Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.07.2012, 18:28   #1
bone
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



Hallo,

ich schlage mich nun schon den ganzen Tag mit dem Problem rum.
Auf Chip online habe ich eine Anleitung gefunden um den Trojaner zu entfernen.
Leider ohne Erfolg.

sobald ich ins Internet gehe kommt der Sperrbildschirm und nichts geht mehr.
Ich habe nun meinen alten Laptop aktiviert um mich hier zu melden!

Ich hoffe Ihr könnt mir weiterhelfen!

Maleware hat nichts gefunden, kann allerdings auch kein Update machen, AntiVir findet ab und zu etwas, bekomme es aber nicht zu fassen ????

TaskManager lässt sich nicht öffnen.

Viele grüße

Alt 31.07.2012, 18:43   #2
t'john
/// Helfer-Team
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)





Von einem sauberen PC OTL.exe runterladen auf USB Stick.
Infizierten Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen.

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 31.07.2012, 18:58   #3
bone
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



AntiVir hat eben
deo0_sar.exe TR/Cidex.EB.27
gefunden


Neuer Quickscan mit Maleware:
Hänge ich als Bild an
__________________
Miniaturansicht angehängter Grafiken
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)-maleware.jpg  

Alt 31.07.2012, 18:59   #4
bone
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



OTL läuft gerade....

Alt 31.07.2012, 19:07   #5
t'john
/// Helfer-Team
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



Das Log rauskopieren und hier einfuegen!

Bitte keine Zwischenposts! Erst mit Logfiles wieder melden.

__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 19:21   #6
bone
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



Sorry, hat sich überschnitten!!!
Hier das Log:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.07.2012 19:01:51 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 57,47% Memory free
6,08 Gb Paging File | 4,62 Gb Available in Paging File | 75,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 42,17 Gb Free Space | 29,28% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 138,03 Gb Free Space | 95,82% Space Free | Partition Type: NTFS
Drive F: | 1,93 Gb Total Space | 0,44 Gb Free Space | 22,60% Space Free | Partition Type: FAT
 
Computer Name: HEIKO_SABINE-PC | User Name: heiko&sabine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe ()
PRC - C:\Programme\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH)
PRC - C:\Programme\congstar\Internet-Manager\Bin\mcserver.exe (ZTE)
PRC - C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe ()
PRC - C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe ()
PRC - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Programme\Magentic\bin\MgApp.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
PRC - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Ipe30.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\libcef.dll ()
MOD - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\CefSharp.WinForms.dll ()
MOD - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\CefSharp.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe ()
MOD - C:\Programme\VTech\DownloadManager\System\QtWebKit4.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\itapi.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\audio.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\coder.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\libConfig.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\log.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\libctlsvr.dll ()
MOD - C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepprint.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\dbus-1.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\sqlite3.dll ()
MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll ()
MOD - C:\Programme\IncrediMail\Bin\PMC.dll ()
MOD - C:\Programme\VTech\DownloadManager\System\DACommCenter.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\libxml2.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\zlib1.dll ()
MOD - C:\Programme\VTech\DownloadManager\System\QtGui4.dll ()
MOD - C:\Programme\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()
MOD - C:\Programme\VTech\DownloadManager\System\QtCore4.dll ()
MOD - C:\Programme\VTech\DownloadManager\System\imageformats\qjpeg4.dll ()
MOD - C:\Programme\VTech\DownloadManager\System\phonon4.dll ()
MOD - C:\Programme\VTech\DownloadManager\System\QtXmlPatterns4.dll ()
MOD - C:\Programme\VTech\DownloadManager\System\QtNetwork4.dll ()
MOD - C:\Programme\VTech\DownloadManager\System\QtXml4.dll ()
MOD - C:\Programme\Magentic\bin\MgApp.exe ()
MOD - C:\Programme\Magentic\bin\NeoComm.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Programme\congstar\Internet-Manager\Bin\libexpat.dll ()
MOD - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\SSOle.dll ()
MOD - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe ()
MOD - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\IMFilter.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\ipeRc.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\WebCard.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\WSTheme.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\TextUI.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\PntTool.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\gserv.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\webpage.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\ipeBmp.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32sn.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\U32print.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\scanres.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\WebAbEng.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Download.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\mailtool.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\TextEng.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\ShadEng.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\FujiWare.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Tab.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\WSBsc.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\ShadUI.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\ipeConst.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\HtmlPar.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Edges.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\DX.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalRes.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Bar.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CommonUI.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\ufcnoise.upp ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\clrtoclr.upp ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCSTATU.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\UFCSCRCH.upp ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\UFCRTCH.UPP ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\UFCRMRDI.upp ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCPNTBS.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCPNTBP.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\UFCPNT.upp ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\upp\ufcclone.upp ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uwUpdate.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32cvt.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32Misc.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32FeUI.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\type_eff.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uLzwLib.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uGifLib.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32sel.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32Plug.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32Fe.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\maskop.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\maxmin.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Aefilter.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\U32txtur.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Upbgen.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uJpgLib.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uINet.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UPjpeg.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\clrtoclr.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\autoenh.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\U32path.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCPNMGR.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32Tx.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Upecrvg.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\dbMaster.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Slider.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\BuffFile.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\u32txEx.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\PEBase.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\ucimg.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCCOLOR.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCDLGBR.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCCNBTN.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCCOMM.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\UFCBUF.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uiplA6.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\uipl.dll ()
MOD - C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\Cpuinf32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (HRService) -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (StarOpen) --  File not found
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (DKbFltr) -- system32\DRIVERS\DKbFltr.sys File not found
DRV - (AVFSFilter) -- system32\DRIVERS\avfsfilter.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (HSPADataCardusbser) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys (HSPADataCard Incorporated)
DRV - (HSPADataCardusbnmea) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys (HSPADataCard Incorporated)
DRV - (HSPADataCardusbmdm) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys (HSPADataCard Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=703&systemid=2&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{06D8B124-B325-4D1B-A2F0-2CB8ABD742CF}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=703&systemid=2&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{EB2E41E9-63B2-4265-9922-AC05118E0993}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_de___DE343
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.net"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: sammelfreund@webmiles.de:1.12
FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.5.76
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:2.7.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.Webfetti.com/Plugin: C:\Program Files\WebfettiEI\Installr\1.bin\NP7dEISB.dll (Webfetti)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internet-Manager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 10:16:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.12 07:20:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 10:16:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.12 07:20:11 | 000,000,000 | ---D | M]
 
[2012.07.31 01:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Extensions
[2012.07.31 07:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions
[2010.09.18 09:32:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.16 17:49:26 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
[2012.07.16 17:49:27 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012.07.16 17:49:29 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012.07.16 17:49:31 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2012.07.16 17:49:33 | 000,000,000 | ---D | M] (WinZipBar_DE Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac}
[2010.09.27 17:07:04 | 000,000,000 | ---D | M] (webmiles-Sammelfreund) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\sammelfreund@webmiles.de
[2012.04.24 22:19:04 | 000,000,927 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\conduit.xml
[2012.03.07 08:07:21 | 000,002,185 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\MyStart Search.xml
[2012.07.18 11:51:06 | 000,002,515 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\Search_Results.xml
[2012.05.07 18:17:04 | 000,002,060 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\softonic.xml
[2012.07.31 01:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.11.09 22:57:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.07.22 23:18:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.04.01 14:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNET-MANAGER\BIN\ADDON
[2012.07.22 23:18:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.20 14:01:16 | 000,021,707 | ---- | M] () (No name found) -- C:\USERS\HEIKO&SABINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M3RDQ38Z.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI
[2012.04.20 14:01:17 | 000,007,972 | ---- | M] () (No name found) -- C:\USERS\HEIKO&SABINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M3RDQ38Z.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI
[2012.03.16 07:19:11 | 000,128,837 | ---- | M] () (No name found) -- C:\USERS\HEIKO&SABINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M3RDQ38Z.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI
[2012.07.30 10:16:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.02 15:41:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.30 08:37:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.18 13:21:57 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.09.30 08:37:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.30 08:37:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 08:37:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.18 11:51:06 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011.09.30 08:37:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 08:37:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: Search
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: Search
CHR - Extension: No name found = C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.11.29 19:48:35 | 000,000,108 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
O2 - BHO: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (WinZipBar_DE Toolbar) - {F3F5241A-C2C5-42D2-B6A1-2709209BBBAC} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AgentMonitor] C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DMS-Kalenderchen] C:\Program Files\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Maple_S2P] C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe ()
O4 - HKLM..\Run: [NSCSysTrayUI] C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe (Samsung)
O4 - HKLM..\Run: [PC Prima] C:\Program Files\Ascentive\PC Prima\PCPrima.exe (Ascentive LLC)
O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [Facebook Update] C:\Users\heiko&sabine\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [Magentic] C:\Programme\Magentic\bin\Magentic.exe ()
O4 - Startup: C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook)
O8 - Extra context menu item: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E769CE1-F2DD-45BB-B680-DCFB35D04A6F}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FA3E9E7-D3B3-425D-9E89-42C9D6983572}: NameServer = 10.0.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\heiko&sabine\Pictures\2011-10-01\028.JPG
O24 - Desktop BackupWallPaper: C:\Users\heiko&sabine\Pictures\2011-10-01\028.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{b92361df-51b8-11df-95a9-00238b7c2246}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{cc486072-edff-11de-8bbe-00238b7c2246}\Shell\1\Command - "" = F:\.\recycled\info.exe -- [2010.04.05 17:51:42 | 000,189,692 | RHS- | M] ()
O33 - MountPoints2\{cc486072-edff-11de-8bbe-00238b7c2246}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.27 08:10:19 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.07.25 19:19:11 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\Documents\Steuerfälle
[2012.07.25 19:19:11 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Local\AAV
[2012.07.25 19:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
[2012.07.25 19:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Akademische Arbeitsgemeinschaft
[2012.07.25 19:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV
[2012.07.25 18:43:07 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\Buhl Data Service
[2012.07.25 18:43:05 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Local\Buhl Data Service
[2012.07.25 18:24:41 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Local\Buhl
[2012.07.25 18:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\WISO
[2012.07.25 18:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2012.07.25 17:43:40 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mfc42loc.dll
[2012.07.25 17:42:41 | 000,074,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrclr40.dll
[2012.07.25 17:42:40 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrecr40.dll
[2012.07.18 11:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.07.18 11:50:55 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\Documents\My Received Files
[2012.07.18 11:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2012.07.17 01:02:40 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.17 00:47:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.17 00:47:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.17 00:47:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.17 00:47:05 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.17 00:47:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.17 00:47:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.17 00:47:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.16 18:03:06 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.07.16 18:03:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.07.16 18:03:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.07.16 18:03:05 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.07.16 18:03:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.07.16 18:02:55 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.07.16 18:02:54 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.07.16 18:02:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.12 16:51:12 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\xjpiw2w3pzhefpil3c2dttvazyqimrja
[2012.07.12 16:08:24 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\xfuukkl3bampywutpilpk3lvgaloknuu
[2012.07.12 15:02:06 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\Documents\InterVideo
[2012.07.12 13:13:10 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\InterVideo
[2012.07.03 10:40:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2009.11.09 22:56:54 | 008,155,424 | ---- | C] (Mozilla) -- C:\Users\heiko&sabine\yahoo_firefox_3.5.5_setup_de-pro1.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.31 19:00:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.31 18:56:24 | 000,280,528 | ---- | M] () -- C:\Users\heiko&sabine\Desktop\Maleware.JPG
[2012.07.31 18:54:59 | 000,000,668 | ---- | M] () -- C:\Windows\ULEAD32.INI
[2012.07.31 18:51:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.31 18:36:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.07.31 18:36:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 18:36:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 18:36:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.31 18:36:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 18:35:01 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.31 17:14:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.07.31 17:09:12 | 000,001,166 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000UA.job
[2012.07.31 15:28:55 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
[2012.07.31 11:37:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.31 11:37:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.31 11:37:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.31 11:37:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.31 11:29:40 | 210,292,736 | ---- | M] () -- C:\Users\heiko&sabine\Desktop\KWU_1.0.3.upd.iso
[2012.07.30 23:08:03 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000Core.job
[2012.07.27 11:52:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.27 11:52:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.27 08:10:19 | 000,001,114 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.07.25 22:03:53 | 000,046,080 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.25 19:11:42 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2010.lnk
[2012.07.25 18:52:34 | 000,000,553 | ---- | M] () -- C:\Windows\wiso.ini
[2012.07.23 00:05:52 | 000,588,882 | ---- | M] () -- C:\Users\heiko&sabine\Das Nachbarrecht in Baden-Wrttemberg.pdf
[2012.07.18 12:27:37 | 000,806,324 | ---- | M] () -- C:\Users\heiko&sabine\Kuehlbox_Sammelpass.pdf
[2012.07.18 11:50:39 | 000,000,041 | ---- | M] () -- C:\Windows\System32\Filzip.ini
[2012.07.17 07:58:28 | 000,379,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.08 20:16:39 | 249,228,028 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.31 18:56:20 | 000,280,528 | ---- | C] () -- C:\Users\heiko&sabine\Desktop\Maleware.JPG
[2012.07.31 12:30:15 | 210,292,736 | ---- | C] () -- C:\Users\heiko&sabine\Desktop\KWU_1.0.3.upd.iso
[2012.07.31 00:10:10 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.07.25 19:09:06 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2010.lnk
[2012.07.25 18:24:47 | 000,000,553 | ---- | C] () -- C:\Windows\wiso.ini
[2012.07.23 00:05:52 | 000,588,882 | ---- | C] () -- C:\Users\heiko&sabine\Das Nachbarrecht in Baden-Wrttemberg.pdf
[2012.07.18 12:27:37 | 000,806,324 | ---- | C] () -- C:\Users\heiko&sabine\Kuehlbox_Sammelpass.pdf
[2012.07.18 11:50:39 | 000,000,041 | ---- | C] () -- C:\Windows\System32\Filzip.ini
[2012.07.04 00:05:44 | 249,228,028 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.01 10:59:31 | 000,379,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.08 15:37:12 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2012.04.12 15:01:39 | 000,073,377 | ---- | C] () -- C:\Users\heiko&sabine\firstload email.JPG
[2012.03.18 10:51:39 | 000,000,680 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Local\d3d9caps.dat
[2012.01.06 22:17:44 | 003,522,695 | ---- | C] () -- C:\Users\heiko&sabine\Prüfung Heiko Häußler.pdf
[2012.01.06 19:20:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.12.24 19:19:48 | 000,000,581 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Local\cookies.ini
[2011.10.02 19:38:13 | 010,187,709 | ---- | C] () -- C:\Users\heiko&sabine\Bedienungsanleitung Kamera.pdf
[2011.08.01 17:21:38 | 000,852,264 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll
[2011.05.20 09:08:06 | 000,450,560 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2011.04.26 13:12:22 | 000,000,340 | ---- | C] () -- C:\Windows\wininit.ini
[2011.04.20 03:09:00 | 000,565,827 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009.11.25 09:52:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.11.16 23:39:34 | 000,075,857 | ---- | C] () -- C:\Users\heiko&sabine\einkaufszettel1.pdf
[2009.11.16 11:26:35 | 001,001,352 | ---- | C] () -- C:\Users\heiko&sabine\Kalenderchen4.exe
[2009.10.10 18:45:56 | 005,627,175 | ---- | C] () -- C:\Users\heiko&sabine\CscSetup.exe
[2009.10.09 19:06:53 | 033,727,544 | ---- | C] () -- C:\Users\heiko&sabine\Nokia_PC_Suite_7_1_30_9_ger_web.exe
[2009.10.04 18:24:50 | 000,001,787 | ---- | C] () -- C:\Users\heiko&sabine\Network Scan.lnk
[2009.10.03 21:30:54 | 034,119,048 | ---- | C] () -- C:\Users\heiko&sabine\avira_antivir_personal_de.exe
[2009.10.03 17:42:14 | 000,010,303 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Roaming\SmarThruOptions.xml
[2009.10.03 17:40:41 | 000,000,840 | ---- | C] () -- C:\Users\heiko&sabine\SmarThru 4.lnk
[2009.10.03 17:04:56 | 029,432,192 | ---- | C] () -- C:\Users\heiko&sabine\turbo lister.exe
[2009.10.03 16:16:20 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009.09.05 20:53:03 | 000,046,080 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.05 20:48:13 | 000,017,089 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Roaming\UserTile.png
[2009.09.04 12:58:12 | 000,000,370 | ---- | C] () -- C:\Users\heiko&sabine\Music.lnk
 
