| |
| |||||||
Log-Analyse und Auswertung: Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert wordenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
05.08.2012, 10:28
| #1 |
| |  Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden Hallo, jetzt haben wir auch eine Blockierung des Computers und wir soll mit "Ucash" bezahlen € 100, Ich kann den Rechner nur noch im abgesicherten Modus starten. Ich habe OLT.exe auf Desktop installiert und gestartet und zwei logfiles erstellt. Nebenbei gefragt. Hat schon jemand Anzeige gegen Ukash, die Partner von Ukash und gegen die Behörden gestellt? Dankbar für jede Mitteilung. Werde jetzt die Logfiles senden und hoffe es kann uns jemand halfen. gent OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.08.2012 18:25:05 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\*****************\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,75 Gb Total Physical Memory | 3,14 Gb Available Physical Memory | 83,69% Memory free
7,49 Gb Paging File | 6,93 Gb Available in Paging File | 92,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 90,24 Gb Free Space | 38,75% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
Drive F: | 3,92 Gb Total Space | 3,92 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Computer Name: A_BELL | User Name: ***************** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\FOTO.AT\FOTO AT Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FOTO AT Fotowelt] -- "C:\Program Files (x86)\FOTO.AT\FOTO AT Fotowelt\FOTO AT Fotowelt.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\FOTO.AT\FOTO AT Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FOTO AT Fotowelt] -- "C:\Program Files (x86)\FOTO.AT\FOTO AT Fotowelt\FOTO AT Fotowelt.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038D19B1-0EB3-4656-8A18-2CE7B985D76A}" = lport=138 | protocol=17 | dir=in | app=system |
"{1F488209-A9AF-4E6D-82B9-1C5283A7D0EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31203985-AD44-4953-BF69-B5CE6E1142D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B4B656A-0762-499A-864D-1BFA4289083E}" = lport=137 | protocol=17 | dir=in | app=system |
"{43876BB2-CB2B-45BD-91BD-FFAEE6D0604B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50E33A1A-2DEB-4596-A0EB-6BDEF7BB6CA1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{55281BCC-99B7-473E-89C0-C0F49E90F89D}" = rport=138 | protocol=17 | dir=out | app=system |
"{671F6F6B-DC70-4B21-9CF0-95E5A37EDEE1}" = lport=58432 | protocol=6 | dir=in | app=c:\datev\programm\sws\limaservice.exe |
"{7192EB3C-4BCF-461B-9FD9-C15002AA996D}" = rport=137 | protocol=17 | dir=out | app=system |
"{7AF0848B-38A2-4189-9DEC-F5AC59A04E83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{87A13AE5-6527-486B-AA51-70DCE9D8BA85}" = lport=445 | protocol=6 | dir=in | app=system |
"{94040F20-376F-40F4-BD99-CF13BFD3756D}" = lport=139 | protocol=6 | dir=in | app=system |
"{B4893EBA-8C44-460D-9914-608237F33333}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D0AE444D-3251-4BFC-BE47-E9A280B534B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE8864EF-B1A1-48FF-9C57-B7241B31629E}" = rport=445 | protocol=6 | dir=out | app=system |
"{E43A62CE-9E4F-47F4-8414-36EC11A9DBCD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6570BA6-F1F7-434F-82C0-996F91915F24}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FFC73CE2-E7E1-4901-B4EA-083D54DF643A}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A3C6A2D-4BA9-43B7-AEE2-FFA992B78E37}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1B9840CE-A4A9-4E8B-AA54-A288CE94A53B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{200A77F7-0EF4-4D86-A7BD-E258F5540C78}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{23D1E3DD-0615-4BEA-89CB-F882AA03ECB5}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{3B2EAEC9-529B-4E64-9C52-C2AF7EB6BB80}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D684629-7BC2-4DA2-96D0-D12D10995559}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{424815CB-519B-438D-B233-95B0073730EC}" = protocol=17 | dir=in | app=c:\bb\bbhelper\bandinaboxserver.exe |
"{466A7E39-7F0A-4784-807A-0BC5392E63B9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4F60F09C-F011-4FA4-90C6-23FCAD2F920F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{53594D3E-7244-42A1-B29A-74C320EEF6C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{58CF0351-F0F4-41BD-A69B-CBF346C9C425}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{64F4FA15-9E13-4656-81C4-90A95AAB7C7F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{9F18103E-17CA-45F2-A18A-222E1463AF7D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A545BA1E-4406-4CE0-A3F6-87F84873F776}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{C30484B5-2495-4E42-BA93-90D83AC8C4A9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D6B41980-FB4F-4C65-BF27-2C119362A385}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D95E2562-450E-4C54-83A4-B0AE13ACF221}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{DCFEF7D2-6CA1-42C7-B8B6-8D04E9ED8E09}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{F0B665C2-B46D-4DD7-8DBE-21384E1A9C1C}" = protocol=6 | dir=in | app=c:\bb\bbhelper\bandinaboxserver.exe |
"{FBE6E393-4521-49EF-B3E2-CC9C2C299222}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1D8E71AA-541A-4314-AC11-2EBF2C9CC1CA}" = Studie zur Verbesserung von HP Photosmart Plus B210 series Produkten
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7578548C-6F40-4CBE-B5CF-9310E66557FA}" = HP Photosmart Plus B210 series - Grundlegende Software für das Gerät
"{81F3BC27-141B-635F-5D6B-5DE08D3B5884}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1" = IK Multimedia Authorization Manager version 1.0.5
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0880F03-8480-482E-1606-BC91669B0882}" = ATI Catalyst Install Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1" = AmpliTube 3 version 3.7.0
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Registry Reviver" = Registry Reviver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E73E50-6513-4802-8600-B5A5BA185BE3}" = ScanSoft PaperPort 11
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{29513A7D-CF4E-4DAA-8347-6E56A4BEAB50}" = TurboFLOORPLAN Haus- & Wohnungsarchitekt
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{399B4B31-A4F2-43E6-88EC-DF35AE3679A3}" = MAGIX Screenshare
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4807B2A8-B986-4059-90EF-592995FF8987}" = MAGIX Video Pro X3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5C44D975-5676-DC0F-F517-D2AB70FD50B9}" = MAGIX Online Druck Service
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7EFC9BDF-63E5-430A-0001-A16E27357530}" = Einfach Gute Fotos
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Hilfe
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0
"{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}" = PMB-Aktualisierungsprogramm
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C08BD3F2-5CC0-45EA-996D-5E0101ABFEBD}" = Kreativ Drucken pro
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{C67DC84E-23C0-4E41-A33B-898E75DDACC6}" = MAGIX Speed burnR (MSI)
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D2C45F1B-2CD5-1BF1-DB0E-8F4D8CF95A33}" = hoto Service - powered by myphotobook
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F369DA4F-7993-4E8D-ADBD-60D82FCF93EC}" = MAGIX Music Maker 17
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB0F05FB-CA0A-4F62-9481-3CCA26A96294}" = Samplitude Music Studio 17
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 EasyLogin" = 1&1 EasyLogin
"3DataManager" = 3DataManager
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audio Converter" = Audio Converter
"BabylonToolbar" = Babylon toolbar on IE
"BB_is1" = MegaPAK RealCombos 4
"BBServer_is1" = Band-in-a-Box Server
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Celtx (2.9)" = Celtx (2.9)
"conduitEngine" = Conduit Engine
"CoyoteWT_is1" = CoyoteWT 1.1
"Cut Out Elements_is1" = Cut Out 3.0 Elements
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = hoto Service - powered by myphotobook
"ExpressZip" = Express Zip File Compression Software
"FileZilla Client" = FileZilla Client 3.5.3
"Forte 3000" = Forte 3000
"FOTO AT Fotowelt" = FOTO AT Fotowelt
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"HP-LaserJet 1020 series" = LaserJet 1020 series
"I Want This" = I Want This
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{29513A7D-CF4E-4DAA-8347-6E56A4BEAB50}" = TurboFLOORPLAN Haus- & Wohnungsarchitekt
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"MAGIX_MSI_mm17" = MAGIX Music Maker 17
"MAGIX_MSI_ms17dlx" = Samplitude Music Studio 17
"MAGIX_MSI_Videodeluxe17_pro" = MAGIX Video Pro X3
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NCH_EN Toolbar" = NCH EN Toolbar
"Notepad++" = Notepad++
"Nvu_is1" = Nvu 1.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Only Astrology" = Only Astrology
"PG_DX_Plugins_is1" = PG Music DirectX Plugins 2.0.0.0
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video File Converter
"RealPlayer 15.0" = RealPlayer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Switch" = Switch Sound File Converter
"TeamViewer 5" = TeamViewer 5
"Universal Document Converter_is1" = Universal Document Converter Server Edition
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wondershare Flash Gallery Factory_is1" = Wondershare Flash Gallery Factory 5.2.0.14
"Xilisoft PowerPoint to Video Converter Business" = Xilisoft PowerPoint to Video Converter Business
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"PhotoZoom Express 4" = BenVista PhotoZoom Internet 4.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.08.2012 07:27:12 | Computer Name = A_BELL | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
befindet (Fehler=0x80070002).
