Sorry, hat was länger gedauert.
Zur Info:
Hatte zwischenzeitlich Firefox wieder aufgespielt um zu sehen ob da wieder alles normal aussieht.
Dann noch mal AdwCleaner laufen lassen. Darum zwei AdwCleaner Logs.
Sieht wieder OK aus, aber hier die Logs:
AdwCleaner[S1]:AdwCleaner Logfile: Code:
# AdwCleaner v2.200 - Datei am 17/04/2013 um 03:12:16 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Mark & Marion - TOSHI2
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mark & Marion\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : BrowserProtect
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
Datei Gelöscht : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
Datei Gelöscht : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
Datei Gelöscht : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Mark & Marion\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Mark & Marion\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Mark & Marion\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
Datei Gelöscht : C:\Users\Mark & Marion\AppData\Roaming\Mozilla\Firefox\Profiles\qhxky3tu.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Mark & Marion\AppData\Roaming\Mozilla\Firefox\Profiles\qhxky3tu.default\bprotector_prefs.js
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files\Common Files\Software Update Utility
Ordner Gelöscht : C:\Program Files\Free Offers from Freeze.com
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Mark & Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\Mark & Marion\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Mark & Marion\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Mark & Marion\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Mark & Marion\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Mark & Marion\AppData\Roaming\Desktopicon
Ordner Gelöscht : C:\Users\Mark & Marion\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Mark & Marion\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Mark & Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\Mark & Marion\AppData\Roaming\Mozilla\Firefox\Profiles\qhxky3tu.default\SweetIMToolbarData
Ordner Gelöscht : C:\Users\Mark & Marion\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\f6de8bb638ed48
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DesktopIconAmazon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\f6de8bb638ed48
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKU\S-1-5-21-1994661071-366362251-4049394410-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Datei : C:\Users\Mark & Marion\AppData\Roaming\Mozilla\Firefox\Profiles\qhxky3tu.default\prefs.js
C:\Users\Mark & Marion\AppData\Roaming\Mozilla\Firefox\Profiles\qhxky3tu.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=D00B[...]
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Gelöscht : user_pref("browser.search.selectedEngine", "Delta Search");
Gelöscht : user_pref("extensions.qtl.eng", "Babylon");
Gelöscht : user_pref("extensions.qtl.src.Babylon", true);
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "rosskopf%20karussell");
Gelöscht : user_pref("icqtoolbar.installTime", "1288129478");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.11");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "128805395712880538381288129478706");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1288129482);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wxadmvk1.default\prefs.js
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wxadmvk1.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Mark & Marion\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.2283] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?affID=119776&babsrc=HP_ss&mntrI[...]
*************************
AdwCleaner[S1].txt - [18146 octets] - [17/04/2013 03:12:16]
########## EOF - C:\AdwCleaner[S1].txt - [18207 octets] ##########
--- --- ---
AdwCleaner[S2]:
AdwCleaner Logfile: Code:
# AdwCleaner v2.200 - Datei am 17/04/2013 um 03:55:32 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Mark & Marion - TOSHI2
# Bootmodus : Normal
# Ausgeführt unter : E:\Viren (DELTA SEARCH)\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Users\Mark & Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Mark & Marion\AppData\Roaming\Mozilla\Firefox\Profiles\qhxky3tu.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wxadmvk1.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Mark & Marion\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [18277 octets] - [17/04/2013 03:12:16]
AdwCleaner[S2].txt - [1305 octets] - [17/04/2013 03:55:32]
########## EOF - C:\AdwCleaner[S2].txt - [1365 octets] ##########
--- --- ---
OTL kommt gleich. Das Programm läuft gerade...
Hier die aus OTL:OTL Logfile: Code:
OTL logfile created on: 17.04.2013 12:54:37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Viren (DELTA SEARCH)
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 40,22% Memory free
5,94 Gb Paging File | 4,24 Gb Available in Paging File | 71,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 19,94 Gb Free Space | 16,97% Space Free | Partition Type: NTFS
Drive E: | 113,88 Gb Total Space | 1,02 Gb Free Space | 0,90% Space Free | Partition Type: NTFS
Computer Name: TOSHI2 | User Name: Mark & Marion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - E:\Viren (DELTA SEARCH)\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Tobit Radio.fx\Server\rfx-server.exe ()
PRC - C:\Programme\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe ()
PRC - C:\Programme\PTBSync\PTBSync.exe (ElmüSoft)
PRC - C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.)
PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
PRC - C:\Programme\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Unlocker\UnlockerCOM.dll ()
MOD - C:\Programme\Toshiba\FlashCards\BlackPng.dll ()
MOD - C:\Programme\Toshiba\PCDiag\NotifyPCD.dll ()
MOD - C:\Programme\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Programme\Toshiba\TBS\NotifyTBS.dll ()
MOD - C:\Programme\Toshiba\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Programme\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ()
MOD - C:\Windows\System32\TosCommAPI.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Radio.fx) -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (AdobeActiveFileMonitor10.0) -- C:\Programme\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TemproMonitoringService) -- C:\Programme\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe ()
SRV - (SmartFaceVWatchSrv) -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ConfigFree Service) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (o2flash) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (SSScsiSV) -- C:\Programme\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Programme\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV - (PCASp50) -- File not found
DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (MAUSBTRANSIT) -- File not found
DRV - (IpInIp) -- File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ssudserd) -- C:\Windows\System32\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (NETwNv32) -- C:\Windows\System32\drivers\NETwNv32.sys (Intel Corporation)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (vodafone_K3805-z_dc_enum) -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (MADFUTRANSIT) -- C:\Windows\System32\drivers\MAudioTransit_DFU.sys (M-Audio)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (PortTalk) -- C:\Windows\System32\drivers\ptbtalk.sys (Beyond Logic hxxp://www.beyondlogic.org)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (QIOMem) -- C:\Windows\System32\drivers\QIOMem.sys (TOSHIBA)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (SE27obex) -- C:\Windows\System32\drivers\SE27obex.sys (MCCI)
DRV - (SE27mgmt) -- C:\Windows\System32\drivers\SE27mgmt.sys (MCCI)
DRV - (SE27mdm) -- C:\Windows\System32\drivers\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\Windows\System32\drivers\SE27mdfl.sys (MCCI)
DRV - (SE27bus) -- C:\Windows\System32\drivers\SE27bus.sys (MCCI)
DRV - (NETMDUSB) -- C:\Windows\System32\drivers\NETMD052.sys (Sony Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (Elaborate Bytes AG)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{A7AD7A5F-2382-4EF9-BF45-B0241CB4BBE0}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gmx.net/
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\SearchScopes\{0A0621B5-FC0C-40E4-A1E5-A66925AAF57A}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\SearchScopes\{1BBC9DDF-99AE-499D-9EBA-ED677F279A80}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\SearchScopes\{5794DBC7-BBA7-4041-ADE5-B1BFCDC44A3D}: "URL" = hxxp://suche.sueddeutsche.de/{searchTerms}
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\SearchScopes\{765B5823-F235-4113-816D-CD6B6C6CA61F}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\SearchScopes\{A7AD7A5F-2382-4EF9-BF45-B0241CB4BBE0}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GPTB_deDE311
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\SearchScopes\{D8AAFF7B-A743-4726-B8ED-2BDD30F50736}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\SearchScopes\{E0AC1674-B438-463F-BBEE-37C4A20E7C6C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=860
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: hu%40dictionaries.addons.mozilla.org:1.6.1.1
FF - prefs.js..extensions.enabledAddons: %7B46868735-c3fa-47ce-8ce7-cce51a66aceb%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledAddons: nb-NO%40dictionaries.addons.mozilla.org:2.1.0
FF - prefs.js..extensions.enabledAddons: nn-NO%40dictionaries.addons.mozilla.org:2.1.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.3
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.8
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.31
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: dictionary-switcher@design-noir.de:1.0.1
FF - prefs.js..extensions.enabledItems: hu@dictionaries.addons.mozilla.org:1.6.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: nb-NO@dictionaries.addons.mozilla.org:2.0.10.2
FF - prefs.js..extensions.enabledItems: nn-NO@dictionaries.addons.mozilla.org:2.0.10.2
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: flvripper@harsha:2.0
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: nl-NL@dictionaries.addons.mozilla.org:3.0.1
FF - prefs.js..extensions.enabledItems: danish@dictionaries.addons.mozilla.org:2.1.6
FF - prefs.js..extensions.enabledItems: fr-classique-reforme1990@dictionaries.addons.mozilla.org:4.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..network.proxy.http: "85.233.90.4"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Mark & Marion\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.06.23 23:37:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.06.15 13:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.03 17:19:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2012.08.16 14:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.17 03:26:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.17 03:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.11 19:05:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.11 19:05:50 | 000,000,000 | ---D | M]
[2010.09.06 15:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Extensions
[2010.08.29 00:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008.12.14 13:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.09.06 15:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.04.17 01:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions
[2013.04.17 00:00:40 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.07.16 14:16:39 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(664)
[2009.02.08 21:12:54 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2011.02.18 22:58:34 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}(398)