========== LOP Check ==========
 
[2012.04.30 12:14:55 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\AquaSoft
[2012.03.18 11:34:17 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Ascentive
[2012.04.30 11:52:24 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Barbecue
[2012.05.07 22:49:42 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\BitZipper
[2012.07.25 18:43:07 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Buhl Data Service
[2010.05.02 21:35:50 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.18 12:53:13 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Fighters
[2012.07.30 12:58:43 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\FileZilla
[2012.03.28 10:45:55 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Firstload
[2012.04.23 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Internet-Manager
[2012.07.12 13:13:10 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\InterVideo
[2011.07.07 10:00:43 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Latyov
[2009.10.09 19:23:04 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Nokia
[2011.07.04 13:16:35 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Nuha
[2011.02.05 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Opera
[2009.10.09 19:15:37 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PC Suite
[2012.01.06 19:20:27 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\pdfforge
[2009.09.05 20:48:13 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PeerNetworking
[2012.02.27 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PixelPlanet
[2009.11.29 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PPMate
[2009.11.29 19:47:43 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\ppStream
[2012.05.07 23:01:08 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PreisHai4
[2012.07.03 07:00:15 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\SchnapperPro
[2009.10.03 17:42:15 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\SmarThru4
[2012.06.27 13:56:40 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\TeamViewer
[2012.03.19 16:18:52 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\TuneUp Software
[2012.07.15 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\xfuukkl3bampywutpilpk3lvgaloknuu
[2012.07.15 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\xjpiw2w3pzhefpil3c2dttvazyqimrja
[2012.07.30 23:08:03 | 000,001,144 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000Core.job
[2012.07.31 17:09:12 | 000,001,166 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000UA.job
[2012.07.31 18:35:29 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8

< End of report >
         
--- --- ---
OTL EXTRAS Logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.07.2012 19:01:51 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 57,47% Memory free
6,08 Gb Paging File | 4,62 Gb Available in Paging File | 75,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 42,17 Gb Free Space | 29,28% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 138,03 Gb Free Space | 95,82% Space Free | Partition Type: NTFS
Drive F: | 1,93 Gb Total Space | 0,44 Gb Free Space | 22,60% Space Free | Partition Type: FAT
 
Computer Name: HEIKO_SABINE-PC | User Name: heiko&sabine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
"C:\Program Files\PPMate\ppmnet.exe" = C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E914B02-2EC8-4DFE-9E89-93F581EF56AD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3D3A0462-3504-4A27-88C5-2DE407BA08F0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{53394AF4-F7CD-4021-85A5-B82FE47E1D58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5B6878C5-61B6-4B8B-ABAF-5E147A655ED8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{67ED021A-7085-43A8-864F-E38BB0CC22B3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{69FF37C3-6B15-449F-8860-E278A09E7B73}" = lport=138 | protocol=17 | dir=in | app=system | 
"{83523B0F-B544-4FAE-8CF3-688C577F34E3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AD2985DD-B111-4032-8023-4E9BB1AE546B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AFABBF11-E885-47F1-A2EA-25EB7EF2D8AF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B6516948-EB0D-4820-B453-C11F10673D46}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B8C2BD9B-045D-44F0-9521-46837B5B0EA3}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09FF3F39-0A63-436D-B802-A2219C381965}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{0F1B3F47-7E4C-41FC-9B76-AFC697E782C2}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe | 
"{22995D61-57E7-4532-8B31-3EC8D3213217}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe | 
"{2882448B-CBB8-404B-BBD4-8FC6A2ECF6E8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2B763279-45F7-4B13-BEB9-EC527B2C0BC4}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{30D764A1-ADEE-486A-989C-61E6EB8E82AE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{3494590C-AEB0-431E-B011-41D6685221C2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{35C6BDEA-BC79-41F1-BF89-02EACF797B35}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3D204159-4B7A-4A26-B862-C19FDD12E986}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\incmail.exe | 
"{53B917C3-1AED-4193-994C-9A86B8FEF598}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{556D0EC6-07CE-4305-81F1-43B8613A9C76}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{779B4D74-C1AA-4487-8F61-90215B40A751}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{7AF69277-D029-46EC-AAB3-F2872BB5F025}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{91C1288C-E2B4-4F7A-B275-189A36A1D6DF}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{96F46C49-E045-423F-9513-D569F213FF30}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{A1F60CC5-8753-4712-9CB9-D2745422808F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AD4917C2-E9C1-4562-9159-18A5C9884C16}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{B074EFEA-F23F-4838-B65D-E9B29C287DC7}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{B4280EBE-0191-4F66-BAD2-AAA42369190C}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\imapp.exe | 
"{B51718DD-2053-4EA4-B6B9-475D4C6B8973}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\incmail.exe | 
"{BAC20EBB-AC35-4234-83E2-233827448276}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BEF0681C-4051-4410-98C4-4FEA8D3BF4B2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C957A97E-44E9-42C5-A625-C2EDAA47728A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D1A88FE5-2058-442B-B0D4-156C8BC9E426}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{D681135E-D5C2-41B0-8805-156688764EAF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E3EF2766-AB76-4C85-A315-13C7B4F6015B}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{EE7C4B96-ED83-451F-949C-E60C8F038608}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F3002249-9A63-4320-B378-EF259FA471FA}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\imapp.exe | 
"TCP Query User{0D4C1F37-B22F-456D-B372-9840CB6E0626}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{0FD3A2E2-1B4D-4565-9BBA-ECA7C4546FC7}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{65D78471-2F58-4705-9447-EEF5CB69C7BC}C:\program files\samsung\networkscan\nscsystrayui.exe" = protocol=6 | dir=in | app=c:\program files\samsung\networkscan\nscsystrayui.exe | 
"TCP Query User{7236734F-16CA-42A1-B22C-A67A888B13BF}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{7CAAA912-5324-4FD5-8E0F-C1F98EDC2C2D}C:\program files\samsung\networkscan\nscsystrayui.exe" = protocol=6 | dir=in | app=c:\program files\samsung\networkscan\nscsystrayui.exe | 
"TCP Query User{861E6987-2E7E-48A5-A6A5-998D18E77B29}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{B83643BA-2B38-4F1D-BF21-8529B52B85C8}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{E8453747-6419-4AB1-B9CF-0C547422D0EC}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{401BB8E6-51D4-4B99-8A08-CC813EC35F42}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{41086B30-27AB-48C0-A7EE-3D3165C8963F}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{75D06B1F-3A92-42E0-80ED-3B564C9D14A2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{81275567-FD26-411A-952E-8C409C9A0D56}C:\program files\samsung\networkscan\nscsystrayui.exe" = protocol=17 | dir=in | app=c:\program files\samsung\networkscan\nscsystrayui.exe | 
"UDP Query User{8B02150F-0A17-49D8-8848-FC72E9A105E9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{A4BFDBE3-0C6C-4423-BC0E-F323DCB0E7C8}C:\program files\samsung\networkscan\nscsystrayui.exe" = protocol=17 | dir=in | app=c:\program files\samsung\networkscan\nscsystrayui.exe | 
"UDP Query User{B34E3C4A-5119-480E-B15C-935107ADBE90}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D2C58CB8-AE65-4043-8225-48A4F5A84038}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A97B513-267C-4AF8-A986-C45235E64E72}_is1" = AquaSoft DesktopKalender "Leuchtturm"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{4381448B-AF21-4088-BE5E-FBD65F610BBC}" = Drucken Total Pro
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59C95D15-5F24-435E-898D-3806961FC79D}" = Steuer 2006
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}" = Facebook Messenger 2.1.4590.0
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98357EB8-C10E-414A-A6EC-F3392EA97D35}" = Network Scan
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1B80495-4ED3-4ED0-BD57-7F9E0A0EDF35}" = Haufe iDesk-Browser
"{A30B27FF-8C79-424A-89B4-43AD712A41ED}" = Steuer 2005
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B60BC366-98BF-448F-9981-617FE8BEB30B}" = AquaSoft Barbecue 3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6 (32bit)
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D23317D1-3FE6-4B17-9625-D3C4960FE633}" = ActiveSpeed
"{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor (32bit)
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{E1E4A21F-3A61-4998-97CE-B593E41393CA}" = AquaSoft DiaShow Deluxe 6
"{E706D4DA-8463-412A-BEF7-A63D1A72CED8}" = Haufe iDesk-Service
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"{FCC32487-14A5-403C-922A-71CA97DCCBC2}" = AquaSoft PhotoFlash 2
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AquaSoft Barbecue 3" = AquaSoft Barbecue 3
"AquaSoft DiaShow Deluxe 6" = AquaSoft DiaShow Deluxe 6
"AquaSoft PhotoFlash 2" = AquaSoft PhotoFlash 2
"AquaSoftware Eyedestructor 1.501" = AquaSoftware Eyedestructor 1.501
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitZipper_is1" = BitZipper 2010
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"etope Lister_is1" = 1.36
"ExpressRip" = Express Rip
"FileZilla Client" = FileZilla Client 3.5.0
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Finanzfuchs Haushaltsbuch 2005" = Finanzfuchs Haushaltsbuch 2005 2.08 
"Firstload" = Firstload
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IncrediMail" = IncrediMail 2.0
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Kalenderchen_is1" = Kalenderchen 4
"Magentic" = Magentic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC Prima" = PC Prima
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"Prism" = Prism Video Converter
"Samsung CLX-216x Series" = Samsung CLX-216x Series
"Siedler3Deinstall" = Siedler3
"Strickmuster 1" = Strickmuster 1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"VLC media player" = VLC media player 1.1.5
"VTechDownloadManager" = VTech Download Manager
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZipBar_DE Toolbar" = WinZipBar_DE Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.07.2012 11:44:42 | Computer Name = heiko_sabine-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16447 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: ad0  Anfangszeit: 01cd6f333574a199  Zeitpunkt
 der Beendigung: 0
 
Error - 31.07.2012 11:48:52 | Computer Name = heiko_sabine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\ACER\Preload\Autorun\DRV\Realtek
 Audio Codec ALC268\Vista64\vncutil.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.07.2012 11:48:53 | Computer Name = heiko_sabine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\ACER\Preload\Autorun\DRV\Realtek
 Audio Codec ALC268\Vista64\RAVCpl64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.07.2012 11:49:11 | Computer Name = heiko_sabine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\ACER\Preload\Autorun\DRV\Realtek
 Audio Codec ALC268\AP\x64_WinVista\RTKVAA64.EXE".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.07.2012 11:49:12 | Computer Name = heiko_sabine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\ACER\Preload\Autorun\DRV\Synaptics
 Touchpad\WinWDF\x64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.07.2012 12:35:04 | Computer Name = heiko_sabine-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\eBay\Turbo
 Lister2\Tl.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für
 die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen
 bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten sind:  Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
 
Error - 31.07.2012 12:37:29 | Computer Name = heiko_sabine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.07.2012 12:38:18 | Computer Name = heiko_sabine-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\eBay\Turbo
 Lister2\Tl.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für
 die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen
 bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten sind:  Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
 
Error - 31.07.2012 12:56:29 | Computer Name = heiko_sabine-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 31.07.2012 12:56:29 | Computer Name = heiko_sabine-PC | Source = Windows Search Service | ID = 3013
Description = 
 
[ System Events ]
Error - 31.07.2012 08:41:04 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 31.07.2012 10:49:48 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.07.2012 10:49:48 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 31.07.2012 11:05:27 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.07.2012 11:05:27 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 31.07.2012 11:44:06 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.07.2012 11:44:06 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 31.07.2012 12:35:06 | Computer Name = heiko_sabine-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 31.07.2012 12:37:30 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.07.2012 12:37:30 | Computer Name = heiko_sabine-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---
--- --- ---

Alt 31.07.2012, 19:26   #7
t'john
/// Helfer-Team
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found 
DRV - (StarOpen) -- File not found 
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (DKbFltr) -- system32\DRIVERS\DKbFltr.sys File not found 
DRV - (AVFSFilter) -- system32\DRIVERS\avfsfilter.sys File not found 
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) 
IE - HKLM\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW 
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=703&systemid=2&sr=0&q={searchTerms} 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found 
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) 
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) 
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} 
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{06D8B124-B325-4D1B-A2F0-2CB8ABD742CF}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} 
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW 
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=703&systemid=2&sr=0&q={searchTerms} 
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{EB2E41E9-63B2-4265-9922-AC05118E0993}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_de___DE343 
IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Search Results" 
FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar_DE Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "Search Results" 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.net" 
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: sammelfreund@webmiles.de:1.12 
FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.5.76 
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 
FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.0.19 
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:2.7.2.0 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q=" 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) 
O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found 
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) 
O2 - BHO: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found 
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) 
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) 
O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) 
O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.) 
O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (WinZipBar_DE Toolbar) - {F3F5241A-C2C5-42D2-B6A1-2709209BBBAC} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKLM..\Run: [eRecoveryService] File not found 
O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [Magentic] C:\Programme\Magentic\bin\Magentic.exe () 
O4 - Startup: C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook) 
O8 - Extra context menu item: An SchnapperPro senden - http://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found 
O9 - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{b92361df-51b8-11df-95a9-00238b7c2246}\Shell\AutoRun\command - "" = F:\Menu.exe 
O33 - MountPoints2\{cc486072-edff-11de-8bbe-00238b7c2246}\Shell\1\Command - "" = F:\.\recycled\info.exe -- [2010.04.05 17:51:42 | 000,189,692 | RHS- | M] () 
O33 - MountPoints2\{cc486072-edff-11de-8bbe-00238b7c2246}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe 

[2012.07.25 19:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV 
[2012.07.18 11:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess 
[2012.07.31 17:14:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad 

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8 
[2012.04.24 22:19:04 | 000,000,927 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\conduit.xml 
[2012.03.07 08:07:21 | 000,002,185 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\MyStart Search.xml 
[2012.07.18 11:51:06 | 000,002,515 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\Search_Results.xml 

[2012.07.31 19:00:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.31 18:51:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 

[2012.07.31 18:36:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 
[2012.07.31 18:36:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 
[2012.07.31 18:36:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 

[2012.07.31 17:09:12 | 000,001,166 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000UA.job 
[2012.07.30 23:08:03 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000Core.job 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 20:04   #8
bone
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