Error - 04.08.2012 07:27:12 | Computer Name = A_BELL | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
befindet (Fehler=0x80070002).
Error - 04.08.2012 09:00:11 | Computer Name = A_BELL | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x80070002.
Error - 04.08.2012 09:00:11 | Computer Name = A_BELL | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x80070002.
Error - 04.08.2012 09:00:11 | Computer Name = A_BELL | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
befindet (Fehler=0x80070002).
Error - 04.08.2012 09:00:11 | Computer Name = A_BELL | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
befindet (Fehler=0x80070002).
Error - 04.08.2012 09:31:48 | Computer Name = A_BELL | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x80070002.
Error - 04.08.2012 09:31:48 | Computer Name = A_BELL | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x80070002.
Error - 04.08.2012 09:31:48 | Computer Name = A_BELL | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
befindet (Fehler=0x80070002).
Error - 04.08.2012 09:31:48 | Computer Name = A_BELL | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich
befindet (Fehler=0x80070002).
[ Media Center Events ]
Error - 01.11.2010 06:13:41 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 11:13:41 - Fehler beim Herstellen der Internetverbindung. 11:13:41
- Serververbindung konnte nicht hergestellt werden..
Error - 01.11.2010 06:13:53 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 11:13:46 - Fehler beim Herstellen der Internetverbindung. 11:13:46
- Serververbindung konnte nicht hergestellt werden..
Error - 02.07.2011 03:20:54 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 09:20:54 - Fehler beim Herstellen der Internetverbindung. 09:20:54
- Serververbindung konnte nicht hergestellt werden..
Error - 02.07.2011 03:21:12 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 09:21:04 - Fehler beim Herstellen der Internetverbindung. 09:21:04
- Serververbindung konnte nicht hergestellt werden..
Error - 02.07.2011 04:21:24 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 10:21:24 - Fehler beim Herstellen der Internetverbindung. 10:21:24
- Serververbindung konnte nicht hergestellt werden..
Error - 02.07.2011 04:21:34 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 10:21:29 - Fehler beim Herstellen der Internetverbindung. 10:21:29
- Serververbindung konnte nicht hergestellt werden..
Error - 02.07.2011 05:21:40 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 11:21:40 - Fehler beim Herstellen der Internetverbindung. 11:21:40
- Serververbindung konnte nicht hergestellt werden..
Error - 02.07.2011 05:21:47 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 11:21:45 - Fehler beim Herstellen der Internetverbindung. 11:21:45
- Serververbindung konnte nicht hergestellt werden..
Error - 17.11.2011 03:03:19 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 08:02:38 - Broadband konnte nicht abgerufen werden (Fehler: Fehler
bei der Anforderung mit HTTP-Status 401: Unauthorized.)
Error - 03.02.2012 05:04:22 | Computer Name = A_BELL | Source = MCUpdate | ID = 0
Description = 10:04:21 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
[ System Events ]
Error - 04.08.2012 12:15:06 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.08.2012 12:15:07 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.08.2012 12:15:09 | Computer Name = A_BELL | Source = DCOM | ID = 10005
Description =
Error - 04.08.2012 12:15:09 | Computer Name = A_BELL | Source = DCOM | ID = 10005
Description =
Error - 04.08.2012 12:15:10 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.08.2012 12:15:10 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.08.2012 12:15:10 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.08.2012 12:15:10 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.08.2012 12:15:10 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.08.2012 12:15:10 | Computer Name = A_BELL | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
------------------ OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.08.2012 18:25:05 - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\****************\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 3,14 Gb Available Physical Memory | 83,69% Memory free 7,49 Gb Paging File | 6,93 Gb Available in Paging File | 92,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 90,24 Gb Free Space | 38,75% Space Free | Partition Type: NTFS Drive D: | 232,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Drive F: | 3,92 Gb Total Space | 3,92 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: A_BELL | User Name: **************** | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****************\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (WTGService) -- C:\Program Files (x86)\3DataManager\WTGService.exe () SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8187Se) -- C:\Windows\SysNative\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (GemCCID) -- C:\Windows\SysNative\drivers\GemCCID.sys (Gemalto) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f000000000000701a0449888d&tlver=1.4.19.19&ss=1&affID=17395 IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&locale=de_AT IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&locale=de_AT IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=113480&tt=010712_1&babsrc=HP_ss&mntrId=6654c29f000000000000000000000000 IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_1&babsrc=SP_ss&mntrId=6654c29f000000000000000000000000 IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f000000000000701a0449888d&tlver=1.4.19.19&ss=1&affID=17395 IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_de IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{ADAA75D9-E090-402C-9D24-16B20F50F359}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948 IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{C3B42F63-B093-425D-B8AC-8D5B49BCDC2F}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0 FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1 FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0 FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9 FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1 FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.28 16:12:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.28 16:12:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 15:31:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.28 16:13:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 15:31:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.28 16:13:03 | 000,000,000 | ---D | M] [2011.04.01 08:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****************\AppData\Roaming\mozilla\Extensions [2011.04.01 08:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****************\AppData\Roaming\mozilla\Extensions\celtx@celtx.com [2012.08.01 09:45:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****************\AppData\Roaming\mozilla\Firefox\Profiles\8dzoh320.default\extensions [2012.07.16 15:50:32 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\****************\AppData\Roaming\mozilla\Firefox\Profiles\8dzoh320.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} [2012.08.01 09:45:58 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\****************\AppData\Roaming\mozilla\Firefox\Profiles\8dzoh320.default\extensions\crossriderapp2258@crossrider.com [2011.03.07 15:31:04 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\****************\AppData\Roaming\mozilla\Firefox\Profiles\8dzoh320.default\extensions\engine@conduit.com [2011.09.25 18:55:26 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\****************\AppData\Roaming\mozilla\Firefox\Profiles\8dzoh320.default\extensions\ffxtlbr@babylon.com [2012.06.26 16:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.04.23 07:57:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.04.01 08:48:06 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG [2011.04.01 08:48:06 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM [2011.04.01 08:48:06 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE [2011.04.01 08:48:06 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG [2011.04.01 08:48:06 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG [2011.04.01 08:48:06 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG [2011.04.01 08:48:06 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG [2012.07.20 15:31:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 16:12:23 