Hallo,
der JRT Scan war: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Enterprise x86
Ran by Angela on 24.05.2013 at 22:13:27,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Angela\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Angela\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Angela\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ FireFox
Successfully deleted: [File] C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\m4hcwook.default\user.js
Successfully deleted: [File] C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\m4hcwook.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\m4hcwook.default\extensions\software@loadtubes.com
Successfully deleted: [Folder] C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\m4hcwook.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\m4hcwook.default\prefs.js
user_pref("CT2856415..clientLogIsEnabled", false);
user_pref("CT2856415..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2856415..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2856415.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2856415.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2856415.BrowserCompStateIsOpen_129502651137682069", true);
user_pref("CT2856415.BrowserCompStateIsOpen_129560745131733767", true);
user_pref("CT2856415.BrowserCompStateIsOpen_129683315081957463", true);
user_pref("CT2856415.BrowserCompStateIsOpen_130104337782566575", true);
user_pref("CT2856415.BrowserCompStateIsOpen_1365942036000", true);
user_pref("CT2856415.CTID", "CT2856415");
user_pref("CT2856415.CurrentServerDate", "24-5-2013");
user_pref("CT2856415.DialogsAlignMode", "LTR");
user_pref("CT2856415.DialogsGetterLastCheckTime", "Fri May 24 2013 20:55:35 GMT+0200");
user_pref("CT2856415.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"12/26/2010 3:09:01 PM\",\"SourceId\":0,
user_pref("CT2856415.FirstServerDate", "26-12-2010");
user_pref("CT2856415.FirstTime", true);
user_pref("CT2856415.FirstTimeFF3", true);
user_pref("CT2856415.FixPageNotFoundErrors", true);
user_pref("CT2856415.GroupingServerCheckInterval", 1440);
user_pref("CT2856415.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2856415.HasUserGlobalKeys", true);
user_pref("CT2856415.Initialize", true);
user_pref("CT2856415.InitializeCommonPrefs", true);
user_pref("CT2856415.InstallationAndCookieDataSentCount", 3);
user_pref("CT2856415.InstalledDate", "Sun Dec 26 2010 13:09:39 GMT+0100");
user_pref("CT2856415.IsGrouping", false);
user_pref("CT2856415.IsMulticommunity", false);
user_pref("CT2856415.IsOpenThankYouPage", true);
user_pref("CT2856415.IsOpenUninstallPage", true);
user_pref("CT2856415.LanguagePackLastCheckTime", "Fri May 24 2013 20:55:35 GMT+0200");
user_pref("CT2856415.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2856415.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2856415.LastLogin_3.12.0.7", "Thu May 03 2012 18:12:05 GMT+0200");
user_pref("CT2856415.LastLogin_3.12.2.3", "Thu May 31 2012 08:15:24 GMT+0200");
user_pref("CT2856415.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:57:55 GMT+0200");
user_pref("CT2856415.LastLogin_3.14.1.0", "Wed Aug 22 2012 09:12:44 GMT+0200");
user_pref("CT2856415.LastLogin_3.15.1.0", "Sun Nov 11 2012 13:41:50 GMT+0100");
user_pref("CT2856415.LastLogin_3.16.0.3", "Wed Feb 13 2013 16:07:33 GMT+0100");
user_pref("CT2856415.LastLogin_3.18.0.7", "Fri May 24 2013 20:55:35 GMT+0200");
user_pref("CT2856415.LastLogin_3.2.5.2", "Thu Dec 30 2010 15:50:56 GMT+0100");
user_pref("CT2856415.LatestVersion", "3.18.0.7");
user_pref("CT2856415.Locale", "en");
user_pref("CT2856415.MAX_NUMBER_OF_ALERTS_129560745131733767", "11_1369167655877");
user_pref("CT2856415.MCDetectTooltipHeight", "83");
user_pref("CT2856415.MCDetectTooltipShow", false);
user_pref("CT2856415.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2856415.MCDetectTooltipWidth", "295");
user_pref("CT2856415.MyStuffEnabledAtInstallation", true);
user_pref("CT2856415.SHRINK_TOOLBAR", 1);
user_pref("CT2856415.SavedHomepage", "hxxp://de.ask.com?o=16784&l=dis&gct=hp");
user_pref("CT2856415.SearchBoxWidth", 153);
user_pref("CT2856415.SearchFromAddressBarIsInit", true);
user_pref("CT2856415.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&q=");
user_pref("CT2856415.SearchInNewTabEnabled", true);
user_pref("CT2856415.SearchInNewTabIntervalMM", 1440);
user_pref("CT2856415.SearchInNewTabLastCheckTime", "Fri May 24 2013 20:55:29 GMT+0200");
user_pref("CT2856415.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2856415.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2856415.SearchInNewTabUserEnabled", false);
user_pref("CT2856415.ServiceMapLastCheckTime", "Fri May 24 2013 14:02:24 GMT+0200");
user_pref("CT2856415.SettingsLastCheckTime", "Fri May 24 2013 20:55:28 GMT+0200");
user_pref("CT2856415.SettingsLastUpdate", "1369383118");
user_pref("CT2856415.ThirdPartyComponentsInterval", 504);
user_pref("CT2856415.ThirdPartyComponentsLastCheck", "Sun Dec 26 2010 13:09:36 GMT+0100");
user_pref("CT2856415.ThirdPartyComponentsLastUpdate", "1246790578");
user_pref("CT2856415.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2856415");
user_pref("CT2856415.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2856415.UserID", "UN14638814830852187");
user_pref("CT2856415.ValidationData_Search", 0);
user_pref("CT2856415.ValidationData_Toolbar", 2);
user_pref("CT2856415.alertChannelId", "1248439");
user_pref("CT2856415.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B
user_pref("CT2856415.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B
user_pref("CT2856415.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B
user_pref("CT2856415.backendstorage./9b+7e.:2z527", "2423");
user_pref("CT2856415.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D6850
user_pref("CT2856415.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A66