Error: Unable to interpret <OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.07.2012 19:46:59 - Run 2> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\heiko&sabine\Desktop> in the current context!
Error: Unable to interpret <Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 9.0.8112.16421)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <2,93 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 50,30% Memory free> in the current context!
Error: Unable to interpret <6,08 Gb Paging File | 4,45 Gb Available in Paging File | 73,21% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files> in the current context!
Error: Unable to interpret <Drive C: | 144,04 Gb Total Space | 42,17 Gb Free Space | 29,28% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 144,04 Gb Total Space | 138,03 Gb Free Space | 95,82% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive F: | 1,93 Gb Total Space | 0,44 Gb Free Space | 22,58% Space Free | Partition Type: FAT> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: HEIKO_SABINE-PC | User Name: heiko&sabine | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: All users> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <PRC - C:\Users\heiko&sabine\Desktop\OTL.exe (OldTimer Tools)> in the current context!
Error: Unable to interpret <PRC - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook)> in the current context!
Error: Unable to interpret <PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\congstar\Internet-Manager\Bin\mcserver.exe (ZTE)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Magentic\bin\MgApp.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <MOD - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\libcef.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\CefSharp.WinForms.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\CefSharp.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtWebKit4.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\itapi.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\audio.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\coder.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\libConfig.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\log.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\libctlsvr.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepprint.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\dbus-1.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\sqlite3.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\IncrediMail\Bin\PMC.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\DACommCenter.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\libxml2.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\zlib1.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtGui4.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtCore4.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\imageformats\qjpeg4.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\phonon4.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtXmlPatterns4.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtNetwork4.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\VTech\DownloadManager\System\QtXml4.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\Magentic\bin\MgApp.exe ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\Magentic\bin\NeoComm.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\congstar\Internet-Manager\Bin\libexpat.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\SSOle.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\IMFilter.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\Filzip\fzshext.dll ()> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)> in the current context!
Error: Unable to interpret <SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)> in the current context!
Error: Unable to interpret <SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)> in the current context!
Error: Unable to interpret <SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)> in the current context!
Error: Unable to interpret <SRV - (ETService) -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()> in the current context!
Error: Unable to interpret <SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)> in the current context!
Error: Unable to interpret <SRV - (HRService) -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe ()> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found> in the current context!
Error: Unable to interpret <DRV - (StarOpen) --  File not found> in the current context!
Error: Unable to interpret <DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found> in the current context!
Error: Unable to interpret <DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found> in the current context!
Error: Unable to interpret <DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found> in the current context!
Error: Unable to interpret <DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found> in the current context!
Error: Unable to interpret <DRV - (DKbFltr) -- system32\DRIVERS\DKbFltr.sys File not found> in the current context!
Error: Unable to interpret <DRV - (AVFSFilter) -- system32\DRIVERS\avfsfilter.sys File not found> in the current context!
Error: Unable to interpret <DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV - (HSPADataCardusbser) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys (HSPADataCard Incorporated)> in the current context!
Error: Unable to interpret <DRV - (HSPADataCardusbnmea) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys (HSPADataCard Incorporated)> in the current context!
Error: Unable to interpret <DRV - (HSPADataCardusbmdm) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys (HSPADataCard Incorporated)> in the current context!
Error: Unable to interpret <DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)> in the current context!
Error: Unable to interpret <DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)> in the current context!
Error: Unable to interpret <DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)> in the current context!
Error: Unable to interpret <DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()> in the current context!
Error: Unable to interpret <DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)> in the current context!
Error: Unable to interpret <DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)> in the current context!
Error: Unable to interpret <DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)> in the current context!
Error: Unable to interpret <DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)> in the current context!
Error: Unable to interpret <DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)> in the current context!
Error: Unable to interpret <DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=emg720> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=emg720> in the current context!
Error: Unable to interpret <IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <IE - HKLM\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=703&systemid=2&sr=0&q={searchTerms}> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=emg720> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{06D8B124-B325-4D1B-A2F0-2CB8ABD742CF}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=703&systemid=2&sr=0&q={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\SearchScopes\{EB2E41E9-63B2-4265-9922-AC05118E0993}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_de___DE343> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== FireFox ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultengine: "Ask.com"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "Search Results"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar_DE Customized Web Search"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=3&q={searchTerms}"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.1: "Search Results"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "Google"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.net"> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: sammelfreund@webmiles.de:1.12> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.5.76> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.0.19> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:2.7.2.0> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q="> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@ei.Webfetti.com/Plugin: C:\Program Files\WebfettiEI\Installr\1.bin\NP7dEISB.dll (Webfetti)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)> in the current context!
Error: Unable to interpret <FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internet-Manager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 10:16:42 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.12 07:20:11 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 10:16:42 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.12 07:20:11 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.07.31 01:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Extensions> in the current context!
Error: Unable to interpret <[2012.07.31 07:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions> in the current context!
Error: Unable to interpret <[2010.09.18 09:32:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}> in the current context!
Error: Unable to interpret <[2012.07.16 17:49:26 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}> in the current context!
Error: Unable to interpret <[2012.07.16 17:49:27 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}> in the current context!
Error: Unable to interpret <[2012.07.16 17:49:29 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}> in the current context!
Error: Unable to interpret <[2012.07.16 17:49:31 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}> in the current context!
Error: Unable to interpret <[2012.07.16 17:49:33 | 000,000,000 | ---D | M] (WinZipBar_DE Community Toolbar) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac}> in the current context!
Error: Unable to interpret <[2010.09.27 17:07:04 | 000,000,000 | ---D | M] (webmiles-Sammelfreund) -- C:\Users\heiko&sabine\AppData\Roaming\mozilla\Firefox\Profiles\m3rdq38z.default\extensions\sammelfreund@webmiles.de> in the current context!
Error: Unable to interpret <[2012.04.24 22:19:04 | 000,000,927 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\conduit.xml> in the current context!
Error: Unable to interpret <[2012.03.07 08:07:21 | 000,002,185 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\MyStart Search.xml> in the current context!
Error: Unable to interpret <[2012.07.18 11:51:06 | 000,002,515 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\Search_Results.xml> in the current context!
Error: Unable to interpret <[2012.05.07 18:17:04 | 000,002,060 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\softonic.xml> in the current context!
Error: Unable to interpret <[2012.07.31 01:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions> in the current context!
Error: Unable to interpret <[2009.11.09 22:57:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}> in the current context!
Error: Unable to interpret <[2012.07.22 23:18:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}> in the current context!
Error: Unable to interpret <[2010.04.01 14:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNET-MANAGER\BIN\ADDON> in the current context!
Error: Unable to interpret <[2012.07.22 23:18:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}> in the current context!
Error: Unable to interpret <[2012.04.20 14:01:16 | 000,021,707 | ---- | M] () (No name found) -- C:\USERS\HEIKO&SABINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M3RDQ38Z.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI> in the current context!
Error: Unable to interpret <[2012.04.20 14:01:17 | 000,007,972 | ---- | M] () (No name found) -- C:\USERS\HEIKO&SABINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M3RDQ38Z.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI> in the current context!
Error: Unable to interpret <[2012.03.16 07:19:11 | 000,128,837 | ---- | M] () (No name found) -- C:\USERS\HEIKO&SABINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M3RDQ38Z.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI> in the current context!
Error: Unable to interpret <[2012.07.30 10:16:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll> in the current context!
Error: Unable to interpret <[2012.02.02 15:41:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll> in the current context!
Error: Unable to interpret <[2011.09.30 08:37:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context!
Error: Unable to interpret <[2012.04.18 13:21:57 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml> in the current context!
Error: Unable to interpret <[2011.09.30 08:37:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml> in the current context!
Error: Unable to interpret <[2011.09.30 08:37:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml> in the current context!
Error: Unable to interpret <[2011.09.30 08:37:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context!
Error: Unable to interpret <[2012.07.18 11:51:06 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml> in the current context!
Error: Unable to interpret <[2011.09.30 08:37:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context!
Error: Unable to interpret <[2011.09.30 08:37:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Chrome  ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <CHR - homepage: hxxp://search.bearshare.net> in the current context!
Error: Unable to interpret <CHR - default_search_provider:  ()> in the current context!
Error: Unable to interpret <CHR - default_search_provider: search_url = > in the current context!
Error: Unable to interpret <CHR - default_search_provider: suggest_url = > in the current context!
Error: Unable to interpret <CHR - homepage: hxxp://search.bearshare.net> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\> in the current context!
Error: Unable to interpret <CHR - Extension: No name found = C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2009.11.29 19:48:35 | 000,000,108 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1       localhost> in the current context!
Error: Unable to interpret <O1 - Hosts: ::1             localhost> in the current context!
Error: Unable to interpret <O1 - Hosts: ::1             localhost> in the current context!
Error: Unable to interpret <O1 - Hosts: ::1             localhost> in the current context!
Error: Unable to interpret <O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret <O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O2 - BHO: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbInc1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000\..\Toolbar\WebBrowser: (WinZipBar_DE Toolbar) - {F3F5241A-C2C5-42D2-B6A1-2709209BBBAC} - C:\Programme\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [AgentMonitor] C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DMS-Kalenderchen] C:\Program Files\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [eRecoveryService]  File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Maple_S2P] C:\Programme\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NSCSysTrayUI] C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe (Samsung)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [PC Prima] C:\Program Files\Ascentive\PC Prima\PCPrima.exe (Ascentive LLC)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [Facebook Update] C:\Users\heiko&sabine\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-2279113290-1672693567-3509604224-1000..\Run: [Magentic] C:\Programme\Magentic\bin\Magentic.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\heiko&sabine\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook)> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found> in the current context!
Error: Unable to interpret <O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O9 - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E769CE1-F2DD-45BB-B680-DCFB35D04A6F}: DhcpNameServer = 10.0.0.1> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FA3E9E7-D3B3-425D-9E89-42C9D6983572}: NameServer = 10.0.0.1> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O24 - Desktop WallPaper: C:\Users\heiko&sabine\Pictures\2011-10-01\028.JPG> in the current context!
Error: Unable to interpret <O24 - Desktop BackupWallPaper: C:\Users\heiko&sabine\Pictures\2011-10-01\028.JPG> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]> in the current context!
Error: Unable to interpret <O32 - Unable to obtain root file information for disk F:\> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{b92361df-51b8-11df-95a9-00238b7c2246}\Shell\AutoRun\command - "" = F:\Menu.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{cc486072-edff-11de-8bbe-00238b7c2246}\Shell\1\Command - "" = F:\.\recycled\info.exe -- [2010.04.05 17:51:42 | 000,189,692 | RHS- | M] ()> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{cc486072-edff-11de-8bbe-00238b7c2246}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.07.31 19:46:43 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\heiko&sabine\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <[2012.07.27 08:10:19 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook> in the current context!
Error: Unable to interpret <[2012.07.25 19:19:11 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\Documents\Steuerfälle> in the current context!
Error: Unable to interpret <[2012.07.25 19:19:11 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Local\AAV> in the current context!
Error: Unable to interpret <[2012.07.25 19:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps> in the current context!
Error: Unable to interpret <[2012.07.25 19:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Akademische Arbeitsgemeinschaft> in the current context!
Error: Unable to interpret <[2012.07.25 19:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV> in the current context!
Error: Unable to interpret <[2012.07.25 18:43:07 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\Buhl Data Service> in the current context!
Error: Unable to interpret <[2012.07.25 18:43:05 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Local\Buhl Data Service> in the current context!
Error: Unable to interpret <[2012.07.25 18:24:41 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Local\Buhl> in the current context!
Error: Unable to interpret <[2012.07.25 18:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\WISO> in the current context!
Error: Unable to interpret <[2012.07.25 18:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH> in the current context!
Error: Unable to interpret <[2012.07.25 17:43:40 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mfc42loc.dll> in the current context!
Error: Unable to interpret <[2012.07.25 17:42:41 | 000,074,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrclr40.dll> in the current context!
Error: Unable to interpret <[2012.07.25 17:42:40 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrecr40.dll> in the current context!
Error: Unable to interpret <[2012.07.18 11:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess> in the current context!
Error: Unable to interpret <[2012.07.18 11:50:55 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\Documents\My Received Files> in the current context!
Error: Unable to interpret <[2012.07.18 11:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications> in the current context!
Error: Unable to interpret <[2012.07.17 01:02:40 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys> in the current context!
Error: Unable to interpret <[2012.07.17 00:47:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb> in the current context!
Error: Unable to interpret <[2012.07.17 00:47:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll> in the current context!
Error: Unable to interpret <[2012.07.17 00:47:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe> in the current context!
Error: Unable to interpret <[2012.07.17 00:47:05 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll> in the current context!
Error: Unable to interpret <[2012.07.17 00:47:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll> in the current context!
Error: Unable to interpret <[2012.07.17 00:47:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll> in the current context!
Error: Unable to interpret <[2012.07.17 00:47:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl> in the current context!
Error: Unable to interpret <[2012.07.16 18:03:06 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll> in the current context!
Error: Unable to interpret <[2012.07.16 18:03:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll> in the current context!
Error: Unable to interpret <[2012.07.16 18:03:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll> in the current context!
Error: Unable to interpret <[2012.07.16 18:03:05 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll> in the current context!
Error: Unable to interpret <[2012.07.16 18:03:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll> in the current context!
Error: Unable to interpret <[2012.07.16 18:02:55 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe> in the current context!
Error: Unable to interpret <[2012.07.16 18:02:54 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe> in the current context!
Error: Unable to interpret <[2012.07.16 18:02:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll> in the current context!
Error: Unable to interpret <[2012.07.12 16:51:12 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\xjpiw2w3pzhefpil3c2dttvazyqimrja> in the current context!
Error: Unable to interpret <[2012.07.12 16:08:24 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\xfuukkl3bampywutpilpk3lvgaloknuu> in the current context!
Error: Unable to interpret <[2012.07.12 15:02:06 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\Documents\InterVideo> in the current context!
Error: Unable to interpret <[2012.07.12 13:13:10 | 000,000,000 | ---D | C] -- C:\Users\heiko&sabine\AppData\Roaming\InterVideo> in the current context!
Error: Unable to interpret <[2012.07.03 10:40:05 | 000,000,000 | ---D | C] -- C:\Windows\pss> in the current context!
Error: Unable to interpret <[2009.11.09 22:56:54 | 008,155,424 | ---- | C] (Mozilla) -- C:\Users\heiko&sabine\yahoo_firefox_3.5.5_setup_de-pro1.exe> in the current context!
Error: Unable to interpret <[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.07.31 19:51:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job> in the current context!
Error: Unable to interpret <[2012.07.31 19:46:30 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini> in the current context!
Error: Unable to interpret <[2012.07.31 19:00:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job> in the current context!
Error: Unable to interpret <[2012.07.31 18:54:59 | 000,000,668 | ---- | M] () -- C:\Windows\ULEAD32.INI> in the current context!
Error: Unable to interpret <[2012.07.31 18:45:36 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\heiko&sabine\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <[2012.07.31 18:36:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml> in the current context!
Error: Unable to interpret <[2012.07.31 18:36:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2012.07.31 18:36:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2012.07.31 18:36:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job> in the current context!
Error: Unable to interpret <[2012.07.31 18:36:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context!
Error: Unable to interpret <[2012.07.31 18:35:01 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk> in the current context!
Error: Unable to interpret <[2012.07.31 17:14:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad> in the current context!
Error: Unable to interpret <[2012.07.31 17:09:12 | 000,001,166 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000UA.job> in the current context!
Error: Unable to interpret <[2012.07.31 11:37:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat> in the current context!
Error: Unable to interpret <[2012.07.31 11:37:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat> in the current context!
Error: Unable to interpret <[2012.07.31 11:37:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat> in the current context!
Error: Unable to interpret <[2012.07.31 11:37:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat> in the current context!
Error: Unable to interpret <[2012.07.31 11:29:40 | 210,292,736 | ---- | M] () -- C:\Users\heiko&sabine\Desktop\KWU_1.0.3.upd.iso> in the current context!
Error: Unable to interpret <[2012.07.30 23:08:03 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000Core.job> in the current context!
Error: Unable to interpret <[2012.07.27 11:52:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe> in the current context!
Error: Unable to interpret <[2012.07.27 11:52:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl> in the current context!
Error: Unable to interpret <[2012.07.27 08:10:19 | 000,001,114 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk> in the current context!
Error: Unable to interpret <[2012.07.25 22:03:53 | 000,046,080 | ---- | M] () -- C:\Users\heiko&sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2012.07.25 19:11:42 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2010.lnk> in the current context!
Error: Unable to interpret <[2012.07.25 18:52:34 | 000,000,553 | ---- | M] () -- C:\Windows\wiso.ini> in the current context!
Error: Unable to interpret <[2012.07.23 00:05:52 | 000,588,882 | ---- | M] () -- C:\Users\heiko&sabine\Das Nachbarrecht in Baden-Wrttemberg.pdf> in the current context!
Error: Unable to interpret <[2012.07.18 12:27:37 | 000,806,324 | ---- | M] () -- C:\Users\heiko&sabine\Kuehlbox_Sammelpass.pdf> in the current context!
Error: Unable to interpret <[2012.07.18 11:50:39 | 000,000,041 | ---- | M] () -- C:\Windows\System32\Filzip.ini> in the current context!
Error: Unable to interpret <[2012.07.17 07:58:28 | 000,379,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT> in the current context!
Error: Unable to interpret <[2012.07.08 20:16:39 | 249,228,028 | ---- | M] () -- C:\Windows\MEMORY.DMP> in the current context!
Error: Unable to interpret <[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys> in the current context!
Error: Unable to interpret <[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.07.31 12:30:15 | 210,292,736 | ---- | C] () -- C:\Users\heiko&sabine\Desktop\KWU_1.0.3.upd.iso> in the current context!
Error: Unable to interpret <[2012.07.31 00:10:10 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad> in the current context!
Error: Unable to interpret <[2012.07.25 19:09:06 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2010.lnk> in the current context!
Error: Unable to interpret <[2012.07.25 18:24:47 | 000,000,553 | ---- | C] () -- C:\Windows\wiso.ini> in the current context!
Error: Unable to interpret <[2012.07.23 00:05:52 | 000,588,882 | ---- | C] () -- C:\Users\heiko&sabine\Das Nachbarrecht in Baden-Wrttemberg.pdf> in the current context!
Error: Unable to interpret <[2012.07.18 12:27:37 | 000,806,324 | ---- | C] () -- C:\Users\heiko&sabine\Kuehlbox_Sammelpass.pdf> in the current context!
Error: Unable to interpret <[2012.07.18 11:50:39 | 000,000,041 | ---- | C] () -- C:\Windows\System32\Filzip.ini> in the current context!
Error: Unable to interpret <[2012.07.04 00:05:44 | 249,228,028 | ---- | C] () -- C:\Windows\MEMORY.DMP> in the current context!
Error: Unable to interpret <[2012.07.01 10:59:31 | 000,379,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT> in the current context!
Error: Unable to interpret <[2012.05.08 15:37:12 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini> in the current context!
Error: Unable to interpret <[2012.04.12 15:01:39 | 000,073,377 | ---- | C] () -- C:\Users\heiko&sabine\firstload email.JPG> in the current context!
Error: Unable to interpret <[2012.03.18 10:51:39 | 000,000,680 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Local\d3d9caps.dat> in the current context!
Error: Unable to interpret <[2012.01.06 22:17:44 | 003,522,695 | ---- | C] () -- C:\Users\heiko&sabine\Prüfung Heiko Häußler.pdf> in the current context!
Error: Unable to interpret <[2012.01.06 19:20:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll> in the current context!
Error: Unable to interpret <[2011.12.24 19:19:48 | 000,000,581 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Local\cookies.ini> in the current context!
Error: Unable to interpret <[2011.10.02 19:38:13 | 010,187,709 | ---- | C] () -- C:\Users\heiko&sabine\Bedienungsanleitung Kamera.pdf> in the current context!
Error: Unable to interpret <[2011.08.01 17:21:38 | 000,852,264 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll> in the current context!
Error: Unable to interpret <[2011.05.20 09:08:06 | 000,450,560 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll> in the current context!
Error: Unable to interpret <[2011.04.26 13:12:22 | 000,000,340 | ---- | C] () -- C:\Windows\wininit.ini> in the current context!
Error: Unable to interpret <[2011.04.20 03:09:00 | 000,565,827 | ---- | C] () -- C:\Windows\System32\sqlite3.dll> in the current context!
Error: Unable to interpret <[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin> in the current context!
Error: Unable to interpret <[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin> in the current context!
Error: Unable to interpret <[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin> in the current context!
Error: Unable to interpret <[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll> in the current context!
Error: Unable to interpret <[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config> in the current context!
Error: Unable to interpret <[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll> in the current context!
Error: Unable to interpret <[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll> in the current context!
Error: Unable to interpret <[2009.11.25 09:52:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol> in the current context!
Error: Unable to interpret <[2009.11.16 23:39:34 | 000,075,857 | ---- | C] () -- C:\Users\heiko&sabine\einkaufszettel1.pdf> in the current context!
Error: Unable to interpret <[2009.11.16 11:26:35 | 001,001,352 | ---- | C] () -- C:\Users\heiko&sabine\Kalenderchen4.exe> in the current context!
Error: Unable to interpret <[2009.10.10 18:45:56 | 005,627,175 | ---- | C] () -- C:\Users\heiko&sabine\CscSetup.exe> in the current context!
Error: Unable to interpret <[2009.10.09 19:06:53 | 033,727,544 | ---- | C] () -- C:\Users\heiko&sabine\Nokia_PC_Suite_7_1_30_9_ger_web.exe> in the current context!
Error: Unable to interpret <[2009.10.04 18:24:50 | 000,001,787 | ---- | C] () -- C:\Users\heiko&sabine\Network Scan.lnk> in the current context!
Error: Unable to interpret <[2009.10.03 21:30:54 | 034,119,048 | ---- | C] () -- C:\Users\heiko&sabine\avira_antivir_personal_de.exe> in the current context!
Error: Unable to interpret <[2009.10.03 17:42:14 | 000,010,303 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Roaming\SmarThruOptions.xml> in the current context!
Error: Unable to interpret <[2009.10.03 17:40:41 | 000,000,840 | ---- | C] () -- C:\Users\heiko&sabine\SmarThru 4.lnk> in the current context!
Error: Unable to interpret <[2009.10.03 17:04:56 | 029,432,192 | ---- | C] () -- C:\Users\heiko&sabine\turbo lister.exe> in the current context!
Error: Unable to interpret <[2009.10.03 16:16:20 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini> in the current context!
Error: Unable to interpret <[2009.09.05 20:53:03 | 000,046,080 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2009.09.05 20:48:13 | 000,017,089 | ---- | C] () -- C:\Users\heiko&sabine\AppData\Roaming\UserTile.png> in the current context!
Error: Unable to interpret <[2009.09.04 12:58:12 | 000,000,370 | ---- | C] () -- C:\Users\heiko&sabine\Music.lnk> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.04.30 12:14:55 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\AquaSoft> in the current context!
Error: Unable to interpret <[2012.03.18 11:34:17 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Ascentive> in the current context!
Error: Unable to interpret <[2012.04.30 11:52:24 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Barbecue> in the current context!
Error: Unable to interpret <[2012.05.07 22:49:42 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\BitZipper> in the current context!
Error: Unable to interpret <[2012.07.25 18:43:07 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Buhl Data Service> in the current context!
Error: Unable to interpret <[2010.05.02 21:35:50 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1> in the current context!
Error: Unable to interpret <[2012.03.18 12:53:13 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Fighters> in the current context!
Error: Unable to interpret <[2012.07.30 12:58:43 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\FileZilla> in the current context!
Error: Unable to interpret <[2012.03.28 10:45:55 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Firstload> in the current context!
Error: Unable to interpret <[2012.04.23 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Internet-Manager> in the current context!
Error: Unable to interpret <[2012.07.12 13:13:10 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\InterVideo> in the current context!
Error: Unable to interpret <[2011.07.07 10:00:43 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Latyov> in the current context!
Error: Unable to interpret <[2009.10.09 19:23:04 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Nokia> in the current context!
Error: Unable to interpret <[2011.07.04 13:16:35 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Nuha> in the current context!
Error: Unable to interpret <[2011.02.05 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\Opera> in the current context!
Error: Unable to interpret <[2009.10.09 19:15:37 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PC Suite> in the current context!
Error: Unable to interpret <[2012.01.06 19:20:27 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\pdfforge> in the current context!
Error: Unable to interpret <[2009.09.05 20:48:13 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PeerNetworking> in the current context!
Error: Unable to interpret <[2012.02.27 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PixelPlanet> in the current context!
Error: Unable to interpret <[2009.11.29 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PPMate> in the current context!
Error: Unable to interpret <[2009.11.29 19:47:43 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\ppStream> in the current context!
Error: Unable to interpret <[2012.05.07 23:01:08 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\PreisHai4> in the current context!
Error: Unable to interpret <[2012.07.03 07:00:15 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\SchnapperPro> in the current context!
Error: Unable to interpret <[2009.10.03 17:42:15 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\SmarThru4> in the current context!
Error: Unable to interpret <[2012.06.27 13:56:40 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\TeamViewer> in the current context!
Error: Unable to interpret <[2012.03.19 16:18:52 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\TuneUp Software> in the current context!
Error: Unable to interpret <[2012.07.15 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\xfuukkl3bampywutpilpk3lvgaloknuu> in the current context!
Error: Unable to interpret <[2012.07.15 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\heiko&sabine\AppData\Roaming\xjpiw2w3pzhefpil3c2dttvazyqimrja> in the current context!
Error: Unable to interpret <[2012.07.30 23:08:03 | 000,001,144 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000Core.job> in the current context!
Error: Unable to interpret <[2012.07.31 17:09:12 | 000,001,166 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2279113290-1672693567-3509604224-1000UA.job> in the current context!
Error: Unable to interpret <[2012.07.31 18:35:29 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Purity Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Alternate Data Streams ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8> in the current context!
Error: Unable to interpret << End of report >
         