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.07.20 15:31:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.05 12:41:11 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.07.20 15:31:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.20 15:31:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.20 15:31:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.20 15:31:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.20 15:31:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f000000000000701a0449888d&tlver=1.4.19.19&ss=1&affID=17395 CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\****************\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Babylon Translator = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Skype Click to Call = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\****************\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll (Media Finder) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll (215 Apps) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-760530631-345354691-2311039666-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-760530631-345354691-2311039666-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-760530631-345354691-2311039666-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-760530631-345354691-2311039666-1000..\Run: [SyncCenter] C:\Users\****************\AppData\Local\Microsoft\Windows\1071\SyncCenter.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{040E7A19-88DD-40F4-A733-E048F5716359}: DhcpNameServer = 172.30.3.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B2F5BE6-E297-41AD-BF10-4D6B1DB6A9E7}: DhcpNameServer = 213.153.32.129 213.153.32.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{072aba98-efb1-11de-b4ed-002622e51466}\Shell - "" = AutoRun O33 - MountPoints2\{072aba98-efb1-11de-b4ed-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0b374d59-f3a0-11de-825b-002622e51466}\Shell - "" = AutoRun O33 - MountPoints2\{0b374d59-f3a0-11de-825b-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{33bd20a7-f3aa-11de-be8f-002622e51466}\Shell - "" = AutoRun O33 - MountPoints2\{33bd20a7-f3aa-11de-be8f-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{35d3d2f6-b5a2-11df-8f6f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{35d3d2f6-b5a2-11df-8f6f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5e30993c-8f47-11e0-a2f8-002622e51466}\Shell - "" = AutoRun O33 - MountPoints2\{5e30993c-8f47-11e0-a2f8-002622e51466}\Shell\AutoRun\command - "" = F:\DPFMate.exe O33 - MountPoints2\{888747dc-3fbd-11df-beef-002622e51466}\Shell - "" = AutoRun O33 - MountPoints2\{888747dc-3fbd-11df-beef-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{978205df-6d3f-11df-a62a-002622e51466}\Shell - "" = AutoRun O33 - MountPoints2\{978205df-6d3f-11df-a62a-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{f090d2d1-efdc-11de-9b30-002622e51466}\Shell - "" = AutoRun O33 - MountPoints2\{f090d2d1-efdc-11de-9b30-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f5fa04d5-c899-11de-be4f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f5fa04d5-c899-11de-be4f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe O33 - MountPoints2\{f63572e8-3fc1-11df-9a5e-002622e51466}\Shell - "" = AutoRun O33 - MountPoints2\{f63572e8-3fc1-11df-9a5e-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{f6357325-3fc1-11df-9a5e-002622e51466}\Shell - "" = AutoRun O33 - MountPoints2\{f6357325-3fc1-11df-9a5e-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.04 18:15:25 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\****************\Desktop\OTL.exe [2012.08.04 17:33:55 | 000,000,000 | ---D | C] -- C:\Users\****************\AppData\Roaming\hellomoto [2012.08.03 17:20:22 | 000,000,000 | ---D | C] -- C:\Users\****************\Documents\TurboFLOORPLAN Haus- & Wohnungsarchitekt [2012.08.03 17:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMSIDesign TurboFLOORPLAN [2012.08.03 17:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\IMSIDesign [2012.08.03 17:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMSIDesign [2012.08.01 11:53:08 | 000,000,000 | ---D | C] -- C:\Users\****************\Neuer Ordner [2012.07.23 15:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2012.07.23 15:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 11.0 [2012.07.23 15:05:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2012.07.23 15:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared [2012.07.23 15:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft [2012.07.23 15:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanSoft [2012.07.20 12:01:06 | 000,000,000 | R--D | C] -- C:\Users\****************\Documents\HP Photo Creations [2012.07.12 19:05:39 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.12 19:05:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.12 19:05:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.12 19:05:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.12 19:05:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.12 19:05:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.12 19:05:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.12 19:05:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.12 19:05:34 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.12 19:05:34 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.12 19:05:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.12 19:05:34 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.12 19:05:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.12 08:53:14 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 15:14:16 | 000,000,000 | ---D | C] -- C:\Users\****************\Desktop\Download [2012.07.11 08:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft [2012.07.11 08:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.04 18:14:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.04 18:14:27 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys [2012.08.04 18:10:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\****************\Desktop\OTL.exe [2012.08.04 18:04:38 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.04 18:04:38 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Start Registry Reviver for A_BELL@****************(logon).job [2012.08.04 18:04:35 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.08.04 18:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2012.08.04 17:51:25 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.04 17:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.04 09:39:52 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 09:39:52 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.03 19:08:36 | 001,508,894 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.03 19:08:36 | 000,658,362 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.03 19:08:36 | 000,619,598 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.03 19:08:36 | 000,131,444 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.03 19:08:36 | 000,107,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.03 17:20:17 | 000,002,436 | ---- | M] () -- C:\Users\Public\Desktop\TurboFLOORPLAN Haus- & Wohnungsarchitekt.lnk [2012.08.03 16:14:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 16:14:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.02 13:47:15 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.24 08:02:16 | 000,557,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.23 15:06:19 | 000,002,645 | ---- | M] () -- C:\Users\Public\Desktop\PaperPort.lnk [2012.07.20 12:00:56 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2012.07.11 08:34:20 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Registry Reviver.lnk [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.03 17:20:17 | 000,002,436 | ---- | C] () -- C:\Users\Public\Desktop\TurboFLOORPLAN Haus- & Wohnungsarchitekt.lnk [2012.07.23 15:07:03 | 000,030,943 | ---- | C] () -- C:\Windows\maxlink.ini [2012.07.23 15:06:19 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\PaperPort.lnk [2012.07.20 11:58:56 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2012.07.11 08:34:26 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\Start Registry Reviver for A_BELL@****************(logon).job [2012.07.11 08:34:20 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Registry Reviver.lnk [2012.02.12 18:00:09 | 000,001,441 | ---- | C] () -- C:\Windows\cwbc_d64.ini [2012.02.08 09:10:26 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\CIUtils.dll [2011.12.27 