar.bbDpng", 26);
Riga eliminata : user_pref("extensions.BabylonToolbar.cntry", "CH");
Riga eliminata : user_pref("extensions.BabylonToolbar.firstRun", false);
Riga eliminata : user_pref("extensions.BabylonToolbar.hdrMd5", "7B0132F634B9AC23A33F9C1C1C325518");
Riga eliminata : user_pref("extensions.BabylonToolbar.lastActv", "26");
Riga eliminata : user_pref("extensions.BabylonToolbar.lastDP", 26);
Riga eliminata : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Riga eliminata : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
Riga eliminata : user_pref("extensions.BabylonToolbar.newTab", true);
Riga eliminata : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Riga eliminata : user_pref("extensions.BabylonToolbar.propectorlck", 66127956);
Riga eliminata : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Riga eliminata : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,engine@conduit.com:3.2.3.3,ffxtlbr@babylon.com:1.1.2,{18c2d815-3a16-44[...]
Riga eliminata : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=GRfox000&ptb=idYo611CKysf1FuekOV6LA&ind=2010072308&ptnrS=GRfox000&si=&n=77cf44f4&osp=mw[...]
Riga eliminata : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Riga eliminata : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://www.bing.com/search?FORM=IEFM1&q=");
Riga eliminata : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2596225&SearchSource=2&CUI=UN32418466147126883&UM=&q=");
Riga eliminata : user_pref("smartbar.addressBarOwnerCTID", "CT2596225");
Riga eliminata : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2596225&SearchSource=13,hxxp://search.conduit.com/?CUI=UN32418466147126883&ctid=CT2596225&SearchSource=13");
Riga eliminata : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2596225&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2596225&SearchSource=2&CU[...]
Riga eliminata : user_pref("smartbar.defaultSearchOwnerCTID", "CT2596225");
Riga eliminata : user_pref("smartbar.homePageOwnerCTID", "CT2596225");

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\etneo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Eliminati [Extension] : dhkplhfnhceodhffomolpfigojocbpcb

*************************

AdwCleaner[R0].txt - [68589 octets] - [26/05/2014 00:02:27]
AdwCleaner[S0].txt - [67714 octets] - [26/05/2014 00:04:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [67775 octets] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.05.2014
Suchlauf-Zeit: 00:28:13
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.25.07
Rootkit Datenbank: v2014.05.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: etneo

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 320032
Verstrichene Zeit: 1 Std, 2 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
Adware.QuestScan, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4B8C28A7-A9BC-45F8-990D-21499EED643C}, In Quarantäne, [4b50fe572853d75f754963de18ea10f0], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [4952b2a3cab11620e69a1f9e72917789], 

Registrierungswerte: 3
Malware.Trace, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.0\USER AGENT\POST PLATFORM|SRS_IT_E8790677B676585A31AB91, In Quarantäne, [c2d988cd4734dc5a8cd945e7e91a60a0], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 11111111, In Quarantäne, [4952b2a3cab11620e69a1f9e72917789]
Trojan.Ransom, HKU\S-1-5-21-2978162629-1010601065-2023174795-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell, explorer.exe,C:\Users\etneo\AppData\Roaming\data.dat, In Quarantäne, [dbc01c39f982c96dda20f3c64bb847b9]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.Babylon.A, C:\Users\etneo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb, In Quarantäne, [8c0f4a0b83f8d26495b70c6fe2202fd1], 