user_pref("CT2856415.backendstorage./9b+7e06cg5el8:", "6E6D6B69716F756E736F");
user_pref("CT2856415.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473716F77757B747975242F4B49474F42357D5D5C3D");
user_pref("CT2856415.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D
user_pref("CT2856415.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A49
user_pref("CT2856415.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D
user_pref("CT2856415.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A
user_pref("CT2856415.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B
user_pref("CT2856415.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B
user_pref("CT2856415.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D
user_pref("CT2856415.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F
user_pref("CT2856415.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B
user_pref("CT2856415.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A43
user_pref("CT2856415.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68
user_pref("CT2856415.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A72
user_pref("CT2856415.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A43
user_pref("CT2856415.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D
user_pref("CT2856415.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A51
user_pref("CT2856415.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F67757868
user_pref("CT2856415.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C44
user_pref("CT2856415.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666
user_pref("CT2856415.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("CT2856415.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D73
user_pref("CT2856415.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B48
user_pref("CT2856415.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D
user_pref("CT2856415.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D
user_pref("CT2856415.backendstorage./9b-0?3g>d", "3B3A69693D7341417A4577797420787A497C25507A4E222A7E5457592B275A2A285D2A31");
user_pref("CT2856415.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT2856415.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
user_pref("CT2856415.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
user_pref("CT2856415.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
user_pref("CT2856415.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
user_pref("CT2856415.backendstorage./9b5ba==9cjag", "6D6B6B3D6A4375767A437274747A4A764C4B507A22");
user_pref("CT2856415.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B69716F756E7373787276");
user_pref("CT2856415.backendstorage./9b9643g3/9e", "6A");
user_pref("CT2856415.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
user_pref("CT2856415.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT2856415.backendstorage./9b<:222h64<l8daj", "6D70706F7674707975772A787B727B7E757D7B");
user_pref("CT2856415.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT2856415.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT2856415.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("CT2856415.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
user_pref("CT2856415.backendstorage.cbcountry_001", "4445");
user_pref("CT2856415.backendstorage.cbfirsttime", "53756E2044656320303920323031322031303A32313A353320474D542B30313030");
user_pref("CT2856415.backendstorage.cbopenmamsettings", "30");
user_pref("CT2856415.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E647569746170
user_pref("CT2856415.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
user_pref("CT2856415.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
user_pref("CT2856415.backendstorage.mam_gk_appstate_easytobook", "6F6E");
user_pref("CT2856415.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
user_pref("CT2856415.backendstorage.mam_gk_appstate_pricegong", "6F6E");
user_pref("CT2856415.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
user_pref("CT2856415.backendstorage.mam_gk_appstatereporttime", "31333639323530383433303637");
user_pref("CT2856415.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A225072696365476F6E67222C22637269746572696173223A5B7B226372697465726
user_pref("CT2856415.backendstorage.mam_gk_currentversion", "312E362E302E31");
user_pref("CT2856415.backendstorage.mam_gk_first_time", "31");
user_pref("CT2856415.backendstorage.mam_gk_lastlogintime", "31333639323530383430333035");
user_pref("CT2856415.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E742D52696368746C696E6965227D2C2267616467
user_pref("CT2856415.backendstorage.mam_gk_settings1.6.0.1", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2236315
user_pref("CT2856415.backendstorage.mam_gk_showclosebutton", "74727565");
user_pref("CT2856415.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
user_pref("CT2856415.backendstorage.mam_gk_userid", "61656536646333662D396365332D346237662D393832352D626337653230346163303834");
user_pref("CT2856415.backendstorage.pg_enable", "74727565");
user_pref("CT2856415.backendstorage.sf_just_installed", "46414C5345");
user_pref("CT2856415.backendstorage.sf_status", "454E41424C4544");
user_pref("CT2856415.backendstorage.sf_user_id", "6369645F3231353230313332323230343032343938373130");
user_pref("CT2856415.backendstorage.url_history0001", "687474703A2F2F7777772E74726F6A616E65722D626F6172642E64652F3130313536342D6173776D62722D6578652D746F6F6C2D656E746665726E65
user_pref("CT2856415.components.1000080", false);
user_pref("CT2856415.components.129355801163506562", false);
user_pref("CT2856415.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2856415.homepageProtectorEnableByLogin", true);
user_pref("CT2856415.initDone", true);
user_pref("CT2856415.myStuffEnabled", true);
user_pref("CT2856415.myStuffPublihserMinWidth", 400);