15:37:05 | 000,000,129 | ---- | C] () -- C:\Windows\KurusDeinstall.INI [2011.11.07 12:55:08 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2011.11.07 12:54:18 | 000,000,113 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2011.11.07 12:49:55 | 000,000,114 | ---- | C] () -- C:\Windows\Startup.INI [2011.07.26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.10 08:31:13 | 000,000,200 | ---- | C] () -- C:\Windows\AUDC80UI.dat [2011.03.07 22:24:50 | 001,536,512 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.09 20:24:15 | 000,005,632 | ---- | C] () -- C:\Users\****************\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2011.03.16 17:00:12 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\3DataManager [2011.07.04 22:22:28 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Acoustica [2012.02.21 17:32:42 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Amazon [2011.04.02 11:24:53 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Anvil Studio [2011.04.07 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Artweaver [2011.12.22 10:07:51 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Audacity [2012.07.05 12:41:04 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Babylon [2009.12.23 13:07:13 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Bytemobile [2010.05.30 09:32:22 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Canon [2011.06.29 19:36:27 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2011.06.26 19:14:15 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\easycdda [2010.12.12 14:24:45 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012.03.21 20:44:35 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\FileZilla [2012.03.13 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Franzis [2011.04.01 08:48:31 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Greyfirst [2011.07.02 15:17:05 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\gtk-2.0 [2012.08.01 08:58:47 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\HCM Updater [2012.08.04 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\hellomoto [2011.12.06 09:30:13 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\ICAClient [2012.02.09 19:10:35 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\IK Multimedia [2011.07.02 15:19:46 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\IrfanView [2011.08.10 18:42:00 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\MAGIX [2012.07.12 19:03:32 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Media Finder [2012.03.16 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Notepad++ [2011.03.07 21:12:06 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Nvu [2010.04.04 10:11:43 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Program Files (x86) [2012.07.11 08:34:20 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Reviversoft [2011.08.09 08:26:13 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Samsung [2012.05.01 12:39:13 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Screenbrush [2011.04.05 12:44:59 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\SoftGrid Client [2010.01.11 16:05:56 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\TeamViewer [2010.03.03 08:49:19 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Toshiba [2011.03.27 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\TP [2011.12.24 11:28:14 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\TuneUp Software [2012.04.25 18:07:15 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\UDC Profiles [2011.12.27 18:00:01 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Visan [2011.01.19 21:22:53 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\WinBatch [2012.02.03 12:24:57 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Windows Live Writer [2012.03.26 10:05:04 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Xilisoft [2012.04.07 09:48:30 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.08.04 18:04:38 | 000,000,298 | ---- | M] () -- C:\Windows\Tasks\Start Registry Reviver for A_BELL@****************(logon).job ========== Purity Check ========== < End of report > Geändert von gent1961 (05.08.2012 um 10:33 Uhr) Grund: OLT Logfiles |
|
05.08.2012, 12:22
| #2 |
| /// Helfer-Team  | Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f000000000000701a0449888d&tlver=1.4.19.19&ss=1&affID=17395
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=113480&tt=010712_1&babsrc=HP_ss&mntrId=6654c29f000000000000000000000000
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_1&babsrc=SP_ss&mntrId=6654c29f000000000000000000000000
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f000000000000701a0449888d&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_de
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{ADAA75D9-E090-402C-9D24-16B20F50F359}: "URL" = http://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\SearchScopes\{C3B42F63-B093-425D-B8AC-8D5B49BCDC2F}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-760530631-345354691-2311039666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f000000000000701a0449888d&tlver=1.4.19.19&ss=1&affID=17395
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - Extension: Babylon Translator = C:\Users\****************\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-760530631-345354691-2311039666-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKU\S-1-5-21-760530631-345354691-2311039666-1000..\Run: [SyncCenter] C:\Users\****************\AppData\Local\Microsoft\Windows\1071\SyncCenter.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{072aba98-efb1-11de-b4ed-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{072aba98-efb1-11de-b4ed-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0b374d59-f3a0-11de-825b-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{0b374d59-f3a0-11de-825b-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{33bd20a7-f3aa-11de-be8f-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{33bd20a7-f3aa-11de-be8f-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{35d3d2f6-b5a2-11df-8f6f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{35d3d2f6-b5a2-11df-8f6f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5e30993c-8f47-11e0-a2f8-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{5e30993c-8f47-11e0-a2f8-002622e51466}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\{888747dc-3fbd-11df-beef-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{888747dc-3fbd-11df-beef-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{978205df-6d3f-11df-a62a-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{978205df-6d3f-11df-a62a-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{f090d2d1-efdc-11de-9b30-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{f090d2d1-efdc-11de-9b30-002622e51466}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f5fa04d5-c899-11de-be4f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f5fa04d5-c899-11de-be4f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{f63572e8-3fc1-11df-9a5e-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{f63572e8-3fc1-11df-9a5e-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{f6357325-3fc1-11df-9a5e-002622e51466}\Shell - "" = AutoRun
O33 - MountPoints2\{f6357325-3fc1-11df-9a5e-002622e51466}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2012.07.05 12:41:04 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Babylon
[2012.08.04 17:33:55 | 000,000,000 | ---D | C] -- C:\Users\****************\AppData\Roaming\hellomoto
[2012.07.11 08:34:20 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2012.07.11 08:34:26 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\Start Registry Reviver for A_BELL@****************(logon).job
[2012.07.11 08:34:20 | 000,000,000 | ---D | M] -- C:\Users\****************\AppData\Roaming\Reviversoft
[2012.08.04 18:04:38 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.04 18:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012.08.04 17:51:25 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.04 17:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011.07.26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
05.08.2012, 14:53
| #3 |
| | Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden Hallo lieber Helfer,
__________________perfekte Arbeit - hat auf Anhieb funktioniert. Familie ist Happy - Was sollen wir installieren für Prävention - oder gibt es noch nichts? gent P.S. Wir spenden gerne 50,-- Euro gespendet |
|
05.08.2012, 20:37
| #4 |