--- --- ---
> in the current context!

OTL by OldTimer - Version 3.2.55.0 log created on 07312012_200117

Alt 31.07.2012, 20:05   #9
t'john
/// Helfer-Team
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



Falsch!

Fix richtig kopieren!

Nochmal!
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 20:20   #10
bone
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



Abgestürzt :-(

Files\Folders moved on Reboot...
File\Folder F:\.\recycled\info.exe not found!
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

PendingFileRenameOperations files...
File F:\.\recycled\info.exe not found!
[2012.07.31 20:17:14 | 000,003,216 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5
[2012.07.31 20:17:13 | 000,003,216 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5

Registry entries deleted on Reboot...

Musste meinen Reg.schlüssel eingeben, und nun funktioniert es wieder!
Aber ist der PC nun sauber???

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.07.03.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
heiko&sabine :: HEIKO_SABINE-PC [Administrator]

Schutz: Aktiviert

31.07.2012 20:47:05
mbam-log-2012-07-31 (20-47-05).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 199041
Laufzeit: 8 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 31.07.2012, 23:46   #11
t'john
/// Helfer-Team
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



Sehr gut!



1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Aktualisiere die Datenbank!
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.08.2012, 23:52   #12
bone
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.08.02.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
heiko&sabine :: HEIKO_SABINE-PC [Administrator]

Schutz: Aktiviert

02.08.2012 20:56:24
mbam-log-2012-08-02 (20-56-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 380586
Laufzeit: 2 Stunde(n), 53 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)





# AdwCleaner v1.800 - Logfile created 08/02/2012 at 23:49:59
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : heiko&sabine - HEIKO_SABINE-PC
# Running from : C:\Users\heiko&sabine\Downloads\adwcleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\heiko&sabine\AppData\Local\APN
Folder Found : C:\Users\heiko&sabine\AppData\Local\AskToolbar
Folder Found : C:\Users\heiko&sabine\AppData\Local\Conduit
Folder Found : C:\Users\heiko&sabine\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\heiko&sabine\AppData\LocalLow\Conduit
Folder Found : C:\Users\heiko&sabine\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\heiko&sabine\AppData\LocalLow\IncrediMail_MediaBar_2
Folder Found : C:\Users\heiko&sabine\AppData\LocalLow\IncrediMail_MediaBar_2
Folder Found : C:\Users\heiko&sabine\AppData\LocalLow\WinZipBar_DE
Folder Found : C:\Users\heiko&sabine\AppData\Roaming\pdfforge
Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\Conduit
Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\ConduitCommon
Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2438727
Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2724386
Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2801937
Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2856415
Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT3192727
Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
Folder Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac}
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\IncrediMail_MediaBar_2
Folder Found : C:\Program Files\IncrediMail_MediaBar_2
Folder Found : C:\Program Files\WinZipBar_DE
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\softonic.xml
File Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\adapter@babylontc.com.xpi
File Found : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\ocr@babylon.com.xpi
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2724386[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3192727
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\IncrediMail_MediaBar_2
Key Found : HKLM\SOFTWARE\IncrediMail_MediaBar_2
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_2 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar_DE Toolbar
Key Found : HKLM\SOFTWARE\WinZipBar_DE

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E3A5BBD0-B829-4D68-AF58-F66E67F959C6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B02C310B-C22D-4A43-B68B-46DD7A501B87}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EDF5505-E849-4219-8771-A8BCD4AD0698}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1CD5CAC-70BB-4CE8-A9C6-E25B2C5EA9D2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6200AE96-C98B-42EB-ADB8-F1AD68AA4EDB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E3A5BBD0-B829-4D68-AF58-F66E67F959C6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\prefs.js

