Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden (https://www.trojaner-board.de/121287-computer-verletzung-gesetze-republik-osterreich-blockiert-worden.html)

gent1961 05.08.2012 10:28
Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden
 
Hallo,
jetzt haben wir auch eine Blockierung des Computers und wir soll mit "Ucash" bezahlen € 100, Ich kann den Rechner nur noch im abgesicherten Modus starten.

Ich habe OLT.exe auf Desktop installiert und gestartet und zwei logfiles erstellt.

Nebenbei gefragt. Hat schon jemand Anzeige gegen Ukash, die Partner von Ukash und gegen die Behörden gestellt? Dankbar für jede Mitteilung.

Werde jetzt die Logfiles senden und hoffe es kann uns jemand halfen.

gent
OTL Logfile:
Code:
OTL Extras logfile created on: 04.08.2012 18:25:05 - Run 1
OTL by OldTimer - Version 3.2.43.0    Folder = C:\Users\*****************\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 3,14 Gb Available Physical Memory | 83,69% Memory free
7,49 Gb Paging File | 6,93 Gb Available in Paging File | 92,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 90,24 Gb Free Space | 38,75% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
Drive F: | 3,92 Gb Total Space | 3,92 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: A_BELL | User Name: ***************** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\FOTO.AT\FOTO AT Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FOTO AT Fotowelt] -- "C:\Program Files (x86)\FOTO.AT\FOTO AT Fotowelt\FOTO AT Fotowelt.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\FOTO.AT\FOTO AT Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FOTO AT Fotowelt] -- "C:\Program Files (x86)\FOTO.AT\FOTO AT Fotowelt\FOTO AT Fotowelt.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038D19B1-0EB3-4656-8A18-2CE7B985D76A}" = lport=138 | protocol=17 | dir=in | app=system |
"{1F488209-A9AF-4E6D-82B9-1C5283A7D0EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31203985-AD44-4953-BF69-B5CE6E1142D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B4B656A-0762-499A-864D-1BFA4289083E}" = lport=137 | protocol=17 | dir=in | app=system |
"{43876BB2-CB2B-45BD-91BD-FFAEE6D0604B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50E33A1A-2DEB-4596-A0EB-6BDEF7BB6CA1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{55281BCC-99B7-473E-89C0-C0F49E90F89D}" = rport=138 | protocol=17 | dir=out | app=system |
"{671F6F6B-DC70-4B21-9CF0-95E5A37EDEE1}" = lport=58432 | protocol=6 | dir=in | app=c:\datev\programm\sws\limaservice.exe |
"{7192EB3C-4BCF-461B-9FD9-C15002AA996D}" = rport=137 | protocol=17 | dir=out | app=system |
"{7AF0848B-38A2-4189-9DEC-F5AC59A04E83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{87A13AE5-6527-486B-AA51-70DCE9D8BA85}" = lport=445 | protocol=6 | dir=in | app=system |
"{94040F20-376F-40F4-BD99-CF13BFD3756D}" = lport=139 | protocol=6 | dir=in | app=system |
"{B4893EBA-8C44-460D-9914-608237F33333}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D0AE444D-3251-4BFC-BE47-E9A280B534B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE8864EF-B1A1-48FF-9C57-B7241B31629E}" = rport=445 | protocol=6 | dir=out | app=system |
"{E43A62CE-9E4F-47F4-8414-36EC11A9DBCD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6570BA6-F1F7-434F-82C0-996F91915F24}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FFC73CE2-E7E1-4901-B4EA-083D54DF643A}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A3C6A2D-4BA9-43B7-AEE2-FFA992B78E37}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1B9840CE-A4A9-4E8B-AA54-A288CE94A53B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{200A77F7-0EF4-4D86-A7BD-E258F5540C78}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{23D1E3DD-0615-4BEA-89CB-F882AA03ECB5}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{3B2EAEC9-529B-4E64-9C52-C2AF7EB6BB80}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D684629-7BC2-4DA2-96D0-D12D10995559}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{424815CB-519B-438D-B233-95B0073730EC}" = protocol=17 | dir=in | app=c:\bb\bbhelper\bandinaboxserver.exe |
"{466A7E39-7F0A-4784-807A-0BC5392E63B9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4F60F09C-F011-4FA4-90C6-23FCAD2F920F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{53594D3E-7244-42A1-B29A-74C320EEF6C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{58CF0351-F0F4-41BD-A69B-CBF346C9C425}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{64F4FA15-9E13-4656-81C4-90A95AAB7C7F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{9F18103E-17CA-45F2-A18A-222E1463AF7D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A545BA1E-4406-4CE0-A3F6-87F84873F776}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{C30484B5-2495-4E42-BA93-90D83AC8C4A9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D6B41980-FB4F-4C65-BF27-2C119362A385}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D95E2562-450E-4C54-83A4-B0AE13ACF221}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{DCFEF7D2-6CA1-42C7-B8B6-8D04E9ED8E09}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{F0B665C2-B46D-4DD7-8DBE-21384E1A9C1C}" = protocol=6 | dir=in | app=c:\bb\bbhelper\bandinaboxserver.exe |
"{FBE6E393-4521-49EF-B3E2-CC9C2C299222}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1D8E71AA-541A-4314-AC11-2EBF2C9CC1CA}" = Studie zur Verbesserung von HP Photosmart Plus B210 series Produkten
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7578548C-6F40-4CBE-B5CF-9310E66557FA}" = HP Photosmart Plus B210 series - Grundlegende Software für das Gerät
"{81F3BC27-141B-635F-5D6B-5DE08D3B5884}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1" = IK Multimedia Authorization Manager version 1.0.5
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0880F03-8480-482E-1606-BC91669B0882}" = ATI Catalyst Install Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1" = AmpliTube 3 version 3.7.0
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Registry Reviver" = Registry Reviver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E73E50-6513-4802-8600-B5A5BA185BE3}" = ScanSoft PaperPort 11
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{29513A7D-CF4E-4DAA-8347-6E56A4BEAB50}" = TurboFLOORPLAN Haus- & Wohnungsarchitekt
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{399B4B31-A4F2-43E6-88EC-DF35AE3679A3}" = MAGIX Screenshare
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4807B2A8-B986-4059-90EF-592995FF8987}" = MAGIX Video Pro X3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5C44D975-5676-DC0F-F517-D2AB70FD50B9}" = MAGIX Online Druck Service
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7EFC9BDF-63E5-430A-0001-A16E27357530}" = Einfach Gute Fotos
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Hilfe
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0
"{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}" = PMB-Aktualisierungsprogramm
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C08BD3F2-5CC0-45EA-996D-5E0101ABFEBD}" = Kreativ Drucken pro
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{C67DC84E-23C0-4E41-A33B-898E75DDACC6}" = MAGIX Speed burnR (MSI)
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D2C45F1B-2CD5-1BF1-DB0E-8F4D8CF95A33}" = hoto Service - powered by myphotobook
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F369DA4F-7993-4E8D-ADBD-60D82FCF93EC}" = MAGIX Music Maker 17
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB0F05FB-CA0A-4F62-9481-3CCA26A96294}" = Samplitude Music Studio 17
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 EasyLogin" = 1&1 EasyLogin
"3DataManager" = 3DataManager
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audio Converter" = Audio Converter
"BabylonToolbar" = Babylon toolbar on IE
"BB_is1" = MegaPAK RealCombos 4
"BBServer_is1" = Band-in-a-Box Server
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Celtx (2.9)" = Celtx (2.9)
"conduitEngine" = Conduit Engine
"CoyoteWT_is1" = CoyoteWT 1.1
"Cut Out Elements_is1" = Cut Out 3.0 Elements
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = hoto Service - powered by myphotobook
"ExpressZip" = Express Zip File Compression Software
"FileZilla Client" = FileZilla Client 3.5.3
"Forte 3000" = Forte 3000
"FOTO AT Fotowelt" = FOTO AT Fotowelt
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"HP-LaserJet 1020 series" = LaserJet 1020 series
"I Want This" = I Want This
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{29513A7D-CF4E-4DAA-8347-6E56A4BEAB50}" = TurboFLOORPLAN Haus- & Wohnungsarchitekt
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"MAGIX_MSI_mm17" = MAGIX Music Maker 17
"MAGIX_MSI_ms17dlx" = Samplitude Music Studio 17
"MAGIX_MSI_Videodeluxe17_pro" = MAGIX Video Pro X3
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NCH_EN Toolbar" = NCH EN Toolbar
"Notepad++" = Notepad++
"Nvu_is1" = Nvu 1.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Only Astrology" = Only Astrology
"PG_DX_Plugins_is1" = PG Music DirectX Plugins 2.0.0.0
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video File Converter
"RealPlayer 15.0" = RealPlayer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Switch" = Switch Sound File Converter
"TeamViewer 5" = TeamViewer 5
"Universal Document Converter_is1" = Universal Document Converter Server Edition
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wondershare Flash Gallery Factory_is1" = Wondershare Flash Gallery Factory 5.2.0.14
"Xilisoft PowerPoint to Video Converter Business" = Xilisoft PowerPoint to Video Converter Business
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"PhotoZoom Express 4" = BenVista PhotoZoom Internet 4.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.08.2012 07:27:12 | Computer Name = A_BELL | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
 befindet (Fehler=0x80070002).
 