[2013.02.23 14:48:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.04.17 00:00:40 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010.07.05 14:24:11 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}(533)
[2010.08.18 17:25:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(434)
[2011.03.27 13:47:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(453)
[2010.08.18 17:25:20 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}(435)
[2012.08.11 11:09:47 | 000,000,000 | ---D | M] (Dansk ordbog til stavekontrollen) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\danish@dictionaries.addons.mozilla.org
[2012.10.15 11:07:04 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.07.15 10:35:51 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\dictionary-switcher@design-noir(662).de
[2010.12.10 04:23:02 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2013.03.27 00:58:09 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.07.15 10:35:51 | 000,000,000 | ---D | M] (Dictionnaire français «Classique & Réforme 1990») -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\fr-classique-reforme1990@dictionaries.addons.mozilla(663).org
[2011.01.10 15:19:47 | 000,000,000 | ---D | M] (Hungarian dictionary) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\hu@dictionaries.addons.mozilla.org
[2013.01.09 10:50:23 | 000,000,000 | ---D | M] (Norsk bokmål ordliste) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\nb-NO@dictionaries.addons.mozilla.org
[2013.01.28 01:07:15 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\nl-NL@dictionaries.addons.mozilla.org
[2013.01.09 10:50:22 | 000,000,000 | ---D | M] (Norsk nynorsk ordliste) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\nn-NO@dictionaries.addons.mozilla.org
[2010.07.05 14:24:04 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\piclens@cooliris(532).com
[2010.08.18 17:25:20 | 000,000,000 | ---D | M] (Svensk ordlista) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\Firefox\Profiles\qhxky3tu.default\extensions\sv@dictionaries.addons.mozilla(433).org
[2013.04.01 20:49:25 | 000,117,153 | ---- | M] () (No name found) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\firefox\profiles\qhxky3tu.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2013.03.04 02:07:52 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\firefox\profiles\qhxky3tu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.12.11 12:52:49 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\firefox\profiles\qhxky3tu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 22:36:14 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\firefox\profiles\qhxky3tu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.06 21:36:14 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\firefox\profiles\qhxky3tu.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2009.08.24 21:29:40 | 000,001,626 | ---- | M] () -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\firefox\profiles\qhxky3tu.default\searchplugins\mozilla-add-ons.xml
[2009.08.21 00:18:49 | 000,002,108 | ---- | M] () -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\firefox\profiles\qhxky3tu.default\searchplugins\qtl-3.xml
[2009.08.19 23:56:30 | 000,002,108 | ---- | M] () -- C:\Users\Mark & Marion\AppData\Roaming\mozilla\firefox\profiles\qhxky3tu.default\searchplugins\qtl.xml
[2013.04.17 03:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 19:04:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.17 03:26:05 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.04.12 19:04:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.12 19:04:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.12 19:04:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.04.12 19:04:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.12 19:04:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.08.16 14:01:20 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\VODAFONE\VODAFONE MOBILE CONNECT\OPTIMIZATION CLIENT\ADDON
[2009.06.23 23:37:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.04.10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009.09.25 18:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2013.02.16 00:31:23 | 000,186,432 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010.10.22 21:38:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010.10.22 21:38:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010.10.22 21:38:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010.10.22 21:38:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010.10.22 21:38:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010.10.22 21:39:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010.10.22 21:39:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:45 | 000,002,669 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.gmx.net/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mark & Marion\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mark & Marion\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mark & Marion\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mark & Marion\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Mark & Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Mark & Marion\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Movi Kanti Revo = C:\Users\Mark & Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkcgeghhfjiglphfppinecpcpnnbne\1.0.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Mark & Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Mark & Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Mark & Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2010.12.28 01:29:55 | 000,001,024 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 nero.com
O1 - Hosts: 127.0.0.1 www.nero.com
O1 - Hosts: 127.0.0.1 activate.nero.com
O1 - Hosts: 127.0.0.1 www.activate.nero.com
O1 - Hosts: 127.0.0.1 nero.de
O1 - Hosts: 127.0.0.1 www.nero.de
O1 - Hosts: 127.0.0.1 activate.nero.de
O1 - Hosts: 127.0.0.1 www.activate.nero.de