user_pref("CT2856415.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2856415.myStuffServiceIntervalMM", 1440);
user_pref("CT2856415.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2856415.revertSettingsEnabled", true);
user_pref("CT2856415.searchProtectorDialogDelayInSec", 10);
user_pref("CT2856415.searchProtectorEnableByLogin", true);
user_pref("CT2856415.testingCtid", "");
user_pref("CT2856415.toolbarAppMetaDataLastCheckTime", "Fri May 24 2013 20:55:35 GMT+0200");
user_pref("CT2856415.toolbarContextMenuLastCheckTime", "Sun Dec 26 2010 13:09:39 GMT+0100");
user_pref("CT2856415.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2856415/CT2856415", "\"f6de72fc2614b48276e26891813b45003\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1248439/1244112/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2856415", "\"1365960178\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "MUj9hNyEiPxkVQ8Q8IYZ6A==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "ZF/VZo7UyQBp8ghNNzhnSQ==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "+RsYuZ9IN1smka6Zuggr5w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "t6SQZ7j9WsBHhE8zC0kAEQ==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"01ffa8b1cc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2856415", "\"dbe4460d95840339477519b3f77dc11a\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634289840782570000\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634285417620000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2010 3:22:42 PM", "634293235860000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2856415/CT2856415", "\"1291812328\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4f32490f242482dcb7d768353a8dc7d4\"");
user_pref("CommunityToolbar.EngineHiddenByUser", true);
user_pref("CommunityToolbar.EngineOwner", "");
user_pref("CommunityToolbar.EngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1");
user_pref("CommunityToolbar.IsEngineShown", false);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.OriginalEngineOwner", "CT2856415");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FJS&o=16784&locale=de_DE&apn_uid=3FE1B21C-C91F-475B-B8FA-CE7C
user_pref("CommunityToolbar.ToolbarsList", "CT2856415");
user_pref("CommunityToolbar.ToolbarsList2", "CT2856415");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Mar 18 2011 10:34:50 GMT+0100");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 25 2011 13:19:28 GMT+0200");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 26 2011 12:59:31 GMT+0200");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "3fedd3e5-fb9b-48eb-9c6e-5d5b2b77089a");
user_pref("CommunityToolbar.globalUserId", "33ee7896-84dd-415f-818e-641eca511eac");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2856415");
user_pref("CommunityToolbar.killedEngine", true);
user_pref("CommunityToolbar.undefined", "");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.defaultthis.engineName", "Elf 1 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.asktb.abar-war-timeout", "4000");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "3S");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=");
user_pref("extensions.asktb.first-launch-url", "hxxp://www.zalando.de/nike-velocity-woven-cuffed-trainingsanzug-black-blue-n1243b02k-801.html");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "3FE1B21C-C91F-475B-B8FA-CE7C4CC38513");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "su");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1327832991213");
user_pref("extensions.asktb.last-search-timestamp", "1326301381512");
user_pref("extensions.asktb.last-v", "3.14.0.100009");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.o", "16784");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "2");
user_pref("extensions.asktb.sa", "YES");
user_pref("extensions.asktb.saguid", "C994ACBD-37D0-4ECB-97AD-4DB837212223");
user_pref("extensions.asktb.search-history-queries", "lmu lsf");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "5000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.v", "3.14.1.100009");
user_pref("extensions.asktb.volume", "");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&q=");
Emptied folder: C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\m4hcwook.default\minidumps [45 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.05.2013 at 22:17:09,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Der ADW: Code:
# AdwCleaner v2.301 - Datei am 24/05/2013 um 22:22:27 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzer : Angela - ANGELA-NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Angela\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\m4hcwook.default\Conduit
Ordner Gelöscht : C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\m4hcwook.default\CT2856415
Ordner Gelöscht : C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\m4hcwook.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.hiergehtslos.de --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\m4hcwook.default\prefs.js
Gelöscht : user_pref("CT2856415..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2856415..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2856415..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2856415.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2856415.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2856415.BrowserCompStateIsOpen_129502651137682069", true);
Gelöscht : user_pref("CT2856415.BrowserCompStateIsOpen_129560745131733767", true);
Gelöscht : user_pref("CT2856415.BrowserCompStateIsOpen_130104337782566575", true);
Gelöscht : user_pref("CT2856415.CT2856415", "CT2856415");
Gelöscht : user_pref("CT2856415.CurrentServerDate", "24-5-2013");
Gelöscht : user_pref("CT2856415.DSInstall", false);
Gelöscht : user_pref("CT2856415.DialogsGetterLastCheckTime", "Fri May 24 2013 22:18:59 GMT+0200");