Error - 04.08.2012 07:27:12 | Computer Name = A_BELL | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
 befindet (Fehler=0x80070002).
 
Error - 04.08.2012 09:00:11 | Computer Name = A_BELL | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x80070002.
 
Error - 04.08.2012 09:00:11 | Computer Name = A_BELL | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x80070002.
 
Error - 04.08.2012 09:00:11 | Computer Name = A_BELL | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
 befindet (Fehler=0x80070002).
 
Error - 04.08.2012 09:00:11 | Computer Name = A_BELL | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
 befindet (Fehler=0x80070002).
 
Error - 04.08.2012 09:31:48 | Computer Name = A_BELL | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x80070002.
 
Error - 04.08.2012 09:31:48 | Computer Name = A_BELL | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x80070002.
 
Error - 04.08.2012 09:31:48 | Computer Name = A_BELL | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
 befindet (Fehler=0x80070002).
 
Error - 04.08.2012 09:31:48 | Computer Name = A_BELL | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
 befindet (Fehler=0x80070002).
 
[ Media Center Events ]
Error - 01.11.2010 06:13:41 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 11:13:41 - Fehler beim Herstellen der Internetverbindung.  11:13:41
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 01.11.2010 06:13:53 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 11:13:46 - Fehler beim Herstellen der Internetverbindung.  11:13:46
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 02.07.2011 03:20:54 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 09:20:54 - Fehler beim Herstellen der Internetverbindung.  09:20:54
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 02.07.2011 03:21:12 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 09:21:04 - Fehler beim Herstellen der Internetverbindung.  09:21:04
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 02.07.2011 04:21:24 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 10:21:24 - Fehler beim Herstellen der Internetverbindung.  10:21:24
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 02.07.2011 04:21:34 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 10:21:29 - Fehler beim Herstellen der Internetverbindung.  10:21:29
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 02.07.2011 05:21:40 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 11:21:40 - Fehler beim Herstellen der Internetverbindung.  11:21:40
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 02.07.2011 05:21:47 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 11:21:45 - Fehler beim Herstellen der Internetverbindung.  11:21:45
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 17.11.2011 03:03:19 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 08:02:38 - Broadband konnte nicht abgerufen werden (Fehler: Fehler
 bei der Anforderung mit HTTP-Status 401: Unauthorized.) 
 
Error - 03.02.2012 05:04:22 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 10:04:21 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..) 
 