Dateien: 9
Adware.Hotbar, C:\XvidSetup.exe, In Quarantäne, [ddbeaca9bfbc979f41a979ed7d83fb05], 
Backdoor.Agent.RS, C:\Users\etneo\AppData\Local\Temp\0.6832171267660215.exe, In Quarantäne, [4952c2938dee36007ef3ded94eb211ef], 
Trojan.Fakealert.ED, C:\Users\etneo\AppData\Local\Temp\wdwgjmjkgvbyehnqm.exe, In Quarantäne, [4556b3a2dd9e0d29579469b626dec53b], 
Trojan.Reveton.LS, C:\Users\etneo\AppData\Local\Temp\blppfafnnbfinketnof.bfg, In Quarantäne, [9209e57032491f17c19087774bb5e020], 
PUP.Optional.BabylonToolBar.A, C:\Users\etneo\AppData\Local\Temp\is1311930670\MyBabylonTB.exe, In Quarantäne, [e1ba98bdd1aa3afc8a96be5a13eec33d], 
Adware.Agent, C:\Users\etneo\AppData\Local\Temp\ICReinstall\VideoConverterSetup.exe, In Quarantäne, [cbd0f3627803cc6add62e99449b7bd43], 
Adware.Agent, C:\Users\etneo\Downloads\VideoConverterSetup.exe, In Quarantäne, [efaca4b148332610a699fe7f50b0fc04], 
Rogue.MultipleAV, C:\Users\etneo\AppData\Local\MSASCui.exe, In Quarantäne, [405b30258eed88ae72d03e96c23f817f], 
Malware.Trace, C:\Users\etneo\AppData\Local\opRSK, In Quarantäne, [bedd282d27549e98fd5bb987699a08f8], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4620ec9749e9044387c64b05267d6a52
# engine=18408
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-26 11:56:27
# local_time=2014-05-26 01:56:27 (+0100, ora legale Europa occidentale)
# country="Switzerland"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16776573 100 82 135832350 153467735 0 0
# compatibility_mode=5893 16776573 100 94 44035 152735237 0 0
# scanned=261400
# found=53
# cleaned=0
# scan_time=17851
sh=85BC167630F335BC6EEB8609E5839BC19DCD8E4F ft=1 fh=870efe2c55a2bf75 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\FreeVideoFlipAndRotate.exe"
sh=043EBE94F75E8A071162BB6779A54AA50F302C29 ft=1 fh=85723e4bf424e9dd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\FreeYouTubeDownload.exe"
sh=743CF6F7C346A3CF7BB0B81442DC14A7F3DA352D ft=1 fh=67b200ae242c58b1 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir"
sh=0C73CCC63EC56232CA1EF6BF8573B3A9AB323052 ft=1 fh=d014c1be8c7ac6c1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngin.dll.vir"
sh=FC257950A2A12A994C4234B17B874DC738DDCE09 ft=1 fh=e009009fd776c64a vn="möglicherweise Variante von Win32/Adware.180Solutions Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HBLite\bin\11.0.363.0\HBLiteSA.exe.vir"
sh=FBD7EE4C7C5AF1CE646BA65BA0271D9C021D621D ft=1 fh=2f8d1e3093678871 vn="möglicherweise Variante von Win32/Adware.HotBar.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HBLite\bin\11.0.363.0\HBLiteSAAX.dll.vir"
sh=12F2F56E2650BBE767C1732C8BAFEF239C8280CE ft=1 fh=aa33c1fb1c32ff91 vn="Variante von Win32/Adware.HotBar.S Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HBLite\bin\11.0.363.0\HBLiteSAHook.dll.vir"
sh=BE4464FD91072FB4A5B8C935285145396741CE1A ft=1 fh=c7b3194a61052cdc vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HBLite\bin\11.0.363.0\HBLiteUninstaller.exe.vir"
sh=3B62FA808563B38516CA7FC6612D6E04EA0333DB ft=1 fh=2fd6bb16e097e1b4 vn="Win32/Adware.HotBar.J Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HBLite\bin\11.0.363.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll.vir"
sh=3B62FA808563B38516CA7FC6612D6E04EA0333DB ft=1 fh=2fd6bb16e097e1b4 vn="Win32/Adware.HotBar.J Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll.vir"
sh=4ED25B3CC890F0610C90A0AFC23958E9735BBADA ft=1 fh=5adcb2e47924708b vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\etneo\AppData\Roaming\Mozilla\Firefox\Profiles\elx7qbww.default\Extensions\{18c2d815-3a16-4493-9004-77949214a70e}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=E2B2E7C82510D98C140C6A9DE4AF0C807F3F3229 ft=1 fh=447912f44b2365a6 vn="Variante von Win32/Injector.ZVT Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\pNFCu1cp.exe.xBAD"