Found : user_pref("CT2438727..clientLogIsEnabled", false);
Found : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2438727.BrowserCompStateIsOpen_1000515", true);
Found : user_pref("CT2438727.CT2438727", "CT2438727");
Found : user_pref("CT2438727.CurrentServerDate", "2-8-2012");
Found : user_pref("CT2438727.DSInstall", false);
Found : user_pref("CT2438727.DialogsAlignMode", "LTR");
Found : user_pref("CT2438727.DialogsGetterLastCheckTime", "Thu Aug 02 2012 21:21:54 GMT+0200");
Found : user_pref("CT2438727.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Found : user_pref("CT2438727.FirstServerDate", "14-1-2012");
Found : user_pref("CT2438727.FirstTime", true);
Found : user_pref("CT2438727.FirstTimeFF3", true);
Found : user_pref("CT2438727.FixPageNotFoundErrors", true);
Found : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2438727.HPInstall", false);
Found : user_pref("CT2438727.HasUserGlobalKeys", true);
Found : user_pref("CT2438727.HomePageProtectorEnabled", false);
Found : user_pref("CT2438727.HomepageBeforeUnload", "hxxp://mystart.incredimail.com");
Found : user_pref("CT2438727.Initialize", true);
Found : user_pref("CT2438727.InitializeCommonPrefs", true);
Found : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2438727.InstallationType", "DirectDownload");
Found : user_pref("CT2438727.InstalledDate", "Sat Jan 14 2012 15:47:25 GMT+0100");
Found : user_pref("CT2438727.IsAlertDBUpdated", true);
Found : user_pref("CT2438727.IsGrouping", false);
Found : user_pref("CT2438727.IsInitSetupIni", true);
Found : user_pref("CT2438727.IsMulticommunity", false);
Found : user_pref("CT2438727.IsOpenThankYouPage", true);
Found : user_pref("CT2438727.IsOpenUninstallPage", true);
Found : user_pref("CT2438727.IsProtectorsInit", true);
Found : user_pref("CT2438727.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:07:53 GMT+0200");
Found : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2438727.LastLogin_3.12.0.7", "Wed Apr 25 2012 08:39:51 GMT+0200");
Found : user_pref("CT2438727.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:19 GMT+0200");
Found : user_pref("CT2438727.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:31:33 GMT+0200");
Found : user_pref("CT2438727.LastLogin_3.14.1.0", "Thu Aug 02 2012 22:07:08 GMT+0200");
Found : user_pref("CT2438727.LastLogin_3.9.0.3", "Sun Jan 15 2012 18:11:46 GMT+0100");
Found : user_pref("CT2438727.LatestVersion", "3.14.1.0");
Found : user_pref("CT2438727.Locale", "en");
Found : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Found : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Found : user_pref("CT2438727.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2438727.OriginalFirstVersion", "3.9.0.3");
Found : user_pref("CT2438727.SearchCaption", "Zynga Customized Web Search");
Found : user_pref("CT2438727.SearchEngineBeforeUnload", "Google");
Found : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Found : user_pref("CT2438727.SearchInNewTabEnabled", true);
Found : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:50 GMT+0200");
Found : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2438727.SearchProtectorEnabled", false);
Found : user_pref("CT2438727.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2438727.SendProtectorDataViaLogin", true);
Found : user_pref("CT2438727.ServiceMapLastCheckTime", "Thu Aug 02 2012 23:07:51 GMT+0200");
Found : user_pref("CT2438727.SettingsLastCheckTime", "Thu Aug 02 2012 21:04:18 GMT+0200");
Found : user_pref("CT2438727.SettingsLastUpdate", "1342352416");
Found : user_pref("CT2438727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2438727&SearchSource=13");
Found : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Jan 14 2012 15:47:23 GMT+0100");
Found : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2438727.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");
Found : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2438727.UserID", "UN69442096685130660");
Found : user_pref("CT2438727.ValidationData_Toolbar", 2);
Found : user_pref("CT2438727.alertChannelId", "832836");
Found : user_pref("CT2438727.backendstorage.currentgame", "63697479");
Found : user_pref("CT2438727.backendstorage.facebook_mode", "32");
Found : user_pref("CT2438727.backendstorage.facebook_user_locale", "6465");
Found : user_pref("CT2438727.components.1000515", true);
Found : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Sun Jan 15 2012 18:11:46 GMT+0100");
Found : user_pref("CT2438727.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2438727.initDone", true);
Found : user_pref("CT2438727.isAppTrackingManagerOn", true);
Found : user_pref("CT2438727.myStuffEnabled", true);
Found : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,111,129509324767711885,129[...]
Found : user_pref("CT2438727.revertSettingsEnabled", true);
Found : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2438727.searchProtectorEnableByLogin", true);
Found : user_pref("CT2438727.testingCtid", "");
Found : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:51 GMT+0200");
Found : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Sat Jan 14 2012 15:47:35 GMT+0100");
Found : user_pref("CT2438727.usagesFlag", 2);
Found : user_pref("CT2724386..clientLogIsEnabled", false);
Found : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2724386.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2724386.BrowserCompStateIsOpen_129626311033612748", true);
Found : user_pref("CT2724386.BrowserCompStateIsOpen_129723003199914047", true);
Found : user_pref("CT2724386.BrowserCompStateIsOpen_129847484448267081", true);
Found : user_pref("CT2724386.BrowserCompStateIsOpen_129851872283658385", true);
Found : user_pref("CT2724386.CTID", "ct2724407");
Found : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Fri Apr 27 2012 23:18:04 GMT+0200");
Found : user_pref("CT2724386.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Found : user_pref("CT2724386.CommunityChanged", true);
Found : user_pref("CT2724386.CurrentServerDate", "2-8-2012");
Found : user_pref("CT2724386.DialogsAlignMode", "LTR");
Found : user_pref("CT2724386.DialogsGetterLastCheckTime", "Thu Aug 02 2012 21:21:56 GMT+0200");
Found : user_pref("CT2724386.DownloadDomainsListLastCheckTime", "Fri Apr 27 2012 23:18:04 GMT+0200");
Found : user_pref("CT2724386.DownloadReferralCookieData", "");
Found : user_pref("CT2724386.FirstServerDate", "5-2-2011");
Found : user_pref("CT2724386.FirstTime", true);
Found : user_pref("CT2724386.FirstTimeFF3", true);
Found : user_pref("CT2724386.FixPageNotFoundErrors", true);
Found : user_pref("CT2724386.GroupingLastCheckTime", "Fri Apr 27 2012 22:55:19 GMT+0200");
Found : user_pref("CT2724386.GroupingLastErrorCode", "");
Found : user_pref("CT2724386.GroupingLastResponse", false);
Found : user_pref("CT2724386.GroupingLastServerUpdateTime", "129404259370830000");
Found : user_pref("CT2724386.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2724386.HasUserGlobalKeys", true);
Found : user_pref("CT2724386.Initialize", true);
Found : user_pref("CT2724386.InitializeCommonPrefs", true);
Found : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe");
Found : user_pref("CT2724386.InstallationType", "ConduitIntegration");
Found : user_pref("CT2724386.InstalledDate", "Sat Feb 05 2011 09:46:53 GMT+0100");
Found : user_pref("CT2724386.IsGrouping", false);
Found : user_pref("CT2724386.IsMulticommunity", false);
Found : user_pref("CT2724386.IsOpenThankYouPage", false);
Found : user_pref("CT2724386.IsOpenUninstallPage", true);
Found : user_pref("CT2724386.LanguagePackLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100");
Found : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2724386.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:21 GMT+0200");
Found : user_pref("CT2724386.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:31:38 GMT+0200");
Found : user_pref("CT2724386.LastLogin_3.14.1.0", "Thu Aug 02 2012 22:07:11 GMT+0200");
Found : user_pref("CT2724386.LastLogin_3.3.0.19", "Sat Feb 05 2011 13:46:53 GMT+0100");
Found : user_pref("CT2724386.LatestVersion", "3.14.1.0");
Found : user_pref("CT2724386.Locale", "en");
Found : user_pref("CT2724386.MCDetectTooltipHeight", "83");
Found : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2724386.MCDetectTooltipWidth", "295");
Found : user_pref("CT2724386.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2724386.RadioIsPodcast", false);
Found : user_pref("CT2724386.RadioMediaID", "21080119");
Found : user_pref("CT2724386.RadioMediaType", "Media Player");
Found : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080119");
Found : user_pref("CT2724386.RadioStationName", "Royal-Radio%20");
Found : user_pref("CT2724386.RadioStationURL", "");
Found : user_pref("CT2724386.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2724386.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Found : user_pref("CT2724386.SearchInNewTabEnabled", true);
Found : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100");
Found : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2724386.ServiceMapLastCheckTime", "Thu Aug 02 2012 12:24:17 GMT+0200");
Found : user_pref("CT2724386.SettingsLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100");
Found : user_pref("CT2724386.SettingsLastUpdate", "1295945137");
Found : user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Sat Feb 05 2011 09:46:53 GMT+0100");
Found : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2724386.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724386");
Found : user_pref("CT2724386.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2724386.UserID", "UN42851976944475634");
Found : user_pref("CT2724386.WeatherNetwork", "");
Found : user_pref("CT2724386.WeatherPollDate", "Sat Feb 05 2011 10:16:56 GMT+0100");
Found : user_pref("CT2724386.WeatherUnit", "C");
Found : user_pref("CT2724386.alertChannelId", "1116652");
Found : user_pref("CT2724386.ct2724407.DialogsAlignMode", "LTR");
Found : user_pref("CT2724386.ct2724407.GroupingInvalidateCache", false);
Found : user_pref("CT2724386.ct2724407.GroupingLastCheckTime", "Fri Apr 27 2012 22:55:19 GMT+0200");
Found : user_pref("CT2724386.ct2724407.GroupingLastErrorCode", "");
Found : user_pref("CT2724386.ct2724407.GroupingLastResponse", false);
Found : user_pref("CT2724386.ct2724407.GroupingLastServerUpdateTime", "129403703522470000");
Found : user_pref("CT2724386.ct2724407.InvalidateCache", false);
Found : user_pref("CT2724386.ct2724407.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:07:59 GMT+0200");
Found : user_pref("CT2724386.ct2724407.Locale", "de");
Found : user_pref("CT2724386.ct2724407.RadioLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100");
Found : user_pref("CT2724386.ct2724407.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2724386.ct2724407.RadioLastUpdateServer", "129249047784100000");
Found : user_pref("CT2724386.ct2724407.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Found : user_pref("CT2724386.ct2724407.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200");
Found : user_pref("CT2724386.ct2724407.SettingsLastCheckTime", "Thu Aug 02 2012 21:04:18 GMT+0200");
Found : user_pref("CT2724386.ct2724407.SettingsLastUpdate", "1340713641");
Found : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastCheck", "Sat Feb 05 2011 09:46:53 GMT+0100");
Found : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2724386.ct2724407.globalFirstTimeInfoLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100[...]
Found : user_pref("CT2724386.ct2724407.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:58 GMT+0200"[...]
Found : user_pref("CT2724386.ct2724407.toolbarContextMenuLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100"[...]
Found : user_pref("CT2724386.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2724386.globalFirstTimeInfoLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100");
Found : user_pref("CT2724386.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2724386.initDone", true);
Found : user_pref("CT2724386.isAppTrackingManagerOn", false);
Found : user_pref("CT2724386.myStuffEnabled", true);
Found : user_pref("CT2724386.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2724386.revertSettingsEnabled", false);
Found : user_pref("CT2724386.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2724386.searchProtectorEnableByLogin", true);
Found : user_pref("CT2724386.testingCtid", "");
Found : user_pref("CT2724386.toolbarAppMetaDataLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100");
Found : user_pref("CT2724386.toolbarContextMenuLastCheckTime", "Sat Feb 05 2011 09:46:56 GMT+0100");
Found : user_pref("CT2724386.usagesFlag", 2);
Found : user_pref("CT2801937..clientLogIsEnabled", false);
Found : user_pref("CT2801937..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2801937..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2801937.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2801937.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2801937.AppTrackingLastCheckTime", "Mon May 07 2012 22:14:07 GMT+0200");
Found : user_pref("CT2801937.BrowserCompStateIsOpen_129799487489787934", true);
Found : user_pref("CT2801937.BrowserCompStateIsOpen_129800116201456332", true);
Found : user_pref("CT2801937.CTID", "CT2801937");
Found : user_pref("CT2801937.CurrentServerDate", "2-8-2012");
Found : user_pref("CT2801937.DSInstall", true);
Found : user_pref("CT2801937.DialogsAlignMode", "LTR");
Found : user_pref("CT2801937.DialogsGetterLastCheckTime", "Wed Aug 01 2012 16:09:50 GMT+0200");
Found : user_pref("CT2801937.DownloadReferralCookieData", "");
Found : user_pref("CT2801937.EMailNotifierPollDate", "Tue May 15 2012 13:57:01 GMT+0200");
Found : user_pref("CT2801937.EnableClickToSearchBox", false);
Found : user_pref("CT2801937.EnableSearchHistory", false);
Found : user_pref("CT2801937.EnableSearchSuggest", false);
Found : user_pref("CT2801937.FirstServerDate", "7-5-2012");
Found : user_pref("CT2801937.FirstTime", true);
Found : user_pref("CT2801937.FirstTimeFF3", true);
Found : user_pref("CT2801937.FirstTimeHiddenVer", true);
Found : user_pref("CT2801937.FixPageNotFoundErrors", false);
Found : user_pref("CT2801937.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2801937.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2801937.HPChangedManually", true);
Found : user_pref("CT2801937.HPInstall", true);
Found : user_pref("CT2801937.HasUserGlobalKeys", true);
Found : user_pref("CT2801937.HomePageProtectorEnabled", false);
Found : user_pref("CT2801937.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=[...]
Found : user_pref("CT2801937.Initialize", true);
Found : user_pref("CT2801937.InitializeCommonPrefs", true);
Found : user_pref("CT2801937.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2801937.InstallationId", "ConduitInstaller.exe");
Found : user_pref("CT2801937.InstallationType", "ConduitNSISIntegration");
Found : user_pref("CT2801937.InstalledDate", "Mon May 07 2012 18:53:18 GMT+0200");
Found : user_pref("CT2801937.InvalidateCache", false);
Found : user_pref("CT2801937.IsAlertDBUpdated", true);
Found : user_pref("CT2801937.IsGrouping", false);
Found : user_pref("CT2801937.IsInitSetupIni", true);
Found : user_pref("CT2801937.IsMulticommunity", false);
Found : user_pref("CT2801937.IsOpenThankYouPage", false);
Found : user_pref("CT2801937.IsOpenUninstallPage", true);
Found : user_pref("CT2801937.IsProtectorsInit", true);
Found : user_pref("CT2801937.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200");
Found : user_pref("CT2801937.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2801937.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2801937.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:22 GMT+0200");
Found : user_pref("CT2801937.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:24:35 GMT+0200");
Found : user_pref("CT2801937.LastLogin_3.14.1.0", "Thu Aug 02 2012 22:07:10 GMT+0200");
Found : user_pref("CT2801937.LatestVersion", "3.14.1.0");
Found : user_pref("CT2801937.Locale", "de");
Found : user_pref("CT2801937.MCDetectTooltipHeight", "83");
Found : user_pref("CT2801937.MCDetectTooltipShow", false);
Found : user_pref("CT2801937.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2801937.MCDetectTooltipWidth", "295");
Found : user_pref("CT2801937.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2801937.OriginalFirstVersion", "3.12.2.3");
Found : user_pref("CT2801937.RadioIsPodcast", false);
Found : user_pref("CT2801937.RadioLastCheckTime", "Tue May 15 2012 13:57:01 GMT+0200");
Found : user_pref("CT2801937.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2801937.RadioLastUpdateServer", "129800256255330000");
Found : user_pref("CT2801937.RadioMediaID", "21560175");
Found : user_pref("CT2801937.RadioMediaType", "Media Player");
Found : user_pref("CT2801937.RadioMenuSelectedID", "EBRadioMenu_CT280193721560175");
Found : user_pref("CT2801937.RadioShrinkedFromSetup", false);
Found : user_pref("CT2801937.RadioStationName", "GermanyFM%20Info");
Found : user_pref("CT2801937.RadioStationURL", "hxxp://www.1000mikes.com/audio/1000mikes.m3u?channelId=6680"[...]
Found : user_pref("CT2801937.SavedHomepage", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc="[...]
Found : user_pref("CT2801937.SearchBackToDefaultEngine", false);
Found : user_pref("CT2801937.SearchCaption", "NCH DE Customized Web Search");
Found : user_pref("CT2801937.SearchEngineBeforeUnload", "WinZipBar_DE Customized Web Search");
Found : user_pref("CT2801937.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2801937.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...]
Found : user_pref("CT2801937.SearchInNewTabEnabled", true);
Found : user_pref("CT2801937.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2801937.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:52 GMT+0200");
Found : user_pref("CT2801937.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2801937.SearchInNewTabUserEnabled", false);
Found : user_pref("CT2801937.SearchProtectorEnabled", false);
Found : user_pref("CT2801937.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2801937.SendProtectorDataViaLogin", true);
Found : user_pref("CT2801937.ServiceMapLastCheckTime", "Thu Aug 02 2012 23:07:52 GMT+0200");
Found : user_pref("CT2801937.SettingsLastCheckTime", "Thu Aug 02 2012 21:04:19 GMT+0200");
Found : user_pref("CT2801937.SettingsLastUpdate", "1343176950");
Found : user_pref("CT2801937.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13");
Found : user_pref("CT2801937.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2801937.ThirdPartyComponentsLastCheck", "Mon May 07 2012 18:53:16 GMT+0200");
Found : user_pref("CT2801937.ThirdPartyComponentsLastUpdate", "1331806000");
Found : user_pref("CT2801937.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2801937.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801937");
Found : user_pref("CT2801937.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2801937.UserID", "UN88242712545417888");
Found : user_pref("CT2801937.WeatherNetwork", "");
Found : user_pref("CT2801937.WeatherPollDate", "Tue May 15 2012 13:57:03 GMT+0200");
Found : user_pref("CT2801937.WeatherUnit", "C");
Found : user_pref("CT2801937.alertChannelId", "1194019");
Found : user_pref("CT2801937.approveUntrustedApps", false);
Found : user_pref("CT2801937.autoDisableScopes", 0);
Found : user_pref("CT2801937.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Found : user_pref("CT2801937.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365");
Found : user_pref("CT2801937.backendstorage.xing_app_marketplace_app_lang", "656E");
Found : user_pref("CT2801937.backendstorage.xing_app_marketplace_gadget_height_normal", "353639");
Found : user_pref("CT2801937.backendstorage.xing_app_marketplace_gadget_height_short", "343135");
Found : user_pref("CT2801937.backendstorage.xing_app_marketplace_gadget_width", "333533");
Found : user_pref("CT2801937.components.1000034", false);
Found : user_pref("CT2801937.components.1000080", false);
Found : user_pref("CT2801937.components.1000082", false);
Found : user_pref("CT2801937.components.1000234", false);
Found : user_pref("CT2801937.components.129306877459819678", false);
Found : user_pref("CT2801937.components.129306877459975929", false);
Found : user_pref("CT2801937.components.129306877468568933", false);
Found : user_pref("CT2801937.components.129799474422717075", false);
Found : user_pref("CT2801937.components.129799482871194470", false);
Found : user_pref("CT2801937.components.129799483853381569", false);
Found : user_pref("CT2801937.components.129799487489787934", false);
Found : user_pref("CT2801937.components.129799494588344200", false);
Found : user_pref("CT2801937.components.129800116201456332", false);
Found : user_pref("CT2801937.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2801937.globalFirstTimeInfoLastCheckTime", "Mon May 07 2012 18:53:19 GMT+0200");
Found : user_pref("CT2801937.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2801937.initDone", true);
Found : user_pref("CT2801937.isAppTrackingManagerOn", true);
Found : user_pref("CT2801937.isFirstRadioInstallation", false);
Found : user_pref("CT2801937.isSearchProtectorNotifyChanges", false);
Found : user_pref("CT2801937.myStuffEnabled", true);
Found : user_pref("CT2801937.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2801937.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2801937.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2801937.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2801937.navigateToUrlOnSearch", false);
Found : user_pref("CT2801937.revertSettingsEnabled", true);
Found : user_pref("CT2801937.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2801937.searchProtectorEnableByLogin", true);
Found : user_pref("CT2801937.testingCtid", "");
Found : user_pref("CT2801937.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:53 GMT+0200");
Found : user_pref("CT2801937.toolbarContextMenuLastCheckTime", "Mon May 07 2012 18:53:21 GMT+0200");
Found : user_pref("CT2801937.usageEnabled", false);
Found : user_pref("CT2801937.usagesFlag", 2);
Found : user_pref("CT2856415..clientLogIsEnabled", false);
Found : user_pref("CT2856415..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2856415..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2856415.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2856415.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2856415.BrowserCompStateIsOpen_129502651137682069", true);
Found : user_pref("CT2856415.BrowserCompStateIsOpen_129560745131733767", true);
Found : user_pref("CT2856415.BrowserCompStateIsOpen_129683315081957463", true);
Found : user_pref("CT2856415.CT2856415", "CT2856415");
Found : user_pref("CT2856415.CurrentServerDate", "21-7-2012");
Found : user_pref("CT2856415.DialogsAlignMode", "LTR");
Found : user_pref("CT2856415.DialogsGetterLastCheckTime", "Fri Jul 20 2012 08:45:28 GMT+0200");
Found : user_pref("CT2856415.DownloadReferralCookieData", "");
Found : user_pref("CT2856415.FirstServerDate", "8-1-2011");
Found : user_pref("CT2856415.FirstTime", true);
Found : user_pref("CT2856415.FirstTimeFF3", true);
Found : user_pref("CT2856415.FixPageNotFoundErrors", false);
Found : user_pref("CT2856415.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2856415.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2856415.HasUserGlobalKeys", true);
Found : user_pref("CT2856415.Initialize", true);
Found : user_pref("CT2856415.InitializeCommonPrefs", true);
Found : user_pref("CT2856415.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2856415.InstallationType", "Unknown");
Found : user_pref("CT2856415.InstalledDate", "Sat Jan 08 2011 10:42:24 GMT+0100");
Found : user_pref("CT2856415.IsGrouping", false);
Found : user_pref("CT2856415.IsMulticommunity", false);
Found : user_pref("CT2856415.IsOpenThankYouPage", true);
Found : user_pref("CT2856415.IsOpenUninstallPage", true);
Found : user_pref("CT2856415.LanguagePackLastCheckTime", "Fri Jul 20 2012 08:45:25 GMT+0200");
Found : user_pref("CT2856415.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2856415.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2856415.LastLogin_3.12.0.7", "Wed Apr 25 2012 08:39:48 GMT+0200");
Found : user_pref("CT2856415.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:16 GMT+0200");
Found : user_pref("CT2856415.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:24:35 GMT+0200");
Found : user_pref("CT2856415.LastLogin_3.14.1.0", "Sat Jul 21 2012 00:45:29 GMT+0200");
Found : user_pref("CT2856415.LastLogin_3.3.0.19", "Sat Jan 08 2011 10:42:24 GMT+0100");
Found : user_pref("CT2856415.LatestVersion", "3.13.0.6");
Found : user_pref("CT2856415.Locale", "en");
Found : user_pref("CT2856415.MCDetectTooltipHeight", "83");
Found : user_pref("CT2856415.MCDetectTooltipShow", false);
Found : user_pref("CT2856415.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2856415.MCDetectTooltipWidth", "295");
Found : user_pref("CT2856415.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2856415.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2856415.SavedHomepage", "hxxp://mystart.incredimail.com/");
Found : user_pref("CT2856415.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2856415.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Found : user_pref("CT2856415.SearchInNewTabEnabled", true);
Found : user_pref("CT2856415.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2856415.SearchInNewTabLastCheckTime", "Fri Jul 20 2012 08:45:26 GMT+0200");
Found : user_pref("CT2856415.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2856415.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2856415.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT2856415.ServiceMapLastCheckTime", "Fri Jul 20 2012 08:45:25 GMT+0200");
Found : user_pref("CT2856415.SettingsLastCheckTime", "Fri Jul 20 2012 22:09:58 GMT+0200");
Found : user_pref("CT2856415.SettingsLastUpdate", "1341830141");
Found : user_pref("CT2856415.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2856415.ThirdPartyComponentsLastCheck", "Sat Jan 08 2011 10:42:22 GMT+0100");
Found : user_pref("CT2856415.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2856415.ToolbarDisabled", false);
Found : user_pref("CT2856415.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2856415");
Found : user_pref("CT2856415.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2856415.UserID", "UN90125898018839251");
Found : user_pref("CT2856415.ValidationData_Toolbar", 2);
Found : user_pref("CT2856415.alertChannelId", "1248439");
Found : user_pref("CT2856415.approveUntrustedApps", true);
Found : user_pref("CT2856415.backendstorage.cbfirsttime", "547565204A756E20313220323031322030383A35313A33372[...]
Found : user_pref("CT2856415.backendstorage.sf_just_installed", "46414C5345");
Found : user_pref("CT2856415.backendstorage.sf_status", "454E41424C4544");
Found : user_pref("CT2856415.backendstorage.sf_user_id", "6369645F31323632303132383531333833323830353238");
Found : user_pref("CT2856415.backendstorage.shoppingapp.gk.exipres", "546875204A756E20323820323031322031303A[...]
Found : user_pref("CT2856415.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Found : user_pref("CT2856415.components.1000080", false);
Found : user_pref("CT2856415.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2856415.globalFirstTimeInfoLastCheckTime", "Sat Jan 08 2011 10:42:24 GMT+0100");
Found : user_pref("CT2856415.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2856415.initDone", true);
Found : user_pref("CT2856415.isAppTrackingManagerOn", false);
Found : user_pref("CT2856415.myStuffEnabled", true);
Found : user_pref("CT2856415.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2856415.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2856415.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2856415.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2856415.revertSettingsEnabled", true);
Found : user_pref("CT2856415.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2856415.searchProtectorEnableByLogin", true);
Found : user_pref("CT2856415.testingCtid", "");
Found : user_pref("CT2856415.toolbarAppMetaDataLastCheckTime", "Fri Jul 20 2012 08:45:28 GMT+0200");
Found : user_pref("CT2856415.toolbarContextMenuLastCheckTime", "Sat Jan 08 2011 10:42:24 GMT+0100");
Found : user_pref("CT2856415.usagesFlag", 2);
Found : user_pref("CT3192727..clientLogIsEnabled", false);
Found : user_pref("CT3192727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3192727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3192727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3192727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3192727.CTID", "CT3192727");
Found : user_pref("CT3192727.CurrentServerDate", "2-8-2012");
Found : user_pref("CT3192727.DSInstall", true);
Found : user_pref("CT3192727.DialogsAlignMode", "LTR");
Found : user_pref("CT3192727.DialogsGetterLastCheckTime", "Wed Aug 01 2012 16:09:53 GMT+0200");
Found : user_pref("CT3192727.DownloadReferralCookieData", "");
Found : user_pref("CT3192727.EMailNotifierPollDate", "Tue May 15 2012 17:14:20 GMT+0200");
Found : user_pref("CT3192727.FirstServerDate", "15-5-2012");
Found : user_pref("CT3192727.FirstTime", true);
Found : user_pref("CT3192727.FirstTimeFF3", true);
Found : user_pref("CT3192727.FirstTimeHiddenVer", true);
Found : user_pref("CT3192727.FixPageNotFoundErrors", true);
Found : user_pref("CT3192727.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3192727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3192727.HPInstall", true);
Found : user_pref("CT3192727.HasUserGlobalKeys", true);
Found : user_pref("CT3192727.HomePageProtectorEnabled", true);
Found : user_pref("CT3192727.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=[...]
Found : user_pref("CT3192727.Initialize", true);
Found : user_pref("CT3192727.InitializeCommonPrefs", true);
Found : user_pref("CT3192727.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3192727.InstallationId", "ConduitNSISIntegration");
Found : user_pref("CT3192727.InstallationType", "ConduitNSISIntegration");
Found : user_pref("CT3192727.InstalledDate", "Tue May 15 2012 13:57:03 GMT+0200");
Found : user_pref("CT3192727.IsAlertDBUpdated", true);
Found : user_pref("CT3192727.IsGrouping", false);
Found : user_pref("CT3192727.IsInitSetupIni", true);
Found : user_pref("CT3192727.IsMulticommunity", false);
Found : user_pref("CT3192727.IsOpenThankYouPage", false);
Found : user_pref("CT3192727.IsOpenUninstallPage", false);
Found : user_pref("CT3192727.IsProtectorsInit", true);
Found : user_pref("CT3192727.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:08:01 GMT+0200");
Found : user_pref("CT3192727.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3192727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3192727.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:24 GMT+0200");
Found : user_pref("CT3192727.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:31:38 GMT+0200");
Found : user_pref("CT3192727.LastLogin_3.14.1.0", "Thu Aug 02 2012 22:07:08 GMT+0200");
Found : user_pref("CT3192727.LatestVersion", "3.14.1.0");
Found : user_pref("CT3192727.Locale", "de");
Found : user_pref("CT3192727.MCDetectTooltipHeight", "83");
Found : user_pref("CT3192727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3192727.MCDetectTooltipWidth", "295");
Found : user_pref("CT3192727.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3192727.OriginalFirstVersion", "3.12.2.3");
Found : user_pref("CT3192727.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13");
Found : user_pref("CT3192727.SearchCaption", "WinZipBar_DE Customized Web Search");
Found : user_pref("CT3192727.SearchEngineBeforeUnload", "WinZipBar_DE Customized Web Search");
Found : user_pref("CT3192727.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3192727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]
Found : user_pref("CT3192727.SearchInNewTabEnabled", true);
Found : user_pref("CT3192727.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3192727.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200");
Found : user_pref("CT3192727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3192727.SearchProtectorEnabled", true);
Found : user_pref("CT3192727.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3192727.SendProtectorDataViaLogin", true);
Found : user_pref("CT3192727.ServiceMapLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200");
Found : user_pref("CT3192727.SettingsLastCheckTime", "Thu Aug 02 2012 21:04:18 GMT+0200");
Found : user_pref("CT3192727.SettingsLastUpdate", "1342354864");
Found : user_pref("CT3192727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=13");
Found : user_pref("CT3192727.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3192727.ThirdPartyComponentsLastCheck", "Tue May 15 2012 13:57:02 GMT+0200");
Found : user_pref("CT3192727.ThirdPartyComponentsLastUpdate", "1331806000");
Found : user_pref("CT3192727.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3192727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3192727");
Found : user_pref("CT3192727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3192727.UserID", "UN10847091490668015");
Found : user_pref("CT3192727.alertChannelId", "1606848");
Found : user_pref("CT3192727.autoDisableScopes", 0);
Found : user_pref("CT3192727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3192727.globalFirstTimeInfoLastCheckTime", "Tue May 15 2012 13:57:06 GMT+0200");
Found : user_pref("CT3192727.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3192727.initDone", true);
Found : user_pref("CT3192727.isAppTrackingManagerOn", true);
Found : user_pref("CT3192727.myStuffEnabled", true);
Found : user_pref("CT3192727.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3192727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3192727.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3192727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3192727.navigateToUrlOnSearch", false);
Found : user_pref("CT3192727.revertSettingsEnabled", true);
Found : user_pref("CT3192727.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3192727.searchProtectorEnableByLogin", true);
Found : user_pref("CT3192727.testingCtid", "");
Found : user_pref("CT3192727.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:59 GMT+0200");
Found : user_pref("CT3192727.toolbarContextMenuLastCheckTime", "Tue May 15 2012 13:57:06 GMT+0200");
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801937&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "NCH DE Customized Web Search,WinZipBar_DE Customize[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801937/CT2801937[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2856415/CT2856415[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3192727/CT3192727[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2724407/CT2724386[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116652/1112356/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194019/1189696/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1248439/1244112/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801937", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2856415", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3192727", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724407", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801937",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2856415",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3192727",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2724386/CT2724386[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2856415/CT2856415[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2724407/CT2724386[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\heiko&sabine\\AppData\\Roaming\\Moz[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2856415");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/?loc=ff_a[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2856415,CT2724386,CT2438727,CT2801937,CT3192727");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2856415,CT2724386,CT2438727,CT2801937,CT3192727");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2438727,CT2801937,CT3192727");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 14 2011 09:10:48 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertEnabled", true);
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 14 2011 21:37:29 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 26 2011 19:49:33 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "c368d400-187b-469d-93b1-41b10686de52");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100");
Found : user_pref("CommunityToolbar.globalUserId", "595a5e57-69f6-4487-80d2-bf98f765e757");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3192727");
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 15 2012 13:57:0[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue May 15 2012 13:57:09 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 15 2012 13:57:01 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "dbb9b87c-b8b0-4af5-9cde-657df270fb67");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.incredimail.com");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Found : user_pref("CommunityToolbar.undefined", "");
Found : user_pref("extensions.Softonic.admin", false);
Found : user_pref("extensions.Softonic.aflt", "orgnl");
Found : user_pref("extensions.Softonic.autoRvrt", "false");
Found : user_pref("extensions.Softonic.dfltLng", "");
Found : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
Found : user_pref("extensions.Softonic.dspOld", "Google");
Found : user_pref("extensions.Softonic.excTlbr", false);
Found : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc[...]
Found : user_pref("extensions.Softonic.hpOld", "hxxp://mystart.incredimail.com?a=1ex6s2xHUou");
Found : user_pref("extensions.Softonic.id", "a08e748300000000000000242ba0c3ef");
Found : user_pref("extensions.Softonic.instlDay", "15467");
Found : user_pref("extensions.Softonic.instlRef", "MON00001");
Found : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=[...]
Found : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...]
Found : user_pref("extensions.Softonic.prdct", "Softonic");
Found : user_pref("extensions.Softonic.prtnrId", "softonic");
Found : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Found : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Found : user_pref("extensions.Softonic.tlbrId", "base");
Found : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]
Found : user_pref("extensions.Softonic.vrsn", "1.5.21.0");
Found : user_pref("extensions.Softonic.vrsni", "1.5.21.0");
Found : user_pref("extensions.Softonic_i.dfltSrch", true);
Found : user_pref("extensions.Softonic_i.dnsErr", true);
Found : user_pref("extensions.Softonic_i.hmpg", true);
Found : user_pref("extensions.Softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...]
Found : user_pref("extensions.Softonic_i.newTab", false);
Found : user_pref("extensions.Softonic_i.smplGrp", "none");
Found : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.018:18:49");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Found : user_pref("extensions.enabledAddons", "toolbar-ff@payback.de:1.1.9.99,adapter@babylontc.com:1.0.0.1,[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q=[...]