[ System Events ]
Error - 04.08.2012 12:15:06 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 12:15:07 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 12:15:09 | Computer Name = A_BELL | Source = DCOM | ID = 10005
Description =
 
Error - 04.08.2012 12:15:09 | Computer Name = A_BELL | Source = DCOM | ID = 10005
Description =
 
Error - 04.08.2012 12:15:10 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 12:15:10 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 12:15:10 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 12:15:10 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 12:15:10 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 12:15:10 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
--- --- ---


------------------
OTL Logfile:
Code:
OTL logfile created on: 04.08.2012 18:25:05 - Run 1
OTL by OldTimer - Version 3.2.43.0    Folder = C:\Users\****************\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 3,14 Gb Available Physical Memory | 83,69% Memory free
7,49 Gb Paging File | 6,93 Gb Available in Paging File | 92,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 90,24 Gb Free Space | 38,75% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
Drive F: | 3,92 Gb Total Space | 3,92 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: A_BELL | User Name: **************** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****************\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (WTGService) -- C:\Program Files (x86)\3DataManager\WTGService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8187Se) -- C:\Windows\SysNative\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation                          )
DRV:64bit: - (GemCCID) -- C:\Windows\SysNative\drivers\GemCCID.sys (Gemalto)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f000000000000701a0449888d&tlver=1.4.19.19&ss=1&affID=17395
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&locale=de_AT
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&locale=de_AT
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=113480&tt=010712_1&babsrc=HP_ss&mntrId=6654c29f000000000000000000000000
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_1&babsrc=SP_ss&mntrId=6654c29f000000000000000000000000
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f000000000000701a0449888d&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_de
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{ADAA75D9-E090-402C-9D24-16B20F50F359}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{C3B42F63-B093-425D-B8AC-8D5B49BCDC2F}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.28 16:12:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.28 16:12:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 15:31:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.28 16:13:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 15:31:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.28 16:13:03 | 000,000,000 | ---D | M]
 
[2011.04.01 08:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****************\AppData\Roaming\mozilla\Extensions
[2011.04.01 08:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****************\AppData\Roaming\mozilla\Extensions\celtx@celtx.com
[2012.08.01 09:45:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****************\AppData\Roaming\mozilla\Firefox\Profiles\8dzoh320.default\extensions
[2012.07.16 15:50:32 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\****************\AppData\Roaming\mozilla\Firefox\Profiles\8dzoh320.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2012.08.01 09:45:58 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\****************\AppData\Roaming\mozilla\Firefox\Profiles\8dzoh320.default\extensions\crossriderapp2258@crossrider.com
[2011.03.07 15:31:04 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\****************\AppData\Roaming\mozilla\Firefox\Profiles\8dzoh320.default\extensions\engine@conduit.com
[2011.09.25 18:55:26 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\****************\AppData\Roaming\mozilla\Firefox\Profiles\8dzoh320.default\extensions\ffxtlbr@babylon.com
[2012.06.26 16:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.04.23 07:57:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.04.01 08:48:06 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2011.04.01 08:48:06 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2011.04.01 08:48:06 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2011.04.01 08:48:06 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2011.04.01 08:48:06 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2011.04.01 08:48:06 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2011.04.01 08:48:06 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2012.07.20 15:31:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:12:23 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.07.20 15:31:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.05 12:41:11 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.07.20 15:31:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.20 15:31:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.20 15:31:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.20 15:31:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.20 15:31:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f000000000000701a0449888d&tlver=1.4.19.19&ss=1&affID=17395
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\****************\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Babylon Translator = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\****************\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll (Media Finder)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-760530631-345354691-2311039666-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-760530631-345354691-2311039666-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-760530631-345354691-2311039666-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-760530631-345354691-2311039666-1000..\Run: [SyncCenter] C:\Users\****************\AppData\Local\Microsoft\Windows\1071\SyncCenter.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{040E7A19-88DD-40F4-A733-E048F5716359}: DhcpNameServer = 172.30.3.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B2F5BE6-E297-41AD-BF10-4D6B1DB6A9E7}: DhcpNameServer = 213.153.32.129 213.153.32.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{072aba98-efb1-11de-b4ed-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{072aba98-efb1-11de-b4ed-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0b374d59-f3a0-11de-825b-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{0b374d59-f3a0-11de-825b-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{33bd20a7-f3aa-11de-be8f-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{33bd20a7-f3aa-11de-be8f-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{35d3d2f6-b5a2-11df-8f6f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{35d3d2f6-b5a2-11df-8f6f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5e30993c-8f47-11e0-a2f8-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{5e30993c-8f47-11e0-a2f8-002622e51466}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\{888747dc-3fbd-11df-beef-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{888747dc-3fbd-11df-beef-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{978205df-6d3f-11df-a62a-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{978205df-6d3f-11df-a62a-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{f090d2d1-efdc-11de-9b30-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{f090d2d1-efdc-11de-9b30-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f5fa04d5-c899-11de-be4f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f5fa04d5-c899-11de-be4f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{f63572e8-3fc1-11df-9a5e-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{f63572e8-3fc1-11df-9a5e-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{f6357325-3fc1-11df-9a5e-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{f6357325-3fc1-11df-9a5e-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.04 18:15:25 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\****************\Desktop\OTL.exe
[2012.08.04 17:33:55 | 000,000,000 | ---D | C] -- C:\Users\****************\AppData\Roaming\hellomoto
[2012.08.03 17:20:22 | 000,000,000 | ---D | C] -- C:\Users\****************\Documents\TurboFLOORPLAN Haus- & Wohnungsarchitekt
[2012.08.03 17:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMSIDesign TurboFLOORPLAN
[2012.08.03 17:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\IMSIDesign
[2012.08.03 17:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMSIDesign
[2012.08.01 11:53:08 | 000,000,000 | ---D | C] -- C:\Users\****************\Neuer Ordner
[2012.07.23 15:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012.07.23 15:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 11.0
[2012.07.23 15:05:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.07.23 15:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2012.07.23 15:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012.07.23 15:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanSoft
[2012.07.20 12:01:06 | 000,000,000 | R--D | C] -- C:\Users\****************\Documents\HP Photo Creations
[2012.07.12 19:05:39 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 19:05:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 19:05:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 19:05:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 19:05:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 19:05:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 19:05:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 19:05:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 19:05:34 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 19:05:34 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 19:05:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 19:05:34 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 19:05:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 08:53:14 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 15:14:16 | 000,000,000 | ---D | C] -- C:\Users\****************\Desktop\Download
[2012.07.11 08:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
[2012.07.11 08:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.04 18:14:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.04 18:14:27 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.04 18:10:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\****************\Desktop\OTL.exe
[2012.08.04 18:04:38 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.04 18:04:38 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Start Registry Reviver for A_BELL@****************(logon).job
[2012.08.04 18:04:35 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.08.04 18:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012.08.04 17:51:25 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.04 17:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.04 09:39:52 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 09:39:52 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 19:08:36 | 001,508,894 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.03 19:08:36 | 000,658,362 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.03 19:08:36 | 000,619,598 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.03 19:08:36 | 000,131,444 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.03 19:08:36 | 000,107,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.03 17:20:17 | 000,002,436 | ---- | M] () -- C:\Users\Public\Desktop\TurboFLOORPLAN Haus- & Wohnungsarchitekt.lnk
[2012.08.03 16:14:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 16:14:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.02 13:47:15 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.24 08:02:16 | 000,557,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.23 15:06:19 | 000,002,645 | ---- | M] () -- C:\Users\Public\Desktop\PaperPort.lnk
[2012.07.20 12:00:56 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012.07.11 08:34:20 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.03 17:20:17 | 000,002,436 | ---- | C] () -- C:\Users\Public\Desktop\TurboFLOORPLAN Haus- & Wohnungsarchitekt.lnk
[2012.07.23 15:07:03 | 000,030,943 | ---- | C] () -- C:\Windows\maxlink.ini
[2012.07.23 15:06:19 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\PaperPort.lnk
[2012.07.20 11:58:56 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012.07.11 08:34:26 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\Start Registry Reviver for A_BELL@****************(logon).job
[2012.07.11 08:34:20 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2012.02.12 18:00:09 | 000,001,441 | ---- | C] () -- C:\Windows\cwbc_d64.ini
[2012.02.08 09:10:26 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\CIUtils.dll
[2011.12.27 15:37:05 | 000,000,129 | ---- | C] () -- C:\Windows\KurusDeinstall.INI
[2011.11.07 12:55:08 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2011.11.07 12:54:18 | 000,000,113 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2011.11.07 12:49:55 | 000,000,114 | ---- | C] () -- C:\Windows\Startup.INI
[2011.07.26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.10 08:31:13 | 000,000,200 | ---- | C] () -- C:\Windows\AUDC80UI.dat
[2011.03.07 22:24:50 | 001,536,512 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.09 20:24:15 | 000,005,632 | ---- | C] () -- C:\Users\****************\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2011.03.16 17:00:12 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\3DataManager
[2011.07.04 22:22:28 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Acoustica
[2012.02.21 17:32:42 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Amazon
[2011.04.02 11:24:53 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Anvil Studio
[2011.04.07 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Artweaver
[2011.12.22 10:07:51 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Audacity
[2012.07.05 12:41:04 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Babylon
[2009.12.23 13:07:13 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Bytemobile
[2010.05.30 09:32:22 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Canon
[2011.06.29 19:36:27 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.06.26 19:14:15 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\easycdda
[2010.12.12 14:24:45 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.03.21 20:44:35 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\FileZilla
[2012.03.13 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Franzis
[2011.04.01 08:48:31 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Greyfirst
[2011.07.02 15:17:05 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\gtk-2.0
[2012.08.01 08:58:47 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\HCM Updater
[2012.08.04 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\hellomoto
[2011.12.06 09:30:13 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\ICAClient
[2012.02.09 19:10:35 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\IK Multimedia
[2011.07.02 15:19:46 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\IrfanView
[2011.08.10 18:42:00 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\MAGIX
[2012.07.12 19:03:32 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Media Finder
[2012.03.16 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Notepad++
[2011.03.07 21:12:06 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Nvu
[2010.04.04 10:11:43 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Program Files (x86)
[2012.07.11 08:34:20 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Reviversoft
[2011.08.09 08:26:13 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Samsung
[2012.05.01 12:39:13 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Screenbrush
[2011.04.05 12:44:59 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\SoftGrid Client
[2010.01.11 16:05:56 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\TeamViewer
[2010.03.03 08:49:19 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Toshiba
[2011.03.27 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\TP
[2011.12.24 11:28:14 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\TuneUp Software
[2012.04.25 18:07:15 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\UDC Profiles
[2011.12.27 18:00:01 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Visan
[2011.01.19 21:22:53 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\WinBatch
[2012.02.03 12:24:57 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Windows Live Writer
[2012.03.26 10:05:04 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Xilisoft
[2012.04.07 09:48:30 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.04 18:04:38 | 000,000,298 | ---- | M] () -- C:\Windows\Tasks\Start Registry Reviver for A_BELL@****************(logon).job
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