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PTBSync] C:\Program Files\PTBSync\PTBSync.exe (ElmüSoft)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1994661071-366362251-4049394410-1000..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1994661071-366362251-4049394410-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1994661071-366362251-4049394410-1000..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Mark & Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Programme\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mark & Marion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-1994661071-366362251-4049394410-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53B8BA41-7481-46AB-ACBA-0200ECD597BA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mark & Marion\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark & Marion\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05ddf172-e248-11dd-b917-001e68d38d0d}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
O33 - MountPoints2\{05ddf172-e248-11dd-b917-001e68d38d0d}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
O33 - MountPoints2\{05ddf17e-e248-11dd-b917-001e68d38d0d}\Shell - "" = AutoRun
O33 - MountPoints2\{0aaee4b8-a1f3-11e1-b416-948fb765b59c}\Shell - "" = AutoRun
O33 - MountPoints2\{23596a60-659b-11de-a31f-a4ff38f6a3ad}\Shell - "" = AutoRun
O33 - MountPoints2\{330048e2-493b-11de-8462-c6d3b87bb8a0}\Shell - "" = AutoRun
O33 - MountPoints2\{4d57173b-64e9-11de-97ae-aec096cf53fd}\Shell - "" = AutoRun
O33 - MountPoints2\{c08e06a7-493c-11de-b77f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c54edb09-418d-11e0-906a-f7aaa33129a3}\Shell - "" = AutoRun
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.17 04:57:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark & Marion\Desktop\OTL.exe
[2013.04.17 03:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.04.17 02:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.04.12 19:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.10 16:45:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 16:45:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 16:45:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 16:45:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.10 16:45:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 16:45:12 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 16:45:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 16:45:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 16:39:45 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 16:39:45 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 16:39:44 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 16:39:20 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 16:39:10 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.01 20:49:38 | 000,000,000 | ---D | C] -- C:\Users\Mark & Marion\AppData\Roaming\Avira
[2013.04.01 20:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.04.01 20:43:43 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.04.01 20:43:41 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.01 20:43:41 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.01 20:43:41 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.01 20:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.04.01 20:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.03.22 01:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2009.11.04 13:07:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Mark & Marion\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.17 12:50:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.17 12:50:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.17 12:50:00 | 000,000,995 | ---- | M] () -- C:\Users\Mark & Marion\Documents\PTBSync-AutoExport-Mark Marion.ini
[2013.04.17 12:35:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.17 12:00:00 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2013.04.17 10:50:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.17 04:58:59 | 000,671,462 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.17 04:58:59 | 000,632,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.17 04:58:59 | 000,144,598 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.17 04:58:59 | 000,118,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.17 04:55:17 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.17 04:55:10 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\rbmonitor.job
[2013.04.17 04:53:03 | 000,368,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.17 04:52:43 | 3079,524,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.17 04:33:15 | 000,087,608 | ---- | M] () -- C:\Users\Mark & Marion\AppData\Roaming\inst.exe
[2013.04.17 04:33:15 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Mark & Marion\AppData\Roaming\pcouffin.sys
[2013.04.17 04:33:15 | 000,007,887 | ---- | M] () -- C:\Users\Mark & Marion\AppData\Roaming\pcouffin.cat
[2013.04.17 04:33:15 | 000,001,144 | ---- | M] () -- C:\Users\Mark & Marion\AppData\Roaming\pcouffin.inf
[2013.04.17 03:26:10 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.17 03:21:14 | 000,000,405 | ---- | M] () -- C:\Users\Mark & Marion\Desktop\Viren (DELTA SEARCH) - Verknüpfung.lnk
[2013.04.17 03:12:56 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.17 03:06:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark & Marion\Desktop\OTL.exe
[2013.04.17 03:05:39 | 000,613,083 | ---- | M] () -- C:\Users\Mark & Marion\Desktop\adwcleaner.exe
[2013.04.17 02:14:35 | 000,000,142 | ---- | M] () -- C:\Users\Mark & Marion\Desktop\delta search entfernen.url
[2013.04.17 00:16:03 | 000,212,480 | ---- | M] () -- C:\Users\Mark & Marion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.16 23:53:15 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.04.10 17:59:28 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.10 17:59:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.01 20:43:55 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.01 20:34:57 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.01 20:34:57 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.01 20:34:57 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.01 20:34:57 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.22 01:40:38 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.19 17:21:21 | 000,001,839 | ---- | M] () -- C:\Users\Mark & Marion\Desktop\Skype.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.17 03:26:10 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.17 03:26:10 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.17 03:21:14 | 000,000,405 | ---- | C] () -- C:\Users\Mark & Marion\Desktop\Viren (DELTA SEARCH) - Verknüpfung.lnk