| /// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden Wir sind noch nicht fertig!  Bitte das erzeugte Log posten! Mit dem Rechner noch nicht surfen! 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
07.08.2012, 10:41
| #5 |
| | Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden # AdwCleaner v1.800 - Logfile created 08/07/2012 at 11:36:34 # Updated 01/08/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Alexander Bell - A_BELL # Running from : C:\Users\Alexander Bell\Downloads\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Alexander Bell\AppData\Local\APN Folder Found : C:\Users\Alexander Bell\AppData\Local\Conduit Folder Found : C:\Users\Alexander Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\AskToolbar Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\Conduit Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\NCH_EN Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\PriceGong Folder Found : C:\Users\Alexander Bell\AppData\LocalLow\softonic-de3 Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Babylon Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Media Finder Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\Conduit Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\ConduitCommon Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\ConduitEngine Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\CT2801948 Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\extensions\crossriderapp2258@crossrider.com Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\extensions\engine@conduit.com Folder Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\extensions\ffxtlbr@babylon.com Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder Folder Found : C:\Program Files (x86)\Ask.com Folder Found : C:\Program Files (x86)\BabylonToolbar Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\ConduitEngine Folder Found : C:\Program Files (x86)\I Want This Folder Found : C:\Program Files (x86)\NCH_EN Folder Found : C:\Program Files (x86)\softonic-de3 Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} File Found : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\searchplugins\Conduit.xml File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2801948 Key Found : HKCU\Software\APN Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\conduitEngine Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\I Want This Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\BabylonToolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\MediaFinder Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\APN Key Found : HKLM\SOFTWARE\AskToolbar Key Found : HKLM\SOFTWARE\Babylon Key Found : HKLM\SOFTWARE\BabylonToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL Key Found : HKLM\SOFTWARE\Classes\b Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook Key Found : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1 Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\MF Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\conduitEngine Key Found : HKLM\SOFTWARE\conduitEngine Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar Key Found : HKLM\SOFTWARE\NCH_EN Key Found : HKLM\SOFTWARE\softonic-de3 [x64] Key Found : HKCU\Software\APN [x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit [x64] Key Found : HKCU\Software\AppDataLow\Software\conduitEngine [x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes [x64] Key Found : HKCU\Software\AppDataLow\Software\I Want This [x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong [x64] Key Found : HKCU\Software\AppDataLow\Toolbar [x64] Key Found : HKCU\Software\BabylonToolbar [x64] Key Found : HKCU\Software\Conduit [x64] Key Found : HKCU\Software\Cr_Installer [x64] Key Found : HKCU\Software\MediaFinder [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} [x64] Key Found : HKCU\Software\Softonic [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\b [x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd [x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore [x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 [x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine [x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane [x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 [x64] Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 [x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc [x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 [x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd [x64] Key Found : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook [x64] Key Found : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1 [x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF [x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF [x64] Key Found : HKLM\SOFTWARE\Classes\MF [x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF [x64] Key Found : HKLM\SOFTWARE\Software ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Found : HKLM\SOFTWARE\Classes\CLSID\{125B7A09-B405-46FB-95FB-96CF6B72992D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BFC4DBF3-6B86-4ABB-8CCF-47BD70595BB2} Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758} Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2} Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90D07F0-4F90-49AA-BBD5-B5BECA04A4FF} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5BD68C4-1007-43EA-9B2A-684013BE9CA2} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9320C965-C965-4959-BB7B-8932C29AA607} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0792F87A-A7C9-4682-98AB-4BE731816CF9} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29E71584-08D7-4078-8C1D-E02D98557257} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{125B7A09-B405-46FB-95FB-96CF6B72992D} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BFC4DBF3-6B86-4ABB-8CCF-47BD70595BB2} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{125B7A09-B405-46FB-95FB-96CF6B72992D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFC4DBF3-6B86-4ABB-8CCF-47BD70595BB2} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{125B7A09-B405-46FB-95FB-96CF6B72992D} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFC4DBF3-6B86-4ABB-8CCF-47BD70595BB2} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Alexander Bell\AppData\Roaming\Mozilla\Firefox\Profiles\8dzoh320.default\prefs.js Found : user_pref("CT2431245..clientLogIsEnabled", false); Found : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2431245.CTID", "CT2431245"); Found : user_pref("CT2431245.CurrentServerDate", "8-3-2011"); Found : user_pref("CT2431245.DialogsAlignMode", "LTR"); Found : user_pref("CT2431245.DownloadReferralCookieData", ""); Found : user_pref("CT2431245.EMailNotifierPollDate", "Tue Mar 08 2011 09:01:50 GMT+0100"); Found : user_pref("CT2431245.FeedLastCount129009402595187825", 721); Found : user_pref("CT2431245.FeedPollDate7470634014180506963", "Tue Mar 08 2011 08:34:38 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634014269327586", "Tue Mar 08 2011 08:34:37 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634014329599698", "Tue Mar 08 2011 08:34:37 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634014537505092", "Tue Mar 08 2011 08:34:37 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634014970726540", "Tue Mar 08 2011 08:34:37 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634015410831318", "Tue Mar 08 2011 08:34:39 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634015483395460", "Tue Mar 08 2011 08:34:38 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634015636754705", "Tue Mar 08 2011 08:34:38 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634015768347545", "Tue Mar 08 2011 08:34:38 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634015855543602", "Tue Mar 08 2011 08:34:37 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634016030710453", "Tue Mar 08 2011 08:34:36 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634016114705611", "Tue Mar 08 2011 08:34:39 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634016129205152", "Tue Mar 08 2011 08:34:39 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634016143724791", "Tue Mar 08 2011 08:34:39 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634016271239162", "Tue Mar 08 2011 08:34:39 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634016568520719", "Tue Mar 08 2011 08:34:38 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634016726993788", "Tue Mar 08 2011 08:34:36 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634017109031809", "Tue