t'john 05.08.2012 12:22
:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f000000000000701a0449888d&tlver=1.4.19.19&ss=1&affID=17395
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=113480&tt=010712_1&babsrc=HP_ss&mntrId=6654c29f000000000000000000000000
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_1&babsrc=SP_ss&mntrId=6654c29f000000000000000000000000
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f000000000000701a0449888d&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_de
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{ADAA75D9-E090-402C-9D24-16B20F50F359}: "URL" = http://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{C3B42F63-B093-425D-B8AC-8D5B49BCDC2F}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f000000000000701a0449888d&tlver=1.4.19.19&ss=1&affID=17395
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - Extension: Babylon Translator = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKU\S-1-5-21-760530631-345354691-2311039666-1000..\Run: [SyncCenter] C:\Users\****************\AppData\Local\Microsoft\Windows\1071\SyncCenter.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{072aba98-efb1-11de-b4ed-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{072aba98-efb1-11de-b4ed-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0b374d59-f3a0-11de-825b-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{0b374d59-f3a0-11de-825b-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{33bd20a7-f3aa-11de-be8f-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{33bd20a7-f3aa-11de-be8f-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{35d3d2f6-b5a2-11df-8f6f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{35d3d2f6-b5a2-11df-8f6f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5e30993c-8f47-11e0-a2f8-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{5e30993c-8f47-11e0-a2f8-002622e51466}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\{888747dc-3fbd-11df-beef-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{888747dc-3fbd-11df-beef-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{978205df-6d3f-11df-a62a-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{978205df-6d3f-11df-a62a-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{f090d2d1-efdc-11de-9b30-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{f090d2d1-efdc-11de-9b30-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f5fa04d5-c899-11de-be4f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f5fa04d5-c899-11de-be4f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{f63572e8-3fc1-11df-9a5e-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{f63572e8-3fc1-11df-9a5e-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{f6357325-3fc1-11df-9a5e-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{f6357325-3fc1-11df-9a5e-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]


[2012.07.05 12:41:04 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Babylon
[2012.08.04 17:33:55 | 000,000,000 | ---D | C] -- C:\Users\****************\AppData\Roaming\hellomoto

[2012.07.11 08:34:20 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2012.07.11 08:34:26 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\Start Registry Reviver for A_BELL@****************(logon).job
[2012.07.11 08:34:20 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Reviversoft
[2012.08.04 18:04:38 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.08.04 18:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012.08.04 17:51:25 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.04 17:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2011.07.26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

gent1961 05.08.2012 14:53
Hallo lieber Helfer,

perfekte Arbeit - hat auf Anhieb funktioniert. Familie ist Happy - Was sollen wir installieren für Prävention - oder gibt es noch nichts?

gent

P.S. Wir spenden gerne

50,-- Euro gespendet

t'john 05.08.2012 20:37
Wir sind noch nicht fertig! :)

Bitte das erzeugte Log posten!
Mit dem Rechner noch nicht surfen!