sh=F18470A60A48FC1FE4949D2E1E9289A41BFE8F04 ft=1 fh=9a3627c03cdadf87 vn="Win32/Reveton.U Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\etneo\AppData\Local\Temp\b34btbztdb0vavaw.exe.xBAD"
sh=6B699624E688788AAE1F7EBD7FAD580A54C72DCB ft=1 fh=83fe5a394aed3ffd vn="Variante von Win32/Kryptik.BFYX Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\etneo\AppData\Roaming\data.dat.xBAD"
sh=EF9BF192B1A746BFAFD3371857885E26161CD915 ft=0 fh=0000000000000000 vn="Win32/Reveton.M Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\etneo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk.xBAD"
sh=6930F3649B5FE5A8619E2672CA7F2999E321EC23 ft=1 fh=cdf2fa58d43a863f vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe"
sh=C4C08AFAFB4F8EAAB0B521334F353C023D456A91 ft=1 fh=2102c5e303ab4616 vn="Variante von Win32/Toolbar.MyWebSearch.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\Local\mwsautSp.exe"
sh=FDBC6EB6E9A237339773F943F29D99AFACFB41F6 ft=1 fh=0748fb2f5740e5c0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\Local\Temp\GLF3F9.tmp.tbDVDV.dll"
sh=E7382404C184F63F2E7017AFB9AEAAA877C663B0 ft=1 fh=62f16675d2b64535 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\Local\Temp\GLFF8DB.tmp.tbMess.dll"
sh=C0CE879F40A14C40FE6909344874DA6745E069E4 ft=1 fh=ceac6b95497e7d7b vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\Local\Temp\ietD06F.tmp.exe"
sh=C3DCD3166797AD4A3FC63B04B6FA89E9128B2F51 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\etneo\AppData\Local\Temp\jar_cache1855467674935229858.tmp"
sh=3A1C2427E823D50DE5696B69D4CE65A4D5265C55 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.Agent.PEB Trojaner" ac=I fn="C:\Users\etneo\AppData\Local\Temp\jar_cache2171338170712315075.tmp"
sh=9E862F3EB39C6FB364716A58E6ED1477AF559E8E ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-5076.W Trojaner" ac=I fn="C:\Users\etneo\AppData\Local\Temp\jar_cache421992521598399606.tmp"
sh=9E862F3EB39C6FB364716A58E6ED1477AF559E8E ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-5076.W Trojaner" ac=I fn="C:\Users\etneo\AppData\Local\Temp\jar_cache559790457635419145.tmp"
sh=772F44343D0D97EC6CE7F40A2B52AB4889AED19A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\etneo\AppData\Local\Temp\jar_cache76612452958030537.tmp"
sh=BEF7EBD285841F0F064597E5D7DFB79D248CCDE8 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\etneo\AppData\Local\Temp\jar_cache8200699178182433565.tmp"
sh=638908A420A39467291D886F30C13E7DCF8FC855 ft=1 fh=a82c6a86342d22d4 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\Local\Temp\Messenger_Plus_Live_Switzerland-_DE.exe"
sh=7DCAD34CEE488528E5D537B3E5DE603AF58C25C0 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\Local\Temp\mobile-witch-remote-control.zip"
sh=0C73CCC63EC56232CA1EF6BF8573B3A9AB323052 ft=1 fh=d014c1be8c7ac6c1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\Local\Temp\tbDVD0.dll"
sh=353D89E9D10A292AF3843EE9C7CA70E35008528B ft=1 fh=a88f62bfa35c8a9e vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\Local\Temp\tbMes1.dll"
sh=419716F712489099B040AB846B565D808119B5E8 ft=1 fh=562d50baf79e8eca vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\Local\Temp\tbuTo1.dll"
sh=7474CFC50764D21E618D37974836CC926148E7F1 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-4681.DH Trojaner" ac=I fn="C:\Users\etneo\AppData\Local\Temp\V.class"
sh=212EC7EA25191ACC8BFF674B9336D347EACEA61A ft=0 fh=0000000000000000 vn="Win32/Reveton.R Trojaner" ac=I fn="C:\Users\etneo\AppData\Local\Temp\wavav0bdtzbtb43b.js"
sh=0E93069268235B2576BF3B6441BECDF5D202B28C ft=1 fh=a42eb393c5b72656 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\Local\Temp\is1311930670\Setup32.exe"