Mar 08 2011 08:34:38 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634017132743740", "Tue Mar 08 2011 08:34:38 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634017299547668", "Tue Mar 08 2011 08:34:39 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634017302327846", "Tue Mar 08 2011 08:34:38 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634017344111490", "Tue Mar 08 2011 08:34:37 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634017478360748", "Tue Mar 08 2011 08:34:39 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634017732797593", "Tue Mar 08 2011 08:34:37 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634017821686064", "Tue Mar 08 2011 08:34:39 GMT+0100"); Found : user_pref("CT2431245.FeedPollDate7470634018090228721", "Tue Mar 08 2011 08:34:39 GMT+0100"); Found : user_pref("CT2431245.FeedTTL7470634014269327586", 5); Found : user_pref("CT2431245.FeedTTL7470634014537505092", 5); Found : user_pref("CT2431245.FeedTTL7470634014970726540", 2); Found : user_pref("CT2431245.FeedTTL7470634015636754705", 5); Found : user_pref("CT2431245.FeedTTL7470634016568520719", 30); Found : user_pref("CT2431245.FirstServerDate", "7-3-2011"); Found : user_pref("CT2431245.FirstTime", true); Found : user_pref("CT2431245.FirstTimeFF3", true); Found : user_pref("CT2431245.FixPageNotFoundErrors", true); Found : user_pref("CT2431245.GroupingServerCheckInterval", 1440); Found : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2431245.HasUserGlobalKeys", true); Found : user_pref("CT2431245.Initialize", true); Found : user_pref("CT2431245.InitializeCommonPrefs", true); Found : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2431245.InstallationId", "Unknown"); Found : user_pref("CT2431245.InstallationType", "ExternalIntegration"); Found : user_pref("CT2431245.InstalledDate", "Mon Mar 07 2011 16:21:15 GMT+0100"); Found : user_pref("CT2431245.InvalidateCache", false); Found : user_pref("CT2431245.IsGrouping", false); Found : user_pref("CT2431245.IsMulticommunity", false); Found : user_pref("CT2431245.IsOpenThankYouPage", false); Found : user_pref("CT2431245.IsOpenUninstallPage", true); Found : user_pref("CT2431245.LanguagePackLastCheckTime", "Mon Mar 07 2011 16:21:15 GMT+0100"); Found : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2431245.LastLogin_3.2.5.2", "Tue Mar 08 2011 08:34:36 GMT+0100"); Found : user_pref("CT2431245.LatestVersion", "3.2.5.2"); Found : user_pref("CT2431245.Locale", "de-de"); Found : user_pref("CT2431245.MCDetectTooltipHeight", "83"); Found : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2431245.MCDetectTooltipWidth", "295"); Found : user_pref("CT2431245.RadioIsPodcast", false); Found : user_pref("CT2431245.RadioLastCheckTime", "Mon Mar 07 2011 16:21:17 GMT+0100"); Found : user_pref("CT2431245.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000"); Found : user_pref("CT2431245.RadioMediaID", "20503672"); Found : user_pref("CT2431245.RadioMediaType", "Media Player"); Found : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672"); Found : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland"); Found : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u"); Found : user_pref("CT2431245.SavedHomepage", "hxxp://www.uschibell.at/"); Found : user_pref("CT2431245.SearchFromAddressBarIsInit", true); Found : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...] Found : user_pref("CT2431245.SearchInNewTabEnabled", true); Found : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Mon Mar 07 2011 16:21:15 GMT+0100"); Found : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2431245.ServiceMapLastCheckTime", "Mon Mar 07 2011 16:21:13 GMT+0100"); Found : user_pref("CT2431245.SettingsLastCheckTime", "Tue Mar 08 2011 08:34:35 GMT+0100"); Found : user_pref("CT2431245.SettingsLastUpdate", "1299543701"); Found : user_pref("CT2431245.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Mon Mar 07 2011 16:21:13 GMT+0100"); Found : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257"); Found : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID"); Found : user_pref("CT2431245.UserID", "UN17250414063437802"); Found : user_pref("CT2431245.WeatherNetwork", ""); Found : user_pref("CT2431245.WeatherPollDate", "Tue Mar 08 2011 08:34:38 GMT+0100"); Found : user_pref("CT2431245.WeatherUnit", "C"); Found : user_pref("CT2431245.alertChannelId", "825452"); Found : user_pref("CT2431245.backendstorage._fb_dailyactivity", "31323939353131323739333333"); Found : user_pref("CT2431245.backendstorage._fb_lifetimesent", "54525545"); Found : user_pref("CT2431245.backendstorage.facebook_ctid_connect_send", "73656E646564"); Found : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E"); Found : user_pref("CT2431245.backendstorage.li_dailyactivity", "31323939353639363738343630"); Found : user_pref("CT2431245.backendstorage.li_lifetimesent", "54525545"); Found : user_pref("CT2431245.components.1000034", false); Found : user_pref("CT2431245.components.1000234", false); Found : user_pref("CT2431245.components.129009402593156547", false); Found : user_pref("CT2431245.components.129009402595656583", false); Found : user_pref("CT2431245.components.3101995424177833784", false); Found : user_pref("CT2431245.components.5605168323123821535", false); Found : user_pref("CT2431245.myStuffEnabled", true); Found : user_pref("CT2431245.myStuffPublihserMinWidth", 400); Found : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2431245.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2431245.testingCtid", ""); Found : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Mon Mar 07 2011 16:21:14 GMT+0100"); Found : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Mon Mar 07 2011 16:21:15 GMT+0100"); Found : user_pref("CT2431245.usagesFlag", 2); Found : user_pref("CT2801948..clientLogIsEnabled", false); Found : user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2801948.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2801948.AppTrackingLastCheckTime", "Fri Jul 13 2012 08:11:13 GMT+0200"); Found : user_pref("CT2801948.BrowserCompStateIsOpen_129797777221477754", true); Found : user_pref("CT2801948.BrowserCompStateIsOpen_129797786124759251", true); Found : user_pref("CT2801948.BrowserCompStateIsOpen_129798077186217960", true); Found : user_pref("CT2801948.BrowserCompStateIsOpen_129799503686523541", true); Found : user_pref("CT2801948.BrowserCompStateIsOpen_129815072111847605", true); Found : user_pref("CT2801948.CTID", "CT2801948"); Found : user_pref("CT2801948.CurrentServerDate", "7-8-2012"); Found : user_pref("CT2801948.DSChangedManually", false); Found : user_pref("CT2801948.DSInstall", true); Found : user_pref("CT2801948.DSProtectChoice", true); Found : user_pref("CT2801948.DSProtectCount", 1); Found : user_pref("CT2801948.DialogsAlignMode", "LTR"); Found : user_pref("CT2801948.DialogsGetterLastCheckTime", "Mon Aug 06 2012 14:43:42 GMT+0200"); Found : user_pref("CT2801948.DownloadReferralCookieData", ""); Found : user_pref("CT2801948.EMailNotifierPollDate", "Tue Aug 07 2012 11:32:06 GMT+0200"); Found : user_pref("CT2801948.FirstServerDate", "24-12-2011"); Found : user_pref("CT2801948.FirstTime", true); Found : user_pref("CT2801948.FirstTimeFF3", true); Found : user_pref("CT2801948.FixPageNotFoundErrors", true); Found : user_pref("CT2801948.GroupingServerCheckInterval", 1440); Found : user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2801948.HPInstall", true); Found : user_pref("CT2801948.HPProtectChoice", true); Found : user_pref("CT2801948.HPProtectCount", 1); Found : user_pref("CT2801948.HasUserGlobalKeys", true); Found : user_pref("CT2801948.HomePageProtectorEnabled", false); Found : user_pref("CT2801948.HomepageBeforeUnload", "hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&[...] Found : user_pref("CT2801948.Initialize", true); Found : user_pref("CT2801948.InitializeCommonPrefs", true); Found : user_pref("CT2801948.