1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

gent1961 07.08.2012 10:41
# AdwCleaner v1.800 - Logfile created 08/07/2012 at 11:36:34
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Alexander Bell - A_BELL
# Running from : C:\Users\Alexander Bell\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Alexander Bell\AppData\Local\APN
Folder Found : C:\Users\Alexander Bell\AppData\Local\Conduit
Folder Found : C:\Users\Alexander Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\Conduit
Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\NCH_EN
Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\softonic-de3
Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Babylon
Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Media Finder
Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\Conduit
Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\ConduitCommon
Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\ConduitEngine
Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\CT2801948
Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\extensions\engine@conduit.com
Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\BabylonToolbar
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\I Want This
Folder Found : C:\Program Files (x86)\NCH_EN
Folder Found : C:\Program Files (x86)\softonic-de3
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\searchplugins\Conduit.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\I Want This
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook
Key Found : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Key Found : HKLM\SOFTWARE\NCH_EN
Key Found : HKLM\SOFTWARE\softonic-de3
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\AppDataLow\Software\I Want This
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\BabylonToolbar
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\Cr_Installer
[x64] Key Found : HKCU\Software\MediaFinder
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\b
[x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook
[x64] Key Found : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\MF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BFC4DBF3-6B86-4ABB-8CCF-47BD70595BB2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90D07F0-4F90-49AA-BBD5-B5BECA04A4FF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5BD68C4-1007-43EA-9B2A-684013BE9CA2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9320C965-C965-4959-BB7B-8932C29AA607}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0792F87A-A7C9-4682-98AB-4BE731816CF9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29E71584-08D7-4078-8C1D-E02D98557257}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BFC4DBF3-6B86-4ABB-8CCF-47BD70595BB2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFC4DBF3-6B86-4ABB-8CCF-47BD70595BB2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{125B7A09-B405-46FB-95FB-96CF6B72992D}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFC4DBF3-6B86-4ABB-8CCF-47BD70595BB2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\prefs.js