-\\ Google Chrome v21.0.1180.60

File : C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "name" : "Search Results",
Found : "search_url" : "hxxp://dts.search-results.com/sr?src=crb&appid=703&systemid=2&sr=0&q={search[...]

-\\ Opera v [Unable to get version]

File : C:\Users\heiko&sabine\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [59516 octets] - [31/07/2012 22:11:34]
AdwCleaner[R2].txt - [61802 octets] - [02/08/2012 23:49:59]

########## EOF - C:\AdwCleaner[R2].txt - [61931 octets] ##########

Alt 03.08.2012, 14:02   #13
t'john
/// Helfer-Team
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 03.08.2012, 17:46   #14
bone
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



# AdwCleaner v1.800 - Logfile created 08/03/2012 at 15:06:48
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : heiko&sabine - HEIKO_SABINE-PC
# Running from : C:\Users\heiko&sabine\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\heiko&sabine\AppData\Local\APN
Folder Deleted : C:\Users\heiko&sabine\AppData\Local\AskToolbar
Folder Deleted : C:\Users\heiko&sabine\AppData\Local\Conduit
Folder Deleted : C:\Users\heiko&sabine\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\heiko&sabine\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\heiko&sabine\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\heiko&sabine\AppData\LocalLow\IncrediMail_MediaBar_2
Folder Deleted : C:\Users\heiko&sabine\AppData\LocalLow\WinZipBar_DE
Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\Conduit
Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\ConduitCommon
Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2438727
Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2724386
Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2801937
Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT2856415
Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\CT3192727
Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
Folder Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac}
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\IncrediMail_MediaBar_2
Folder Deleted : C:\Program Files\WinZipBar_DE
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\searchplugins\softonic.xml
File Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\adapter@babylontc.com.xpi
File Deleted : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\extensions\ocr@babylon.com.xpi
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3192727
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\IncrediMail_MediaBar_2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar_DE Toolbar
Key Deleted : HKLM\SOFTWARE\WinZipBar_DE

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E3A5BBD0-B829-4D68-AF58-F66E67F959C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B02C310B-C22D-4A43-B68B-46DD7A501B87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EDF5505-E849-4219-8771-A8BCD4AD0698}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1CD5CAC-70BB-4CE8-A9C6-E25B2C5EA9D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6200AE96-C98B-42EB-ADB8-F1AD68AA4EDB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E3A5BBD0-B829-4D68-AF58-F66E67F959C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\prefs.js

C:\Users\heiko&sabine\AppData\Roaming\Mozilla\Firefox\Profiles\m3rdq38z.default\user.js ... Deleted !