sh=00AE69EE4BA3C1FBC7488431A2FAB3E7BDCF937E ft=0 fh=0000000000000000 vn="PDF/Exploit.Pidief.PDS.Gen Trojaner" ac=I fn="C:\Users\etneo\AppData\Local\Temp\plugtmp-198\plugin-flaqftglimynxqh8.pdf"
sh=E3EC04BC5E87A2810BBAB784B66A99A17E994F06 ft=1 fh=ac4e347debb9c471 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\Local\Temp\ToolbarUpdater_1290434356\autoUpdater.exe"
sh=E3EC04BC5E87A2810BBAB784B66A99A17E994F06 ft=1 fh=ac4e347debb9c471 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\Local\Temp\ToolbarUpdater_1290434384\autoUpdater.exe"
sh=E3EC04BC5E87A2810BBAB784B66A99A17E994F06 ft=1 fh=ac4e347debb9c471 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\Local\Temp\ToolbarUpdater_1294845223\autoUpdater.exe"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=E4C7E8D3E278EEA220313097A3B724A799E12EC3 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\etneo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4a902e4c-24d1b6f4"
sh=E900D2AEB6BE017D5D13B58C6B200FADDDC80A46 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.CB Trojaner" ac=I fn="C:\Users\etneo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\40a94994-4da08706"
sh=6E2BFDC4AF0A0B0868731701339902AC74AE6A19 ft=1 fh=9a3627c05e4186e7 vn="Win32/Reveton.U Trojaner" ac=I fn="C:\Users\etneo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2d4b3162-53391064"
sh=8E944C4948FA9844D7039C7BA58D8A987DCFEB49 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2011-3544.AW Trojaner" ac=I fn="C:\Users\etneo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7d9df3ad-7af681a4"
sh=8677B6E03ED26043F72BD08D7302848EC32CB2FF ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\etneo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\48bb6bf1-13c2799e"
sh=B7F102F2BB2B74AE7F84DD7301AC632AE415AEA1 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.AF Trojaner" ac=I fn="C:\Users\etneo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\7d1fa4b7-59c5c026"
sh=044CC3F7BF5B4629D7AD7FF597C8BD607E23A01A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\etneo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\30ac99b8-50b82d93"
sh=6C754DE8E660BFF708604104959322DBED83FB86 ft=0 fh=0000000000000000 vn="Variante von Android/TrojanSMS.Agent.PY Trojaner" ac=I fn="C:\Users\etneo\Desktop\Desktop completo\SONY ERICSSON ARC S\download\23kms7773-1.apk"
sh=6C754DE8E660BFF708604104959322DBED83FB86 ft=0 fh=0000000000000000 vn="Variante von Android/TrojanSMS.Agent.PY Trojaner" ac=I fn="C:\Users\etneo\Desktop\Desktop completo\SONY ERICSSON ARC S\download\23kms7773.apk"
sh=18EBA0A3CD428AE6EE3EC8AE67861F2D09A2FB4E ft=1 fh=064bce6ecfc43a42 vn="Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\Downloads\Driver-dm.exe"
sh=05AF266B7744BD5879A08E6DE24DBB75F8310459 ft=1 fh=1c80a86378bf9aa3 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\Downloads\FreeVideoToMp3Converter.exe"
sh=600771D2910928E3CEFE3B24E8F97C8DB4CF326C ft=1 fh=8a8ff7b6c3c6013d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\Downloads\FreeYouTubeToMp3Converter33.exe"
sh=200DFAF294806DC6FECDD8DA3189C77048F449FB ft=1 fh=6f759d893cce544c vn="Variante von Win32/MessengerPlus evtl. unerwünschte Anwendung" ac=I fn="C:\Users\etneo\Downloads\MsgPlusLive-484.exe"
sh=BD57EBBD44BA590621A266F285D31CB2F5EFAFC9 ft=1 fh=1b46b24f41599381 vn="Win32/Adware.1ClickDownload.AE Anwendung" ac=I fn="C:\Users\etneo\Downloads\Safety_Not_Guaranteed.exe"
ESETSmartInstaller@High as downloader log:
all ok

Ich bin jetzt auch im Club. Weisser Bildschirm nach Start (Windows 7)

Plagegeister aller Art und deren Bekämpfung: Ich bin jetzt auch im Club. Weisser Bildschirm nach Start (Windows 7)