Found : user_pref("CT2431245..clientLogIsEnabled", false);
Found : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2431245.CTID", "CT2431245");
Found : user_pref("CT2431245.CurrentServerDate", "8-3-2011");
Found : user_pref("CT2431245.DialogsAlignMode", "LTR");
Found : user_pref("CT2431245.DownloadReferralCookieData", "");
Found : user_pref("CT2431245.EMailNotifierPollDate", "Tue Mar 08 2011 09:01:50 GMT+0100");
Found : user_pref("CT2431245.FeedLastCount129009402595187825", 721);
Found : user_pref("CT2431245.FeedPollDate7470634014180506963", "Tue Mar 08 2011 08:34:38 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634014269327586", "Tue Mar 08 2011 08:34:37 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634014329599698", "Tue Mar 08 2011 08:34:37 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634014537505092", "Tue Mar 08 2011 08:34:37 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634014970726540", "Tue Mar 08 2011 08:34:37 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634015410831318", "Tue Mar 08 2011 08:34:39 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634015483395460", "Tue Mar 08 2011 08:34:38 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634015636754705", "Tue Mar 08 2011 08:34:38 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634015768347545", "Tue Mar 08 2011 08:34:38 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634015855543602", "Tue Mar 08 2011 08:34:37 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016030710453", "Tue Mar 08 2011 08:34:36 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016114705611", "Tue Mar 08 2011 08:34:39 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016129205152", "Tue Mar 08 2011 08:34:39 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016143724791", "Tue Mar 08 2011 08:34:39 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016271239162", "Tue Mar 08 2011 08:34:39 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016568520719", "Tue Mar 08 2011 08:34:38 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634016726993788", "Tue Mar 08 2011 08:34:36 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017109031809", "Tue Mar 08 2011 08:34:38 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017132743740", "Tue Mar 08 2011 08:34:38 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017299547668", "Tue Mar 08 2011 08:34:39 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017302327846", "Tue Mar 08 2011 08:34:38 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017344111490", "Tue Mar 08 2011 08:34:37 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017478360748", "Tue Mar 08 2011 08:34:39 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017732797593", "Tue Mar 08 2011 08:34:37 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634017821686064", "Tue Mar 08 2011 08:34:39 GMT+0100");
Found : user_pref("CT2431245.FeedPollDate7470634018090228721", "Tue Mar 08 2011 08:34:39 GMT+0100");
Found : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Found : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Found : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Found : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Found : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Found : user_pref("CT2431245.FirstServerDate", "7-3-2011");
Found : user_pref("CT2431245.FirstTime", true);
Found : user_pref("CT2431245.FirstTimeFF3", true);
Found : user_pref("CT2431245.FixPageNotFoundErrors", true);
Found : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2431245.HasUserGlobalKeys", true);
Found : user_pref("CT2431245.Initialize", true);
Found : user_pref("CT2431245.InitializeCommonPrefs", true);
Found : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2431245.InstallationId", "Unknown");
Found : user_pref("CT2431245.InstallationType", "ExternalIntegration");
Found : user_pref("CT2431245.InstalledDate", "Mon Mar 07 2011 16:21:15 GMT+0100");
Found : user_pref("CT2431245.InvalidateCache", false);
Found : user_pref("CT2431245.IsGrouping", false);
Found : user_pref("CT2431245.IsMulticommunity", false);
Found : user_pref("CT2431245.IsOpenThankYouPage", false);
Found : user_pref("CT2431245.IsOpenUninstallPage", true);
Found : user_pref("CT2431245.LanguagePackLastCheckTime", "Mon Mar 07 2011 16:21:15 GMT+0100");
Found : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2431245.LastLogin_3.2.5.2", "Tue Mar 08 2011 08:34:36 GMT+0100");
Found : user_pref("CT2431245.LatestVersion", "3.2.5.2");
Found : user_pref("CT2431245.Locale", "de-de");
Found : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Found : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Found : user_pref("CT2431245.RadioIsPodcast", false);
Found : user_pref("CT2431245.RadioLastCheckTime", "Mon Mar 07 2011 16:21:17 GMT+0100");
Found : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Found : user_pref("CT2431245.RadioMediaID", "20503672");
Found : user_pref("CT2431245.RadioMediaType", "Media Player");
Found : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Found : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Found : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Found : user_pref("CT2431245.SavedHomepage", "hxxp://www.uschibell.at/");
Found : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Found : user_pref("CT2431245.SearchInNewTabEnabled", true);
Found : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Mon Mar 07 2011 16:21:15 GMT+0100");
Found : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2431245.ServiceMapLastCheckTime", "Mon Mar 07 2011 16:21:13 GMT+0100");
Found : user_pref("CT2431245.SettingsLastCheckTime", "Tue Mar 08 2011 08:34:35 GMT+0100");
Found : user_pref("CT2431245.SettingsLastUpdate", "1299543701");
Found : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Mon Mar 07 2011 16:21:13 GMT+0100");
Found : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT2431245.UserID", "UN17250414063437802");
Found : user_pref("CT2431245.WeatherNetwork", "");
Found : user_pref("CT2431245.WeatherPollDate", "Tue Mar 08 2011 08:34:38 GMT+0100");
Found : user_pref("CT2431245.WeatherUnit", "C");
Found : user_pref("CT2431245.alertChannelId", "825452");
Found : user_pref("CT2431245.backendstorage._fb_dailyactivity", "31323939353131323739333333");
Found : user_pref("CT2431245.backendstorage._fb_lifetimesent", "54525545");
Found : user_pref("CT2431245.backendstorage.facebook_ctid_connect_send", "73656E646564");
Found : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Found : user_pref("CT2431245.backendstorage.li_dailyactivity", "31323939353639363738343630");
Found : user_pref("CT2431245.backendstorage.li_lifetimesent", "54525545");
Found : user_pref("CT2431245.components.1000034", false);
Found : user_pref("CT2431245.components.1000234", false);
Found : user_pref("CT2431245.components.129009402593156547", false);
Found : user_pref("CT2431245.components.129009402595656583", false);
Found : user_pref("CT2431245.components.3101995424177833784", false);
Found : user_pref("CT2431245.components.5605168323123821535", false);
Found : user_pref("CT2431245.myStuffEnabled", true);
Found : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2431245.testingCtid", "");
Found : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Mon Mar 07 2011 16:21:14 GMT+0100");
Found : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Mon Mar 07 2011 16:21:15 GMT+0100");
Found : user_pref("CT2431245.usagesFlag", 2);
Found : user_pref("CT2801948..clientLogIsEnabled", false);
Found : user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2801948.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2801948.AppTrackingLastCheckTime", "Fri Jul 13 2012 08:11:13 GMT+0200");
Found : user_pref("CT2801948.BrowserCompStateIsOpen_129797777221477754", true);
Found : user_pref("CT2801948.BrowserCompStateIsOpen_129797786124759251", true);
Found : user_pref("CT2801948.BrowserCompStateIsOpen_129798077186217960", true);
Found : user_pref("CT2801948.BrowserCompStateIsOpen_129799503686523541", true);
Found : user_pref("CT2801948.BrowserCompStateIsOpen_129815072111847605", true);
Found : user_pref("CT2801948.CTID", "CT2801948");
Found : user_pref("CT2801948.CurrentServerDate", "7-8-2012");
Found : user_pref("CT2801948.DSChangedManually", false);
Found : user_pref("CT2801948.DSInstall", true);
Found : user_pref("CT2801948.DSProtectChoice", true);
Found : user_pref("CT2801948.DSProtectCount", 1);
Found : user_pref("CT2801948.DialogsAlignMode", "LTR");
Found : user_pref("CT2801948.DialogsGetterLastCheckTime", "Mon Aug 06 2012 14:43:42 GMT+0200");
Found : user_pref("CT2801948.DownloadReferralCookieData", "");
Found : user_pref("CT2801948.EMailNotifierPollDate", "Tue Aug 07 2012 11:32:06 GMT+0200");
Found : user_pref("CT2801948.FirstServerDate", "24-12-2011");
Found : user_pref("CT2801948.FirstTime", true);
Found : user_pref("CT2801948.FirstTimeFF3", true);
Found : user_pref("CT2801948.FixPageNotFoundErrors", true);
Found : user_pref("CT2801948.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2801948.HPInstall", true);
Found : user_pref("CT2801948.HPProtectChoice", true);
Found : user_pref("CT2801948.HPProtectCount", 1);
Found : user_pref("CT2801948.HasUserGlobalKeys", true);
Found : user_pref("CT2801948.HomePageProtectorEnabled", false);
Found : user_pref("CT2801948.HomepageBeforeUnload", "hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&[...]
Found : user_pref("CT2801948.Initialize", true);
Found : user_pref("CT2801948.InitializeCommonPrefs", true);
Found : user_pref("CT2801948.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2801948.InstallationId", "ConduitNSISIntegration");
Found : user_pref("CT2801948.InstallationType", "ConduitXPEIntegration");
Found : user_pref("CT2801948.InstalledDate", "Sat Dec 24 2011 10:27:04 GMT+0100");
Found : user_pref("CT2801948.InvalidateCache", false);
Found : user_pref("CT2801948.IsAlertDBUpdated", true);
Found : user_pref("CT2801948.IsGrouping", false);