Deleted : user_pref("CT2438727..clientLogIsEnabled", false);
Deleted : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2438727.BrowserCompStateIsOpen_1000515", true);
Deleted : user_pref("CT2438727.CT2438727", "CT2438727");
Deleted : user_pref("CT2438727.CurrentServerDate", "3-8-2012");
Deleted : user_pref("CT2438727.DSInstall", false);
Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2438727.DialogsGetterLastCheckTime", "Thu Aug 02 2012 21:21:54 GMT+0200");
Deleted : user_pref("CT2438727.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2438727.FirstServerDate", "14-1-2012");
Deleted : user_pref("CT2438727.FirstTime", true);
Deleted : user_pref("CT2438727.FirstTimeFF3", true);
Deleted : user_pref("CT2438727.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2438727.HPInstall", false);
Deleted : user_pref("CT2438727.HasUserGlobalKeys", true);
Deleted : user_pref("CT2438727.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2438727.HomepageBeforeUnload", "hxxp://mystart.incredimail.com");
Deleted : user_pref("CT2438727.Initialize", true);
Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2438727.InstallationType", "DirectDownload");
Deleted : user_pref("CT2438727.InstalledDate", "Sat Jan 14 2012 15:47:25 GMT+0100");
Deleted : user_pref("CT2438727.IsAlertDBUpdated", true);
Deleted : user_pref("CT2438727.IsGrouping", false);
Deleted : user_pref("CT2438727.IsInitSetupIni", true);
Deleted : user_pref("CT2438727.IsMulticommunity", false);
Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
Deleted : user_pref("CT2438727.IsProtectorsInit", true);
Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:07:53 GMT+0200");
Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2438727.LastLogin_3.12.0.7", "Wed Apr 25 2012 08:39:51 GMT+0200");
Deleted : user_pref("CT2438727.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:19 GMT+0200");
Deleted : user_pref("CT2438727.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:31:33 GMT+0200");
Deleted : user_pref("CT2438727.LastLogin_3.14.1.0", "Fri Aug 03 2012 08:24:30 GMT+0200");
Deleted : user_pref("CT2438727.LastLogin_3.9.0.3", "Sun Jan 15 2012 18:11:46 GMT+0100");
Deleted : user_pref("CT2438727.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2438727.Locale", "en");
Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2438727.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2438727.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT2438727.SearchCaption", "Zynga Customized Web Search");
Deleted : user_pref("CT2438727.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:50 GMT+0200");
Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2438727.SearchProtectorEnabled", false);
Deleted : user_pref("CT2438727.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2438727.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2438727.ServiceMapLastCheckTime", "Thu Aug 02 2012 23:07:51 GMT+0200");
Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Fri Aug 03 2012 08:24:29 GMT+0200");
Deleted : user_pref("CT2438727.SettingsLastUpdate", "1342352416");
Deleted : user_pref("CT2438727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2438727&SearchSource=13");
Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Jan 14 2012 15:47:23 GMT+0100");
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2438727.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");
Deleted : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2438727.UserID", "UN69442096685130660");
Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2438727.alertChannelId", "832836");
Deleted : user_pref("CT2438727.backendstorage.currentgame", "63697479");
Deleted : user_pref("CT2438727.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT2438727.backendstorage.facebook_user_locale", "6465");
Deleted : user_pref("CT2438727.components.1000515", true);
Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Sun Jan 15 2012 18:11:46 GMT+0100");
Deleted : user_pref("CT2438727.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2438727.initDone", true);
Deleted : user_pref("CT2438727.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2438727.myStuffEnabled", true);
Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,111,129509324767711885,129[...]
Deleted : user_pref("CT2438727.revertSettingsEnabled", true);
Deleted : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2438727.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2438727.testingCtid", "");
Deleted : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:51 GMT+0200");
Deleted : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Sat Jan 14 2012 15:47:35 GMT+0100");
Deleted : user_pref("CT2438727.usagesFlag", 2);
Deleted : user_pref("CT2724386..clientLogIsEnabled", false);
Deleted : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2724386.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129626311033612748", true);
Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129723003199914047", true);
Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129847484448267081", true);
Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129851872283658385", true);
Deleted : user_pref("CT2724386.CTID", "ct2724407");
Deleted : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Fri Apr 27 2012 23:18:04 GMT+0200");
Deleted : user_pref("CT2724386.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Deleted : user_pref("CT2724386.CommunityChanged", true);
Deleted : user_pref("CT2724386.CurrentServerDate", "3-8-2012");
Deleted : user_pref("CT2724386.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2724386.DialogsGetterLastCheckTime", "Thu Aug 02 2012 21:21:56 GMT+0200");
Deleted : user_pref("CT2724386.DownloadDomainsListLastCheckTime", "Fri Apr 27 2012 23:18:04 GMT+0200");
Deleted : user_pref("CT2724386.DownloadReferralCookieData", "");
Deleted : user_pref("CT2724386.FirstServerDate", "5-2-2011");
Deleted : user_pref("CT2724386.FirstTime", true);
Deleted : user_pref("CT2724386.FirstTimeFF3", true);
Deleted : user_pref("CT2724386.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2724386.GroupingLastCheckTime", "Fri Apr 27 2012 22:55:19 GMT+0200");
Deleted : user_pref("CT2724386.GroupingLastErrorCode", "");
Deleted : user_pref("CT2724386.GroupingLastResponse", false);
Deleted : user_pref("CT2724386.GroupingLastServerUpdateTime", "129404259370830000");
Deleted : user_pref("CT2724386.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2724386.HasUserGlobalKeys", true);
Deleted : user_pref("CT2724386.Initialize", true);
Deleted : user_pref("CT2724386.InitializeCommonPrefs", true);
Deleted : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe");
Deleted : user_pref("CT2724386.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2724386.InstalledDate", "Sat Feb 05 2011 09:46:53 GMT+0100");
Deleted : user_pref("CT2724386.IsGrouping", false);
Deleted : user_pref("CT2724386.IsMulticommunity", false);
Deleted : user_pref("CT2724386.IsOpenThankYouPage", false);
Deleted : user_pref("CT2724386.IsOpenUninstallPage", true);
Deleted : user_pref("CT2724386.LanguagePackLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100");
Deleted : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2724386.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:21 GMT+0200");
Deleted : user_pref("CT2724386.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:31:38 GMT+0200");
Deleted : user_pref("CT2724386.LastLogin_3.14.1.0", "Fri Aug 03 2012 08:24:37 GMT+0200");
Deleted : user_pref("CT2724386.LastLogin_3.3.0.19", "Sat Feb 05 2011 13:46:53 GMT+0100");
Deleted : user_pref("CT2724386.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2724386.Locale", "en");
Deleted : user_pref("CT2724386.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2724386.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2724386.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2724386.RadioIsPodcast", false);
Deleted : user_pref("CT2724386.RadioMediaID", "21080119");
Deleted : user_pref("CT2724386.RadioMediaType", "Media Player");
Deleted : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080119");
Deleted : user_pref("CT2724386.RadioStationName", "Royal-Radio%20");
Deleted : user_pref("CT2724386.RadioStationURL", "");
Deleted : user_pref("CT2724386.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2724386.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Deleted : user_pref("CT2724386.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100");
Deleted : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2724386.ServiceMapLastCheckTime", "Fri Aug 03 2012 08:24:31 GMT+0200");
Deleted : user_pref("CT2724386.SettingsLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100");
Deleted : user_pref("CT2724386.SettingsLastUpdate", "1295945137");
Deleted : user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Sat Feb 05 2011 09:46:53 GMT+0100");
Deleted : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2724386.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724386");
Deleted : user_pref("CT2724386.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2724386.UserID", "UN42851976944475634");
Deleted : user_pref("CT2724386.WeatherNetwork", "");
Deleted : user_pref("CT2724386.WeatherPollDate", "Sat Feb 05 2011 10:16:56 GMT+0100");
Deleted : user_pref("CT2724386.WeatherUnit", "C");
Deleted : user_pref("CT2724386.alertChannelId", "1116652");
Deleted : user_pref("CT2724386.ct2724407.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2724386.ct2724407.GroupingInvalidateCache", false);
Deleted : user_pref("CT2724386.ct2724407.GroupingLastCheckTime", "Fri Apr 27 2012 22:55:19 GMT+0200");
Deleted : user_pref("CT2724386.ct2724407.GroupingLastErrorCode", "");
Deleted : user_pref("CT2724386.ct2724407.GroupingLastResponse", false);
Deleted : user_pref("CT2724386.ct2724407.GroupingLastServerUpdateTime", "129403703522470000");
Deleted : user_pref("CT2724386.ct2724407.InvalidateCache", false);
Deleted : user_pref("CT2724386.ct2724407.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:07:59 GMT+0200");
Deleted : user_pref("CT2724386.ct2724407.Locale", "de");
Deleted : user_pref("CT2724386.ct2724407.RadioLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100");
Deleted : user_pref("CT2724386.ct2724407.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2724386.ct2724407.RadioLastUpdateServer", "129249047784100000");
Deleted : user_pref("CT2724386.ct2724407.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2724386.ct2724407.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200");
Deleted : user_pref("CT2724386.ct2724407.SettingsLastCheckTime", "Fri Aug 03 2012 08:24:32 GMT+0200");
Deleted : user_pref("CT2724386.ct2724407.SettingsLastUpdate", "1340713641");
Deleted : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastCheck", "Sat Feb 05 2011 09:46:53 GMT+0100");
Deleted : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2724386.ct2724407.globalFirstTimeInfoLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100[...]
Deleted : user_pref("CT2724386.ct2724407.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:58 GMT+0200"[...]
Deleted : user_pref("CT2724386.ct2724407.toolbarContextMenuLastCheckTime", "Sat Feb 05 2011 09:46:54 GMT+0100"[...]
Deleted : user_pref("CT2724386.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2724386.globalFirstTimeInfoLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100");
Deleted : user_pref("CT2724386.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2724386.initDone", true);
Deleted : user_pref("CT2724386.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2724386.myStuffEnabled", true);
Deleted : user_pref("CT2724386.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2724386.revertSettingsEnabled", false);
Deleted : user_pref("CT2724386.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2724386.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2724386.testingCtid", "");
Deleted : user_pref("CT2724386.toolbarAppMetaDataLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100");
Deleted : user_pref("CT2724386.toolbarContextMenuLastCheckTime", "Sat Feb 05 2011 09:46:56 GMT+0100");
Deleted : user_pref("CT2724386.usagesFlag", 2);
Deleted : user_pref("CT2801937..clientLogIsEnabled", false);
Deleted : user_pref("CT2801937..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2801937..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2801937.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2801937.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2801937.AppTrackingLastCheckTime", "Mon May 07 2012 22:14:07 GMT+0200");
Deleted : user_pref("CT2801937.BrowserCompStateIsOpen_129799487489787934", true);
Deleted : user_pref("CT2801937.BrowserCompStateIsOpen_129800116201456332", true);
Deleted : user_pref("CT2801937.CTID", "CT2801937");
Deleted : user_pref("CT2801937.CurrentServerDate", "3-8-2012");
Deleted : user_pref("CT2801937.DSInstall", true);
Deleted : user_pref("CT2801937.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2801937.DialogsGetterLastCheckTime", "Wed Aug 01 2012 16:09:50 GMT+0200");
Deleted : user_pref("CT2801937.DownloadReferralCookieData", "");
Deleted : user_pref("CT2801937.EMailNotifierPollDate", "Tue May 15 2012 13:57:01 GMT+0200");
Deleted : user_pref("CT2801937.EnableClickToSearchBox", false);
Deleted : user_pref("CT2801937.EnableSearchHistory", false);
Deleted : user_pref("CT2801937.EnableSearchSuggest", false);
Deleted : user_pref("CT2801937.FirstServerDate", "7-5-2012");
Deleted : user_pref("CT2801937.FirstTime", true);
Deleted : user_pref("CT2801937.FirstTimeFF3", true);
Deleted : user_pref("CT2801937.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2801937.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2801937.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2801937.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2801937.HPChangedManually", true);
Deleted : user_pref("CT2801937.HPInstall", true);
Deleted : user_pref("CT2801937.HasUserGlobalKeys", true);
Deleted : user_pref("CT2801937.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2801937.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=[...]
Deleted : user_pref("CT2801937.Initialize", true);
Deleted : user_pref("CT2801937.InitializeCommonPrefs", true);
Deleted : user_pref("CT2801937.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2801937.InstallationId", "ConduitInstaller.exe");
Deleted : user_pref("CT2801937.InstallationType", "ConduitNSISIntegration");
Deleted : user_pref("CT2801937.InstalledDate", "Mon May 07 2012 18:53:18 GMT+0200");
Deleted : user_pref("CT2801937.InvalidateCache", false);
Deleted : user_pref("CT2801937.IsAlertDBUpdated", true);
Deleted : user_pref("CT2801937.IsGrouping", false);
Deleted : user_pref("CT2801937.IsInitSetupIni", true);
Deleted : user_pref("CT2801937.IsMulticommunity", false);
Deleted : user_pref("CT2801937.IsOpenThankYouPage", false);
Deleted : user_pref("CT2801937.IsOpenUninstallPage", true);
Deleted : user_pref("CT2801937.IsProtectorsInit", true);
Deleted : user_pref("CT2801937.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200");
Deleted : user_pref("CT2801937.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2801937.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2801937.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:22 GMT+0200");
Deleted : user_pref("CT2801937.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:24:35 GMT+0200");
Deleted : user_pref("CT2801937.LastLogin_3.14.1.0", "Fri Aug 03 2012 08:24:31 GMT+0200");
Deleted : user_pref("CT2801937.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2801937.Locale", "de");
Deleted : user_pref("CT2801937.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2801937.MCDetectTooltipShow", false);
Deleted : user_pref("CT2801937.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2801937.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2801937.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2801937.OriginalFirstVersion", "3.12.2.3");
Deleted : user_pref("CT2801937.RadioIsPodcast", false);
Deleted : user_pref("CT2801937.RadioLastCheckTime", "Tue May 15 2012 13:57:01 GMT+0200");
Deleted : user_pref("CT2801937.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2801937.RadioLastUpdateServer", "129800256255330000");
Deleted : user_pref("CT2801937.RadioMediaID", "21560175");
Deleted : user_pref("CT2801937.RadioMediaType", "Media Player");
Deleted : user_pref("CT2801937.RadioMenuSelectedID", "EBRadioMenu_CT280193721560175");
Deleted : user_pref("CT2801937.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2801937.RadioStationName", "GermanyFM%20Info");
Deleted : user_pref("CT2801937.RadioStationURL", "hxxp://www.1000mikes.com/audio/1000mikes.m3u?channelId=6680"[...]
Deleted : user_pref("CT2801937.SavedHomepage", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc="[...]
Deleted : user_pref("CT2801937.SearchBackToDefaultEngine", false);
Deleted : user_pref("CT2801937.SearchCaption", "NCH DE Customized Web Search");
Deleted : user_pref("CT2801937.SearchEngineBeforeUnload", "WinZipBar_DE Customized Web Search");
Deleted : user_pref("CT2801937.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2801937.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...]
Deleted : user_pref("CT2801937.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2801937.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2801937.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:52 GMT+0200");
Deleted : user_pref("CT2801937.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2801937.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2801937.SearchProtectorEnabled", false);
Deleted : user_pref("CT2801937.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2801937.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2801937.ServiceMapLastCheckTime", "Thu Aug 02 2012 23:07:52 GMT+0200");
Deleted : user_pref("CT2801937.SettingsLastCheckTime", "Fri Aug 03 2012 08:24:30 GMT+0200");
Deleted : user_pref("CT2801937.SettingsLastUpdate", "1343176950");
Deleted : user_pref("CT2801937.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13");
Deleted : user_pref("CT2801937.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2801937.ThirdPartyComponentsLastCheck", "Mon May 07 2012 18:53:16 GMT+0200");
Deleted : user_pref("CT2801937.ThirdPartyComponentsLastUpdate", "1331806000");
Deleted : user_pref("CT2801937.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2801937.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801937");
Deleted : user_pref("CT2801937.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2801937.UserID", "UN88242712545417888");
Deleted : user_pref("CT2801937.WeatherNetwork", "");
Deleted : user_pref("CT2801937.WeatherPollDate", "Tue May 15 2012 13:57:03 GMT+0200");
Deleted : user_pref("CT2801937.WeatherUnit", "C");
Deleted : user_pref("CT2801937.alertChannelId", "1194019");
Deleted : user_pref("CT2801937.approveUntrustedApps", false);
Deleted : user_pref("CT2801937.autoDisableScopes", 0);
Deleted : user_pref("CT2801937.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Deleted : user_pref("CT2801937.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365");
Deleted : user_pref("CT2801937.backendstorage.xing_app_marketplace_app_lang", "656E");
Deleted : user_pref("CT2801937.backendstorage.xing_app_marketplace_gadget_height_normal", "353639");
Deleted : user_pref("CT2801937.backendstorage.xing_app_marketplace_gadget_height_short", "343135");
Deleted : user_pref("CT2801937.backendstorage.xing_app_marketplace_gadget_width", "333533");
Deleted : user_pref("CT2801937.components.1000034", false);
Deleted : user_pref("CT2801937.components.1000080", false);
Deleted : user_pref("CT2801937.components.1000082", false);
Deleted : user_pref("CT2801937.components.1000234", false);
Deleted : user_pref("CT2801937.components.129306877459819678", false);
Deleted : user_pref("CT2801937.components.129306877459975929", false);
Deleted : user_pref("CT2801937.components.129306877468568933", false);
Deleted : user_pref("CT2801937.components.129799474422717075", false);
Deleted : user_pref("CT2801937.components.129799482871194470", false);
Deleted : user_pref("CT2801937.components.129799483853381569", false);
Deleted : user_pref("CT2801937.components.129799487489787934", false);
Deleted : user_pref("CT2801937.components.129799494588344200", false);
Deleted : user_pref("CT2801937.components.129800116201456332", false);
Deleted : user_pref("CT2801937.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2801937.globalFirstTimeInfoLastCheckTime", "Mon May 07 2012 18:53:19 GMT+0200");
Deleted : user_pref("CT2801937.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2801937.initDone", true);
Deleted : user_pref("CT2801937.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2801937.isFirstRadioInstallation", false);
Deleted : user_pref("CT2801937.isSearchProtectorNotifyChanges", false);
Deleted : user_pref("CT2801937.myStuffEnabled", true);
Deleted : user_pref("CT2801937.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2801937.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2801937.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2801937.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2801937.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2801937.revertSettingsEnabled", true);
Deleted : user_pref("CT2801937.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2801937.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2801937.testingCtid", "");
Deleted : user_pref("CT2801937.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:53 GMT+0200");
Deleted : user_pref("CT2801937.toolbarContextMenuLastCheckTime", "Mon May 07 2012 18:53:21 GMT+0200");
Deleted : user_pref("CT2801937.usageEnabled", false);
Deleted : user_pref("CT2801937.usagesFlag", 2);
Deleted : user_pref("CT2856415..clientLogIsEnabled", false);
Deleted : user_pref("CT2856415..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2856415..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2856415.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2856415.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2856415.BrowserCompStateIsOpen_129502651137682069", true);
Deleted : user_pref("CT2856415.BrowserCompStateIsOpen_129560745131733767", true);
Deleted : user_pref("CT2856415.BrowserCompStateIsOpen_129683315081957463", true);
Deleted : user_pref("CT2856415.CT2856415", "CT2856415");
Deleted : user_pref("CT2856415.CurrentServerDate", "21-7-2012");
Deleted : user_pref("CT2856415.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2856415.DialogsGetterLastCheckTime", "Fri Jul 20 2012 08:45:28 GMT+0200");
Deleted : user_pref("CT2856415.DownloadReferralCookieData", "");
Deleted : user_pref("CT2856415.FirstServerDate", "8-1-2011");
Deleted : user_pref("CT2856415.FirstTime", true);
Deleted : user_pref("CT2856415.FirstTimeFF3", true);
Deleted : user_pref("CT2856415.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2856415.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2856415.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2856415.HasUserGlobalKeys", true);
Deleted : user_pref("CT2856415.Initialize", true);
Deleted : user_pref("CT2856415.InitializeCommonPrefs", true);
Deleted : user_pref("CT2856415.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2856415.InstallationType", "Unknown");
Deleted : user_pref("CT2856415.InstalledDate", "Sat Jan 08 2011 10:42:24 GMT+0100");
Deleted : user_pref("CT2856415.IsGrouping", false);
Deleted : user_pref("CT2856415.IsMulticommunity", false);
Deleted : user_pref("CT2856415.IsOpenThankYouPage", true);
Deleted : user_pref("CT2856415.IsOpenUninstallPage", true);
Deleted : user_pref("CT2856415.LanguagePackLastCheckTime", "Fri Jul 20 2012 08:45:25 GMT+0200");
Deleted : user_pref("CT2856415.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2856415.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2856415.LastLogin_3.12.0.7", "Wed Apr 25 2012 08:39:48 GMT+0200");
Deleted : user_pref("CT2856415.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:16 GMT+0200");
Deleted : user_pref("CT2856415.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:24:35 GMT+0200");
Deleted : user_pref("CT2856415.LastLogin_3.14.1.0", "Sat Jul 21 2012 00:45:29 GMT+0200");
Deleted : user_pref("CT2856415.LastLogin_3.3.0.19", "Sat Jan 08 2011 10:42:24 GMT+0100");
Deleted : user_pref("CT2856415.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT2856415.Locale", "en");
Deleted : user_pref("CT2856415.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2856415.MCDetectTooltipShow", false);
Deleted : user_pref("CT2856415.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2856415.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2856415.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2856415.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2856415.SavedHomepage", "hxxp://mystart.incredimail.com/");
Deleted : user_pref("CT2856415.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2856415.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Deleted : user_pref("CT2856415.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2856415.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2856415.SearchInNewTabLastCheckTime", "Fri Jul 20 2012 08:45:26 GMT+0200");
Deleted : user_pref("CT2856415.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2856415.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2856415.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2856415.ServiceMapLastCheckTime", "Fri Jul 20 2012 08:45:25 GMT+0200");
Deleted : user_pref("CT2856415.SettingsLastCheckTime", "Fri Jul 20 2012 22:09:58 GMT+0200");
Deleted : user_pref("CT2856415.SettingsLastUpdate", "1341830141");
Deleted : user_pref("CT2856415.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2856415.ThirdPartyComponentsLastCheck", "Sat Jan 08 2011 10:42:22 GMT+0100");
Deleted : user_pref("CT2856415.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2856415.ToolbarDisabled", false);
Deleted : user_pref("CT2856415.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2856415");
Deleted : user_pref("CT2856415.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2856415.UserID", "UN90125898018839251");
Deleted : user_pref("CT2856415.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2856415.alertChannelId", "1248439");
Deleted : user_pref("CT2856415.approveUntrustedApps", true);
Deleted : user_pref("CT2856415.backendstorage.cbfirsttime", "547565204A756E20313220323031322030383A35313A33372[...]
Deleted : user_pref("CT2856415.backendstorage.sf_just_installed", "46414C5345");
Deleted : user_pref("CT2856415.backendstorage.sf_status", "454E41424C4544");
Deleted : user_pref("CT2856415.backendstorage.sf_user_id", "6369645F31323632303132383531333833323830353238");
Deleted : user_pref("CT2856415.backendstorage.shoppingapp.gk.exipres", "546875204A756E20323820323031322031303A[...]
Deleted : user_pref("CT2856415.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Deleted : user_pref("CT2856415.components.1000080", false);
Deleted : user_pref("CT2856415.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2856415.globalFirstTimeInfoLastCheckTime", "Sat Jan 08 2011 10:42:24 GMT+0100");
Deleted : user_pref("CT2856415.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2856415.initDone", true);
Deleted : user_pref("CT2856415.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2856415.myStuffEnabled", true);
Deleted : user_pref("CT2856415.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2856415.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2856415.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2856415.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2856415.revertSettingsEnabled", true);
Deleted : user_pref("CT2856415.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2856415.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2856415.testingCtid", "");
Deleted : user_pref("CT2856415.toolbarAppMetaDataLastCheckTime", "Fri Jul 20 2012 08:45:28 GMT+0200");
Deleted : user_pref("CT2856415.toolbarContextMenuLastCheckTime", "Sat Jan 08 2011 10:42:24 GMT+0100");
Deleted : user_pref("CT2856415.usagesFlag", 2);
Deleted : user_pref("CT3192727..clientLogIsEnabled", false);
Deleted : user_pref("CT3192727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3192727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3192727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3192727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3192727.CTID", "CT3192727");
Deleted : user_pref("CT3192727.CurrentServerDate", "3-8-2012");
Deleted : user_pref("CT3192727.DSInstall", true);
Deleted : user_pref("CT3192727.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3192727.DialogsGetterLastCheckTime", "Wed Aug 01 2012 16:09:53 GMT+0200");
Deleted : user_pref("CT3192727.DownloadReferralCookieData", "");
Deleted : user_pref("CT3192727.EMailNotifierPollDate", "Tue May 15 2012 17:14:20 GMT+0200");
Deleted : user_pref("CT3192727.FirstServerDate", "15-5-2012");
Deleted : user_pref("CT3192727.FirstTime", true);
Deleted : user_pref("CT3192727.FirstTimeFF3", true);
Deleted : user_pref("CT3192727.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3192727.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3192727.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3192727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3192727.HPInstall", true);
Deleted : user_pref("CT3192727.HasUserGlobalKeys", true);
Deleted : user_pref("CT3192727.HomePageProtectorEnabled", true);
Deleted : user_pref("CT3192727.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=[...]
Deleted : user_pref("CT3192727.Initialize", true);
Deleted : user_pref("CT3192727.InitializeCommonPrefs", true);
Deleted : user_pref("CT3192727.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3192727.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT3192727.InstallationType", "ConduitNSISIntegration");
Deleted : user_pref("CT3192727.InstalledDate", "Tue May 15 2012 13:57:03 GMT+0200");
Deleted : user_pref("CT3192727.IsAlertDBUpdated", true);
Deleted : user_pref("CT3192727.IsGrouping", false);
Deleted : user_pref("CT3192727.IsInitSetupIni", true);
Deleted : user_pref("CT3192727.IsMulticommunity", false);
Deleted : user_pref("CT3192727.IsOpenThankYouPage", false);
Deleted : user_pref("CT3192727.IsOpenUninstallPage", false);
Deleted : user_pref("CT3192727.IsProtectorsInit", true);
Deleted : user_pref("CT3192727.LanguagePackLastCheckTime", "Thu Aug 02 2012 23:08:01 GMT+0200");
Deleted : user_pref("CT3192727.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3192727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3192727.LastLogin_3.12.2.3", "Thu May 31 2012 00:15:24 GMT+0200");
Deleted : user_pref("CT3192727.LastLogin_3.13.0.6", "Sun Jul 15 2012 23:31:38 GMT+0200");
Deleted : user_pref("CT3192727.LastLogin_3.14.1.0", "Fri Aug 03 2012 08:24:37 GMT+0200");
Deleted : user_pref("CT3192727.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3192727.Locale", "de");
Deleted : user_pref("CT3192727.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3192727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3192727.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3192727.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3192727.OriginalFirstVersion", "3.12.2.3");
Deleted : user_pref("CT3192727.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13");
Deleted : user_pref("CT3192727.SearchCaption", "WinZipBar_DE Customized Web Search");
Deleted : user_pref("CT3192727.SearchEngineBeforeUnload", "WinZipBar_DE Customized Web Search");
Deleted : user_pref("CT3192727.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3192727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]
Deleted : user_pref("CT3192727.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3192727.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3192727.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200");
Deleted : user_pref("CT3192727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3192727.SearchProtectorEnabled", true);
Deleted : user_pref("CT3192727.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3192727.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3192727.ServiceMapLastCheckTime", "Thu Aug 02 2012 23:07:55 GMT+0200");
Deleted : user_pref("CT3192727.SettingsLastCheckTime", "Fri Aug 03 2012 08:24:33 GMT+0200");
Deleted : user_pref("CT3192727.SettingsLastUpdate", "1342354864");
Deleted : user_pref("CT3192727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=13");
Deleted : user_pref("CT3192727.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3192727.ThirdPartyComponentsLastCheck", "Tue May 15 2012 13:57:02 GMT+0200");
Deleted : user_pref("CT3192727.ThirdPartyComponentsLastUpdate", "1331806000");
Deleted : user_pref("CT3192727.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3192727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3192727");
Deleted : user_pref("CT3192727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3192727.UserID", "UN10847091490668015");
Deleted : user_pref("CT3192727.alertChannelId", "1606848");
Deleted : user_pref("CT3192727.autoDisableScopes", 0);
Deleted : user_pref("CT3192727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3192727.globalFirstTimeInfoLastCheckTime", "Tue May 15 2012 13:57:06 GMT+0200");
Deleted : user_pref("CT3192727.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3192727.initDone", true);
Deleted : user_pref("CT3192727.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3192727.myStuffEnabled", true);
Deleted : user_pref("CT3192727.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3192727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3192727.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3192727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3192727.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3192727.revertSettingsEnabled", true);
Deleted : user_pref("CT3192727.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3192727.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3192727.testingCtid", "");
Deleted : user_pref("CT3192727.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 23:07:59 GMT+0200");
Deleted : user_pref("CT3192727.toolbarContextMenuLastCheckTime", "Tue May 15 2012 13:57:06 GMT+0200");
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801937&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "NCH DE Customized Web Search,WinZipBar_DE Customize[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801937/CT2801937[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2856415/CT2856415[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3192727/CT3192727[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2724407/CT2724386[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116652/1112356/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194019/1189696/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1248439/1244112/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801937", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2856415", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3192727", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724407", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801937",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2856415",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3192727",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2724386/CT2724386[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2856415/CT2856415[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2724407/CT2724386[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\heiko&sabine\\AppData\\Roaming\\Moz[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2856415");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/?loc=ff_a[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2856415,CT2724386,CT2438727,CT2801937,CT3192727");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2856415,CT2724386,CT2438727,CT2801937,CT3192727");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2438727,CT2801937,CT3192727");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 14 2011 09:10:48 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 14 2011 21:37:29 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 26 2011 19:49:33 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "c368d400-187b-469d-93b1-41b10686de52");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 05 2011 09:46:53 GMT+0100");
Deleted : user_pref("CommunityToolbar.globalUserId", "595a5e57-69f6-4487-80d2-bf98f765e757");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3192727");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 15 2012 13:57:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue May 15 2012 13:57:09 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 15 2012 13:57:01 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "dbb9b87c-b8b0-4af5-9cde-657df270fb67");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.incredimail.com");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("extensions.Softonic.admin", false);
Deleted : user_pref("extensions.Softonic.aflt", "orgnl");
Deleted : user_pref("extensions.Softonic.autoRvrt", "false");
Deleted : user_pref("extensions.Softonic.dfltLng", "");
Deleted : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
Deleted : user_pref("extensions.Softonic.dspOld", "Google");
Deleted : user_pref("extensions.Softonic.excTlbr", false);
Deleted : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc[...]
Deleted : user_pref("extensions.Softonic.hpOld", "hxxp://mystart.incredimail.com?a=1ex6s2xHUou");
Deleted : user_pref("extensions.Softonic.id", "a08e748300000000000000242ba0c3ef");
Deleted : user_pref("extensions.Softonic.instlDay", "15467");
Deleted : user_pref("extensions.Softonic.instlRef", "MON00001");
Deleted : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=[...]
Deleted : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...]
Deleted : user_pref("extensions.Softonic.prdct", "Softonic");
Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");
Deleted : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Deleted : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Deleted : user_pref("extensions.Softonic.tlbrId", "base");
Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]
Deleted : user_pref("extensions.Softonic.vrsn", "1.5.21.0");
Deleted : user_pref("extensions.Softonic.vrsni", "1.5.21.0");
Deleted : user_pref("extensions.Softonic_i.dfltSrch", true);
Deleted : user_pref("extensions.Softonic_i.dnsErr", true);
Deleted : user_pref("extensions.Softonic_i.hmpg", true);
Deleted : user_pref("extensions.Softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...]
Deleted : user_pref("extensions.Softonic_i.newTab", false);
Deleted : user_pref("extensions.Softonic_i.smplGrp", "none");
Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.018:18:49");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Deleted : user_pref("extensions.enabledAddons", "toolbar-ff@payback.de:1.1.9.99,adapter@babylontc.com:1.0.0.1,[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q=[...]