[2013.04.17 03:20:17 | 000,613,083 | ---- | C] () -- C:\Users\Mark & Marion\Desktop\adwcleaner.exe
[2013.04.17 03:12:24 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.17 02:14:13 | 000,000,142 | ---- | C] () -- C:\Users\Mark & Marion\Desktop\delta search entfernen.url
[2013.04.01 20:43:55 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.22 01:40:38 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.03.08 01:57:21 | 000,002,839 | ---- | C] () -- C:\Users\Mark & Marion\.recently-used.xbel
[2012.03.03 22:08:23 | 000,000,055 | ---- | C] () -- C:\Users\Mark & Marion\.gtk-bookmarks
[2012.02.28 20:33:45 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2011.12.03 01:23:48 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.12.03 01:23:48 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.10.20 11:19:07 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2011.06.07 12:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 12:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 12:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 12:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 12:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2010.04.04 22:45:17 | 000,000,552 | ---- | C] () -- C:\Users\Mark & Marion\AppData\Local\d3d8caps.dat
[2010.03.15 19:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.11.09 22:30:57 | 000,000,680 | ---- | C] () -- C:\Users\Mark & Marion\AppData\Local\d3d9caps.dat
[2009.11.04 13:07:57 | 000,087,608 | ---- | C] () -- C:\Users\Mark & Marion\AppData\Roaming\inst.exe
[2009.11.04 13:07:57 | 000,007,887 | ---- | C] () -- C:\Users\Mark & Marion\AppData\Roaming\pcouffin.cat
[2009.11.04 13:07:56 | 000,001,144 | ---- | C] () -- C:\Users\Mark & Marion\AppData\Roaming\pcouffin.inf
[2009.02.12 19:14:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.15 00:40:01 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.10.11 13:57:02 | 000,000,016 | -H-- | C] () -- C:\Users\Mark & Marion\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.10.11 13:57:02 | 000,000,016 | -H-- | C] () -- C:\Users\Mark & Marion\AppData\Local\mxfilerelatedcache.mxc2
[2008.09.18 23:31:18 | 000,212,480 | ---- | C] () -- C:\Users\Mark & Marion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.18 23:07:48 | 000,000,170 | ---- | C] () -- C:\Users\Mark & Marion\AppData\Roaming\wklnhst.dat
[2008.09.18 13:13:44 | 000,000,016 | -H-- | C] () -- C:\Users\Mark & Marion\mxfilerelatedcache.mxc2
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010.02.20 14:59:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2009.01.23 02:11:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2012.08.16 13:29:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Smart PC Cleaner
[2008.10.21 21:41:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2010.07.02 16:24:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vodafone
[2009.10.13 23:45:06 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\uniblue
[2009.02.08 23:13:23 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\acccore
[2011.12.19 00:06:16 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\ACD Systems
[2012.01.21 14:52:24 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Amazon
[2009.11.29 20:01:01 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Any DVD Converter Professional
[2013.04.07 20:03:18 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\BOM
[2010.08.03 21:33:13 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Buhl Data Service
[2012.10.12 13:11:46 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Canon
[2012.04.22 00:12:03 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.07 01:48:10 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009.11.04 13:47:24 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\DVDFab
[2013.01.24 01:47:40 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\DVDVideoSoft
[2012.01.03 21:57:54 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\EAC
[2011.02.23 18:58:06 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\ePaperPress
[2008.11.15 00:40:14 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\flightgear.org
[2011.04.02 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\GetRightToGo
[2012.03.03 22:08:34 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\gtk-2.0
[2013.01.04 16:39:05 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\ICQ
[2011.04.01 23:41:00 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\iScreensaver
[2012.10.01 21:48:02 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Moebelplaner-1203
[2008.09.18 23:04:02 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\myphotobook
[2012.04.11 22:03:23 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\No Company Name
[2008.12.26 12:35:57 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Nokia
[2008.10.18 02:05:33 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\OpenOffice.org
[2008.12.26 14:48:51 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\PC Suite
[2012.10.24 13:23:47 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Samsung
[2011.08.25 18:10:50 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Simfy
[2012.06.03 23:02:46 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Temp
[2009.08.28 08:34:49 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Template
[2010.08.29 00:16:48 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Thunderbird
[2010.08.05 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Tobit
[2010.09.06 15:50:46 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\TomTom
[2008.10.18 02:16:14 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Toshiba
[2008.10.17 00:48:17 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\TuneUp Software
[2012.06.15 00:20:33 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Ulead Systems
[2012.05.10 18:14:33 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Uniblue
[2009.05.25 16:55:59 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Vodafone
[2013.04.17 04:33:15 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\Vso
[2012.11.18 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Mark & Marion\AppData\Roaming\XnView
========== Purity Check ==========
< End of report >
--- --- --- |
Cracks und Keygens