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2801948.InstallationId", "ConduitNSISIntegration"); Found : user_pref("CT2801948.InstallationType", "ConduitXPEIntegration"); Found : user_pref("CT2801948.InstalledDate", "Sat Dec 24 2011 10:27:04 GMT+0100"); Found : user_pref("CT2801948.InvalidateCache", false); Found : user_pref("CT2801948.IsAlertDBUpdated", true); Found : user_pref("CT2801948.IsGrouping", false); Found : user_pref("CT2801948.IsInitSetupIni", true); Found : user_pref("CT2801948.IsMulticommunity", false); Found : user_pref("CT2801948.IsOpenThankYouPage", false); Found : user_pref("CT2801948.IsOpenUninstallPage", true); Found : user_pref("CT2801948.IsProtectorsInit", true); Found : user_pref("CT2801948.LanguagePackLastCheckTime", "Tue Aug 07 2012 09:14:05 GMT+0200"); Found : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2801948.LastLogin_3.10.0.1", "Wed Apr 18 2012 08:13:26 GMT+0200"); Found : user_pref("CT2801948.LastLogin_3.12.0.7", "Wed Apr 25 2012 12:40:05 GMT+0200"); Found : user_pref("CT2801948.LastLogin_3.12.2.3", "Wed May 30 2012 12:39:36 GMT+0200"); Found : user_pref("CT2801948.LastLogin_3.13.0.6", "Mon Jul 16 2012 13:26:22 GMT+0200"); Found : user_pref("CT2801948.LastLogin_3.14.1.0", "Tue Aug 07 2012 09:14:05 GMT+0200"); Found : user_pref("CT2801948.LastLogin_3.8.1.0", "Wed Jan 11 2012 12:32:49 GMT+0100"); Found : user_pref("CT2801948.LastLogin_3.9.0.3", "Wed Mar 07 2012 07:57:52 GMT+0100"); Found : user_pref("CT2801948.LatestVersion", "3.14.1.0"); Found : user_pref("CT2801948.Locale", "en-us"); Found : user_pref("CT2801948.MCDetectTooltipHeight", "83"); Found : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2801948.MCDetectTooltipWidth", "295"); Found : user_pref("CT2801948.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2801948.OriginalFirstVersion", "3.8.1.0"); Found : user_pref("CT2801948.RadioIsPodcast", false); Found : user_pref("CT2801948.RadioLastCheckTime", "Tue Aug 07 2012 09:14:04 GMT+0200"); Found : user_pref("CT2801948.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2801948.RadioLastUpdateServer", "129307496595170000"); Found : user_pref("CT2801948.RadioMediaID", "21435220"); Found : user_pref("CT2801948.RadioMediaType", "Media Player"); Found : user_pref("CT2801948.RadioMenuSelectedID", "EBRadioMenu_CT280194821435220"); Found : user_pref("CT2801948.RadioShrinkedFromSetup", false); Found : user_pref("CT2801948.RadioStationName", "Virgin%20Radio%20Classic%20Rock"); Found : user_pref("CT2801948.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...] Found : user_pref("CT2801948.SHRINK_TOOLBAR", 1); Found : user_pref("CT2801948.SavedHomepage", "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=6654c29f0000000[...] Found : user_pref("CT2801948.SearchCaption", "NCH EN Customized Web Search"); Found : user_pref("CT2801948.SearchEngineBeforeUnload", "NCH EN Customized Web Search"); Found : user_pref("CT2801948.SearchFromAddressBarIsInit", true); Found : user_pref("CT2801948.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...] Found : user_pref("CT2801948.SearchInNewTabEnabled", true); Found : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2801948.SearchInNewTabLastCheckTime", "Tue Aug 07 2012 09:14:04 GMT+0200"); Found : user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2801948.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Found : user_pref("CT2801948.SearchProtectorEnabled", true); Found : user_pref("CT2801948.SearchProtectorToolbarDisabled", false); Found : user_pref("CT2801948.SendProtectorDataViaLogin", true); Found : user_pref("CT2801948.ServiceMapLastCheckTime", "Tue Aug 07 2012 09:14:04 GMT+0200"); Found : user_pref("CT2801948.SettingsLastCheckTime", "Tue Aug 07 2012 11:26:22 GMT+0200"); Found : user_pref("CT2801948.SettingsLastUpdate", "1343176900"); Found : user_pref("CT2801948.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13"); Found : user_pref("CT2801948.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2801948.ThirdPartyComponentsLastCheck", "Wed Jul 25 2012 13:52:24 GMT+0200"); Found : user_pref("CT2801948.ThirdPartyComponentsLastUpdate", "1331805997"); Found : user_pref("CT2801948.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801948"); Found : user_pref("CT2801948.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2801948.UserID", "UN71313007027839873"); Found : user_pref("CT2801948.ValidationData_Search", 2); Found : user_pref("CT2801948.ValidationData_Toolbar", 2); Found : user_pref("CT2801948.WeatherNetwork", ""); Found : user_pref("CT2801948.WeatherPollDate", "Tue Aug 07 2012 11:26:27 GMT+0200"); Found : user_pref("CT2801948.WeatherUnit", "C"); Found : user_pref("CT2801948.alertChannelId", "1194029"); Found : user_pref("CT2801948.autoDisableScopes", -1); Found : user_pref("CT2801948.backendstorage.amazonnew_all", "323534383737312C323630333032312C3230323436312C3[...] Found : user_pref("CT2801948.backendstorage.cbcountry_000", "4154"); Found : user_pref("CT2801948.backendstorage.cbfirsttime", "5765642041707220323520323031322031323A34303A30382[...] Found : user_pref("CT2801948.backendstorage.dealplyhardid", "363034333136393335363538313633313730"); Found : user_pref("CT2801948.backendstorage.dealplyheartbitdate", "3131325F335F3237"); Found : user_pref("CT2801948.backendstorage.dealplywasshownctsettingswidget", "31"); Found : user_pref("CT2801948.backendstorage.hxxp://pinterest_aot_im.isenabled", "59"); Found : user_pref("CT2801948.backendstorage.shoppingapp.gk.exipres", "4D6F6E2041707220333020323031322031323A[...] Found : user_pref("CT2801948.backendstorage.shoppingapp.gk.geolocation", "61757374726961"); Found : user_pref("CT2801948.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365"); Found : user_pref("CT2801948.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365"); Found : user_pref("CT2801948.backendstorage.url_history0001", "68747470733A2F2F706F7274616C2E73706B2D74732E6[...] Found : user_pref("CT2801948.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2801948.globalFirstTimeInfoLastCheckTime", "Wed Aug 01 2012 07:56:47 GMT+0200"); Found : user_pref("CT2801948.homepageProtectorEnableByLogin", true); Found : user_pref("CT2801948.initDone", true); Found : user_pref("CT2801948.isAppTrackingManagerOn", true); Found : user_pref("CT2801948.isFirstRadioInstallation", false); Found : user_pref("CT2801948.myStuffEnabled", true); Found : user_pref("CT2801948.myStuffPublihserMinWidth", 400); Found : user_pref("CT2801948.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2801948.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2801948.oldAppsList", "129306881620344305,129306881621438061,111,129306881624250628,129[...] Found : user_pref("CT2801948.revertSettingsEnabled", true); Found : user_pref("CT2801948.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2801948.searchProtectorEnableByLogin", true); Found : user_pref("CT2801948.testingCtid", ""); Found : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Tue Aug 07 2012 09:14:05 GMT+0200"); Found : user_pref("CT2801948.toolbarContextMenuLastCheckTime", "Wed Jul 25 2012 11:00:57 GMT+0200"); Found : user_pref("CT2801948.usagesFlag", 2); Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801948&Search[...] Found : user_pref("CommunityToolbar.ConduitSearchList", "NCH EN Customized Web Search"); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194029/1189706/AT", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/AT", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...] Found : user_pref("CommunityToolbar.EngineOwner", "CT2431245"); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3"); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Alexander Bell\\AppData\\Roaming\\[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0"); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2431245,CT2801948"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245,CT2801948"); Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2801948"); Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Apr 27 2011 08:42:27 GMT+0200"); Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Apr 27 2011 08:42:27 GMT+0200"); Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "5a77ee70-d858-47e2-9250-af1cc0459a16"); Found : user_pref("CommunityToolbar.globalUserId", "4ced2ced-56ee-4e58-8b9b-42c59374f697"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801948"); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Jul 31 2012 15:15:4[...] Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Aug 07 2012 09:14:13 GMT+020[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Aug 07 2012 09:14:05 GMT+0200"); Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "8768956e-4c2e-438c-911f-1fb3e28b6b87"); Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=6654c[...] Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] Found : user_pref("ConduitEngine.FirstServerDate", "03/07/2011 18"); Found : user_pref("ConduitEngine.FirstTime", true); Found : user_pref("ConduitEngine.FirstTimeFF3", true); Found : user_pref("ConduitEngine.HasUserGlobalKeys", true); Found : user_pref("ConduitEngine.Initialize", true); Found : user_pref("ConduitEngine.InitializeCommonPrefs", true); Found : user_pref("ConduitEngine.InstalledDate", "Mon Mar 07 2011 16:21:14 GMT+0100"); Found : user_pref("ConduitEngine.IsMulticommunity", false); Found : user_pref("ConduitEngine.IsOpenThankYouPage", false); Found : user_pref("ConduitEngine.IsOpenUninstallPage", true); Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Mar 07 2011 16:21:14 GMT+0100"); Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Tue Mar 08 2011 08:34:37 GMT+0100"); Found : user_pref("ConduitEngine.PublisherContainerWidth", 0); Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Mar 08 2011 08:34:37 GMT+0100"); Found : user_pref("ConduitEngine.UserID", "UN51157367057178923"); Found : user_pref("ConduitEngine.engineLocale", "de"); Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Mar 07 2011 16:21:14 GMT+0100"); Found : user_pref("ConduitEngine.initDone", true); Found : user_pref("ConduitEngine.usagesFlag", 1); Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&tt=010712_1&babsrc=NT_ss&mn[...] Found : user_pref("browser.search.defaultengine", "Ask.com"); Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Found : user_pref("browser.search.defaultthis.engineName", "NCH EN Customized Web Search"); Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&Sea[...] Found : user_pref("browser.search.order.1", "Search the web (Babylon)"); Found : user_pref("browser.search.selectedEngine", "NCH EN Customized Web Search"); Found : user_pref("extensions.BabylonToolbar.bbDpng", 27); Found : user_pref("extensions.BabylonToolbar.cntry", "AT"); Found : user_pref("extensions.BabylonToolbar.firstRun", false); Found : user_pref("extensions.BabylonToolbar.hdrMd5", "0FE659510CB275944ED85D7A71EA40B1"); Found : user_pref("extensions.BabylonToolbar.lastActv", "27"); Found : user_pref("extensions.BabylonToolbar.lastDP", 27); Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=010712_1"); Found : user_pref("extensions.BabylonToolbar_i.hardId", "6654c29f000000000000000000000000"); Found : user_pref("extensions.BabylonToolbar_i.id", "6654c29f000000000000000000000000"); Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15526"); Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar_i.newTab", true); Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=01071[...] Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:41:15"); Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...] Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&q="); -\\ Google Chrome v21.0.1180.60 File : C:\Users\Alexander Bell\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "homepage": "hxxp://search.babylon.com/?affID=113480&tt=010712_1&babsrc=HP_ss&mntrId=6654c29f0[...] Found : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=113480&tt=010712_1&babsrc[...] Found : "icon_url": "hxxp://facemoods.com/favicon.ico", Found : "keyword": "babylontoolbar", Found : "name": "Search the web (Babylon)", Found : "search_url": "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6654c29f00000000[...] Found : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...] Found : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...] Found : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...] Found : "description": "The plug-in from the General-Crawler.com website which lets the users[...] Found : "homepage_url": "hxxp://www.general-crawler.com", Found : "name": "General Crawler", Found : "update_url": "hxxp://1.update.general-crawler.com/updates/update_chrome.xml", Found : "description": "Babylon tool translates texts from within your Google Chrome in a sin[...] Found : "128": "babylon48.png", Found : "48": "babylon48.png" Found : "name": "Babylon Translator", Found : "path": "BabylonChromePI.dll", Found : "homepage": "hxxp://search.babylon.com/?affID=113480&tt=010712_1&babsrc=HP_ss&mntrId=6654c29f0000[...] Found : "name": "Babylon Chrome Plugin", Found : "path": "C:\\Users\\Alexander Bell\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Ex[...] Found : "name": "Babylon Chrome Plugin" Found : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=113480&tt=010712_1&babsrc=HP[...] ************************* AdwCleaner[R1].txt - [53989 octets] - [07/08/2012 11:36:34] ########## EOF - C:\AdwCleaner[R1].txt - [54118 octets] ########## Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.08.07.02 Windows 7 x64 FAT32 Internet Explorer 9.0.8112.16421 Alexander Bell :: A_BELL [Administrator] Schutz: Aktiviert 07.08.2012 09:37:40 mbam-log-2012-08-07 (11-18-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 530086 Laufzeit: 1 Stunde(n), 39 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 35 HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINSTALL.EXE (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt. HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Daten: 215 Apps -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\Alexander Bell\AppData\Local\I Want This (Adware.GamePlayLab) -> Keine Aktion durchgeführt. C:\Users\Alexander Bell\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Keine Aktion durchgeführt. Infizierte Dateien: 16 C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. C:\Users\Alexander Bell\AppData\Local\Microsoft\Windows\1071\SyncCenter.exe (Trojan.Cridex) -> Keine Aktion durchgeführt. C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_artweaver-free.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_audio-converter.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_cdcovercreator.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_expressit.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_gimp(2).exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_nvu.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt. C:\Users\Alexander Bell\Downloads\SoftonicDownloader_fuer_yahoo-sitebuilder.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Alexander Bell\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Keine Aktion durchgeführt. C:\Program Files (x86)\I Want This\I Want This.dll (PUP.GamePlayLab) -> Keine Aktion durchgeführt. (Ende) |
|
07.08.2012, 13:17
| #6 |
| /// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden Sehr gut! 
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden |
|
08.08.2012, 16:05
| #7 |
| | Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden Emsisoft Anti-Malware - Version 6.6 quarantine log Datum Ursprung Vorgang Verhalten/Infektion 08.08.2012 10:46:29 C:\Program Files (x86)\Lugert Verlag\Forte 3000\Update.exe In Quarantäne gestellt Trojan.Win32.KillDisk.dw!E1 |
|
08.08.2012, 16:21
| #8 |
| /// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden Das ist nicht vollstaendig! Siehe Anleitung, wo du logfiles findest! |
|
10.08.2012, 13:34
| #9 |
| | Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden Emsisoft Anti-Malware - Version 6.6 Letztes Update: 08.08.2012 08:53:01 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\, Q:\ Archiv Scan: An ADS Scan: An Scan Beginn: 08.08.2012 08:54:04 C:\Program Files (x86)\Lugert Verlag\Forte 3000\Update.exe gefunden: Trojan.Win32.KillDisk.dw!E1 Gescannt 783007 Gefunden 1 Scan Ende: 08.08.2012 10:39:08 Scan Zeit: 1:45:04 C:\Program Files (x86)\Lugert Verlag\Forte 3000\Update.exe Quarantäne Trojan.Win32.KillDisk.dw!E1 Quarantäne 1 Emsisoft Anti-Malware - Version 6.6 Letztes Update: 08.08.2012 08:53:01 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\, Q:\ Archiv Scan: An ADS Scan: An Scan Beginn: 09.08.2012 10:27:12 Gescannt 783294 Gefunden 0 Scan Ende: 09.08.2012 12:06:05 Scan Zeit: 1:38:53 Wir hoffen daß das die Datein sind - wenn nicht bitten wir um kurze Info |
|
10.08.2012, 15:00
| #10 |
| /// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden Wo ist das adwLog? |
|
09.09.2012, 02:28
| #11 |
| /// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Der Computer ist für die Verletzung der Gesetze der Republik Österreich blockiert worden |
| 7-zip, abgesicherte, abgesicherten, anzeige, audacity, avira searchfree toolbar, babylon toolbar, babylontoolbar, bezahlen, bingbar, blockiert, blockierung, compu, computer, computers, dankbar, der computer ist für die verletzung, desktop, document, erstell, gesetze, gestartet, hoffe, index, install.exe, installier, installiert, logfiles, modus, plug-in, rechner, search the web, sende, senden, starte, tower, ukash betrug, ukash verschlüsselungs trojaner eingefangen, usb 2.0, verletzung, Österreich, österreich-version |
Linear-Darstellung