Found : user_pref("CT2801948.IsInitSetupIni", true);
Found : user_pref("CT2801948.IsMulticommunity", false);
Found : user_pref("CT2801948.IsOpenThankYouPage", false);
Found : user_pref("CT2801948.IsOpenUninstallPage", true);
Found : user_pref("CT2801948.IsProtectorsInit", true);
Found : user_pref("CT2801948.LanguagePackLastCheckTime", "Tue Aug 07 2012 09:14:05 GMT+0200");
Found : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2801948.LastLogin_3.10.0.1", "Wed Apr 18 2012 08:13:26 GMT+0200");
Found : user_pref("CT2801948.LastLogin_3.12.0.7", "Wed Apr 25 2012 12:40:05 GMT+0200");
Found : user_pref("CT2801948.LastLogin_3.12.2.3", "Wed May 30 2012 12:39:36 GMT+0200");
Found : user_pref("CT2801948.LastLogin_3.13.0.6", "Mon Jul 16 2012 13:26:22 GMT+0200");
Found : user_pref("CT2801948.LastLogin_3.14.1.0", "Tue Aug 07 2012 09:14:05 GMT+0200");
Found : user_pref("CT2801948.LastLogin_3.8.1.0", "Wed Jan 11 2012 12:32:49 GMT+0100");
Found : user_pref("CT2801948.LastLogin_3.9.0.3", "Wed Mar 07 2012 07:57:52 GMT+0100");
Found : user_pref("CT2801948.LatestVersion", "3.14.1.0");
Found : user_pref("CT2801948.Locale", "en-us");
Found : user_pref("CT2801948.MCDetectTooltipHeight", "83");
Found : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2801948.MCDetectTooltipWidth", "295");
Found : user_pref("CT2801948.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2801948.OriginalFirstVersion", "3.8.1.0");
Found : user_pref("CT2801948.RadioIsPodcast", false);
Found : user_pref("CT2801948.RadioLastCheckTime", "Tue Aug 07 2012 09:14:04 GMT+0200");
Found : user_pref("CT2801948.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2801948.RadioLastUpdateServer", "129307496595170000");
Found : user_pref("CT2801948.RadioMediaID", "21435220");
Found : user_pref("CT2801948.RadioMediaType", "Media Player");
Found : user_pref("CT2801948.RadioMenuSelectedID", "EBRadioMenu_CT280194821435220");
Found : user_pref("CT2801948.RadioShrinkedFromSetup", false);
Found : user_pref("CT2801948.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Found : user_pref("CT2801948.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...]
Found : user_pref("CT2801948.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2801948.SavedHomepage", "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=6654c29f0000000[...]
Found : user_pref("CT2801948.SearchCaption", "NCH EN Customized Web Search");
Found : user_pref("CT2801948.SearchEngineBeforeUnload", "NCH EN Customized Web Search");
Found : user_pref("CT2801948.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2801948.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...]
Found : user_pref("CT2801948.SearchInNewTabEnabled", true);
Found : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2801948.SearchInNewTabLastCheckTime", "Tue Aug 07 2012 09:14:04 GMT+0200");
Found : user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2801948.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2801948.SearchProtectorEnabled", true);
Found : user_pref("CT2801948.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2801948.SendProtectorDataViaLogin", true);
Found : user_pref("CT2801948.ServiceMapLastCheckTime", "Tue Aug 07 2012 09:14:04 GMT+0200");
Found : user_pref("CT2801948.SettingsLastCheckTime", "Tue Aug 07 2012 11:26:22 GMT+0200");
Found : user_pref("CT2801948.SettingsLastUpdate", "1343176900");
Found : user_pref("CT2801948.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13");
Found : user_pref("CT2801948.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2801948.ThirdPartyComponentsLastCheck", "Wed Jul 25 2012 13:52:24 GMT+0200");
Found : user_pref("CT2801948.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT2801948.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801948");
Found : user_pref("CT2801948.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2801948.UserID", "UN71313007027839873");
Found : user_pref("CT2801948.ValidationData_Search", 2);
Found : user_pref("CT2801948.ValidationData_Toolbar", 2);
Found : user_pref("CT2801948.WeatherNetwork", "");
Found : user_pref("CT2801948.WeatherPollDate", "Tue Aug 07 2012 11:26:27 GMT+0200");
Found : user_pref("CT2801948.WeatherUnit", "C");
Found : user_pref("CT2801948.alertChannelId", "1194029");
Found : user_pref("CT2801948.autoDisableScopes", -1);
Found : user_pref("CT2801948.backendstorage.amazonnew_all", "323534383737312C323630333032312C3230323436312C3[...]
Found : user_pref("CT2801948.backendstorage.cbcountry_000", "4154");
Found : user_pref("CT2801948.backendstorage.cbfirsttime", "5765642041707220323520323031322031323A34303A30382[...]
Found : user_pref("CT2801948.backendstorage.dealplyhardid", "363034333136393335363538313633313730");
Found : user_pref("CT2801948.backendstorage.dealplyheartbitdate", "3131325F335F3237");
Found : user_pref("CT2801948.backendstorage.dealplywasshownctsettingswidget", "31");
Found : user_pref("CT2801948.backendstorage.hxxp://pinterest_aot_im.isenabled", "59");
Found : user_pref("CT2801948.backendstorage.shoppingapp.gk.exipres", "4D6F6E2041707220333020323031322031323A[...]
Found : user_pref("CT2801948.backendstorage.shoppingapp.gk.geolocation", "61757374726961");
Found : user_pref("CT2801948.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Found : user_pref("CT2801948.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365");
Found : user_pref("CT2801948.backendstorage.url_history0001", "68747470733A2F2F706F7274616C2E73706B2D74732E6[...]
Found : user_pref("CT2801948.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2801948.globalFirstTimeInfoLastCheckTime", "Wed Aug 01 2012 07:56:47 GMT+0200");
Found : user_pref("CT2801948.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2801948.initDone", true);
Found : user_pref("CT2801948.isAppTrackingManagerOn", true);
Found : user_pref("CT2801948.isFirstRadioInstallation", false);
Found : user_pref("CT2801948.myStuffEnabled", true);
Found : user_pref("CT2801948.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2801948.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2801948.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2801948.oldAppsList", "129306881620344305,129306881621438061,111,129306881624250628,129[...]
Found : user_pref("CT2801948.revertSettingsEnabled", true);
Found : user_pref("CT2801948.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2801948.searchProtectorEnableByLogin", true);
Found : user_pref("CT2801948.testingCtid", "");
Found : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Tue Aug 07 2012 09:14:05 GMT+0200");
Found : user_pref("CT2801948.toolbarContextMenuLastCheckTime", "Wed Jul 25 2012 11:00:57 GMT+0200");
Found : user_pref("CT2801948.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801948&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "NCH EN Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194029/1189706/AT", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/AT", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.EngineOwner", "CT2431245");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3");
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Alexander Bell\\AppData\\Roaming\\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2431245,CT2801948");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245,CT2801948");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2801948");
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Apr 27 2011 08:42:27 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Apr 27 2011 08:42:27 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "5a77ee70-d858-47e2-9250-af1cc0459a16");
Found : user_pref("CommunityToolbar.globalUserId", "4ced2ced-56ee-4e58-8b9b-42c59374f697");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801948");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Jul 31 2012 15:15:4[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Aug 07 2012 09:14:13 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Aug 07 2012 09:14:05 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "8768956e-4c2e-438c-911f-1fb3e28b6b87");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=6654c[...]
Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Found : user_pref("ConduitEngine.FirstServerDate", "03/07/2011 18");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Mon Mar 07 2011 16:21:14 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Mar 07 2011 16:21:14 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Tue Mar 08 2011 08:34:37 GMT+0100");
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Mar 08 2011 08:34:37 GMT+0100");
Found : user_pref("ConduitEngine.UserID", "UN51157367057178923");
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Mar 07 2011 16:21:14 GMT+0100");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.usagesFlag", 1);
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&tt=010712_1&babsrc=NT_ss&mn[...]
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.defaultthis.engineName", "NCH EN Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&Sea[...]
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "NCH EN Customized Web Search");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 27);
Found : user_pref("extensions.BabylonToolbar.cntry", "AT");
Found : user_pref("extensions.BabylonToolbar.firstRun", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "0FE659510CB275944ED85D7A71EA40B1");
Found : user_pref("extensions.BabylonToolbar.lastActv", "27");
Found : user_pref("extensions.BabylonToolbar.lastDP", 27);
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=010712_1");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "6654c29f000000000000000000000000");
Found : user_pref("extensions.BabylonToolbar_i.id", "6654c29f000000000000000000000000");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15526");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=01071[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:41:15");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&q=");