-\\ Google Chrome v21.0.1180.60

File : C:\Users\heiko&sabine\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "name" : "Search Results",
Deleted : "search_url" : "hxxp://dts.search-results.com/sr?src=crb&appid=703&systemid=2&sr=0&q={search[...]

-\\ Opera v [Unable to get version]

File : C:\Users\heiko&sabine\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [59516 octets] - [31/07/2012 22:11:34]
AdwCleaner[R2].txt - [61933 octets] - [02/08/2012 23:49:59]
AdwCleaner[R3].txt - [61994 octets] - [03/08/2012 15:06:37]
AdwCleaner[S1].txt - [63322 octets] - [03/08/2012 15:06:48]

########## EOF - C:\AdwCleaner[S1].txt - [63451 octets] ##########

Emsisoft Anti-Malware v. 6.6.0.4
(C) 2003-2012 Emsisoft - Emsisoft Anti-Malware - Best antivirus and firewall to protect from viruses, bots, spyware, keyloggers, trojans, scareware and rootkits

ID Object
0 D:\HEIKO_SABINE-PC\Backup Set 2012-07-31 123932\Backup Files 2012-07-31 123932\Backup files 22.zip Exploit.Java.CVE-2012-0507!E2
1 C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Adware.Win32.Toolbar.Dealio.AMN!E1
2 C:\Users\heiko&sabine\Downloads\PDFCreator-1_2_3_setup.exe Riskware.Win32.Toolbar.Widgi.AMN!E1
3 c:\program files\etoro\ Trace.File.etoro!E1
4 Value: hkey_local_machine\software\classes\clsid\{42c9ccda-4485-47b8-a9e5-e8006de9e100}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
5 Value: hkey_classes_root\clsid\{29e269fc-2f9b-4bcd-8975-fff13240c4d5}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
6 Value: hkey_classes_root\clsid\{1dd35ae6-8472-4151-ac2d-96b2ad3f7f82}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
7 Value: hkey_classes_root\clsid\{281ad869-b22b-4249-b1a1-aa6be0012ae5}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
8 Value: hkey_local_machine\software\classes\clsid\{281ad869-b22b-4249-b1a1-aa6be0012ae5}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
9 Key: hkey_local_machine\software\etoro Trace.Registry.etoro!E1
10 Value: hkey_local_machine\software\classes\clsid\{65e67583-931c-4039-b3df-385256eea001}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
11 Value: hkey_classes_root\clsid\{42c9ccda-4485-47b8-a9e5-e8006de9e100}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
12 Value: hkey_local_machine\software\classes\clsid\{29e269fc-2f9b-4bcd-8975-fff13240c4d5}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
13 Value: hkey_local_machine\software\classes\clsid\{1dd35ae6-8472-4151-ac2d-96b2ad3f7f82}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
14 Value: hkey_classes_root\clsid\{65e67583-931c-4039-b3df-385256eea001}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
15 Key: hkey_current_user\software\etoro Trace.Registry.etoro!E1

Alt 03.08.2012, 17:58   #15
t'john
/// Helfer-Team
 
GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Standard

GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)



Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)
aktiviert, anleitung, antivir, cftmon.lnk, gefunde, go_0molg.pad, gvu trojaner, gvu trojaner 2.07, gvu trojaner entfernen, gvu trojaner mit webcam, gvu-trojaner mit webcam, inter, interne, laptop, melden, nichts, nichts geht mehr, online, problem, reveton.c, sperrbildschirm, trojaner, update, webcam, webcam gvu trojaner, webcamfenster, weiterhelfen



Ähnliche Themen: GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)


  1. Windows 8 : nach Trojaner geht nichts mehr
    Plagegeister aller Art und deren Bekämpfung - 14.10.2013 (3)
  2. GVU Trojaner - nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (20)
  3. Gvu-trojaner / nichts Geht mehr.
    Log-Analyse und Auswertung - 28.07.2013 (8)
  4. GVU Trojaner Win 7, nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 27.07.2013 (13)
  5. Virus ähnlich Bundestrojaner-Webcam plötzlich aktiviert-Nichts geht mehr :(
    Log-Analyse und Auswertung - 28.11.2012 (8)
  6. BKA Trojaner - NICHTS geht mehr
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (25)
  7. Windows Verschlüsselungs-Trojaner, nichts geht mehr!
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (32)
  8. Windows Update Trojaner ...nichts geht mehr!
    Log-Analyse und Auswertung - 14.06.2012 (1)
  9. Trojaner eingefangen und nichts geht mehr
    Log-Analyse und Auswertung - 30.05.2012 (1)
  10. AKM Trojaner, nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (2)
  11. (2x) AKM Trojaner, nichts geht mehr
    Mülltonne - 03.03.2012 (2)
  12. Gema Trojaner und nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 18.02.2012 (8)
  13. BKA Trojaner - nichts geht mehr...
    Log-Analyse und Auswertung - 12.09.2011 (72)
  14. BKA TROJANER - Vista 32 - NICHTS GEHT MEHR
    Plagegeister aller Art und deren Bekämpfung - 14.06.2011 (27)
  15. Clean This Trojaner, NICHTS geht mehr !
    Plagegeister aller Art und deren Bekämpfung - 01.04.2011 (4)
  16. Trojaner/Virus - Nichts (Firefox, ICQ usw.) geht mehr ....
    Plagegeister aller Art und deren Bekämpfung - 24.10.2008 (0)
  17. Hilfe Vundo.fdg Trojaner und nichts geht mehr!
    Plagegeister aller Art und deren Bekämpfung - 13.09.2008 (1)

Zum Thema GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) - Hallo, ich schlage mich nun schon den ganzen Tag mit dem Problem rum. Auf Chip online habe ich eine Anleitung gefunden um den Trojaner zu entfernen. Leider ohne Erfolg. sobald - GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)...
Archiv
Du betrachtest: GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.