-\\ Google Chrome v21.0.1180.60

File : C:\Users\Alexander Bell\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "homepage": "hxxp://search.babylon.com/?affID=113480&tt=010712_1&babsrc=HP_ss&mntrId=6654c29f0[...]
Found : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=113480&tt=010712_1&babsrc[...]
Found : "icon_url": "hxxp://facemoods.com/favicon.ico",
Found : "keyword": "babylontoolbar",
Found : "name": "Search the web (Babylon)",
Found : "search_url": "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f00000000[...]
Found : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Found : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Found : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]
Found : "description": "The plug-in from the General-Crawler.com website which lets the users[...]
Found : "homepage_url": "hxxp://www.general-crawler.com",
Found : "name": "General Crawler",
Found : "update_url": "hxxp://1.update.general-crawler.com/updates/update_chrome.xml",
Found : "description": "Babylon tool translates texts from within your Google Chrome in a sin[...]
Found : "128": "babylon48.png",
Found : "48": "babylon48.png"
Found : "name": "Babylon Translator",
Found : "path": "BabylonChromePI.dll",
Found : "homepage": "hxxp://search.babylon.com/?affID=113480&tt=010712_1&babsrc=HP_ss&mntrId=6654c29f0000[...]
Found : "name": "Babylon Chrome Plugin",
Found : "path": "C:\\Users\\Alexander Bell\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Ex[...]
Found : "name": "Babylon Chrome Plugin"
Found : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=113480&tt=010712_1&babsrc=HP[...]

*************************

AdwCleaner[R1].txt - [53989 octets] - [07/08/2012 11:36:34]

########## EOF - C:\AdwCleaner[R1].txt - [54118 octets] ##########

Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.08.07.02

Windows 7 x64 FAT32
Internet Explorer 9.0.8112.16421
Alexander Bell :: A_BELL [Administrator]

Schutz: Aktiviert

07.08.2012 09:37:40
mbam-log-2012-08-07 (11-18-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 530086
Laufzeit: 1 Stunde(n), 39 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 35
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINSTALL.EXE (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Daten: 215 Apps -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\Alexander Bell\AppData\Local\I Want This (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Users\Alexander Bell\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Keine Aktion durchgeführt.

Infizierte Dateien: 16
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Users\Alexander Bell\AppData\Local\Microsoft\Windows\1071\SyncCenter.exe (Trojan.Cridex) -> Keine Aktion durchgeführt.
C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_artweaver-free.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_audio-converter.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_cdcovercreator.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_expressit.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_gimp(2).exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_nvu.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_yahoo-sitebuilder.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Alexander Bell\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\I Want This\I Want This.dll (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

(Ende)

t'john 07.08.2012 13:17
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

gent1961 08.08.2012 16:05
Emsisoft Anti-Malware - Version 6.6
quarantine log

Datum Ursprung Vorgang Verhalten/Infektion
08.08.2012 10:46:29 C:\Program Files (x86)\Lugert Verlag\Forte 3000\Update.exe In Quarantäne gestellt Trojan.Win32.KillDisk.dw!E1

t'john 08.08.2012 16:21
Das ist nicht vollstaendig!

Siehe Anleitung, wo du logfiles findest!

gent1961 10.08.2012 13:34
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 08.08.2012 08:53:01

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, Q:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 08.08.2012 08:54:04

C:\Program Files (x86)\Lugert Verlag\Forte 3000\Update.exe gefunden: Trojan.Win32.KillDisk.dw!E1

Gescannt 783007
Gefunden 1

Scan Ende: 08.08.2012 10:39:08
Scan Zeit: 1:45:04

C:\Program Files (x86)\Lugert Verlag\Forte 3000\Update.exe Quarantäne Trojan.Win32.KillDisk.dw!E1

Quarantäne 1

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 08.08.2012 08:53:01

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, Q:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 09.08.2012 10:27:12


Gescannt 783294
Gefunden 0

Scan Ende: 09.08.2012 12:06:05
Scan Zeit: 1:38:53

Wir hoffen daß das die Datein sind - wenn nicht bitten wir um kurze Info

t'john 10.08.2012 15:00
Wo ist das adwLog?

t'john 09.09.2012 02:28
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131