Gelöscht : user_pref("CT2856415.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Gelöscht : user_pref("CT2856415.FirstServerDate", "24-5-2013");
Gelöscht : user_pref("CT2856415.FirstTime", true);
Gelöscht : user_pref("CT2856415.FirstTimeFF3", true);
Gelöscht : user_pref("CT2856415.FirstTimeHiddenVer", true);
Gelöscht : user_pref("CT2856415.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2856415.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2856415.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2856415.HPInstall", false);
Gelöscht : user_pref("CT2856415.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2856415.Initialize", true);
Gelöscht : user_pref("CT2856415.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2856415.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2856415.InstallationType", "DirectDownload");
Gelöscht : user_pref("CT2856415.InstalledDate", "Fri May 24 2013 22:19:09 GMT+0200");
Gelöscht : user_pref("CT2856415.IsInitSetupIni", true);
Gelöscht : user_pref("CT2856415.IsMulticommunity", false);
Gelöscht : user_pref("CT2856415.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2856415.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2856415.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2856415.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2856415.LastLogin_3.18.0.7", "Fri May 24 2013 22:19:21 GMT+0200");
Gelöscht : user_pref("CT2856415.LatestVersion", "3.18.0.7");
Gelöscht : user_pref("CT2856415.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2856415.OriginalFirstVersion", "3.18.0.7");
Gelöscht : user_pref("CT2856415.SearchCaption", "Elf 1 Customized Web Search");
Gelöscht : user_pref("CT2856415.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2856415.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gelöscht : user_pref("CT2856415.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2856415.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2856415.SearchInNewTabLastCheckTime", "Fri May 24 2013 22:19:22 GMT+0200");
Gelöscht : user_pref("CT2856415.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2856415.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2856415.SendProtectorDataViaLogin", true);
Gelöscht : user_pref("CT2856415.ServiceMapLastCheckTime", "Fri May 24 2013 22:18:59 GMT+0200");
Gelöscht : user_pref("CT2856415.SettingsLastCheckTime", "Fri May 24 2013 22:18:54 GMT+0200");
Gelöscht : user_pref("CT2856415.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2856415&SearchSource=13");
Gelöscht : user_pref("CT2856415.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2856415.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2856415");
Gelöscht : user_pref("CT2856415.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2856415.UserID", "UN45320663845210707");
Gelöscht : user_pref("CT2856415.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2856415.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2856415.initDone", true);
Gelöscht : user_pref("CT2856415.myStuffEnabled", true);
Gelöscht : user_pref("CT2856415.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2856415.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2856415.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2856415.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2856415.navigateToUrlOnSearch", false);
Gelöscht : user_pref("CT2856415.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2856415.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2856415.testingCtid", "");
Gelöscht : user_pref("CT2856415.toolbarAppMetaDataLastCheckTime", "Fri May 24 2013 22:18:59 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2856415/CT2856415[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1248439/1244112/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2856415", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2856415",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2856415/CT2856415[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4f3[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2856415");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2856415");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2856415");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "3e7c36b2-420f-4150-9fc1-9fea58a72429");
Gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.spiegel.de/");
Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e8cnju95.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FJS&o=16784&locale=d[...]
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [12003 octets] - [24/05/2013 22:22:27]
########## EOF - C:\AdwCleaner[S1].txt - [12064 octets] ##########
und OTL: Code:
OTL logfile created on: 24.05.2013 22:36:02 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Angela\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,43 Mb Total Physical Memory | 160,54 Mb Available Physical Memory | 15,81% Memory free
1,99 Gb Paging File | 0,77 Gb Available in Paging File | 38,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 28,33 Gb Free Space | 29,03% Space Free | Partition Type: NTFS
Drive E: | 135,23 Gb Total Space | 90,47 Gb Free Space | 66,91% Space Free | Partition Type: NTFS
Computer Name: ANGELA-NOTEBOOK | User Name: Angela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Angela\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft\BingBar\7.2.233.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Users\Angela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Norton 360\Engine\20.3.1.22\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Brownie\BrStsWnd.exe (brother)
PRC - C:\Programme\Brownie\BRNIPMON.exe (Brother Industries, Ltd.)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - c:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe ()
PRC - C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
PRC - c:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Norton 360\Engine\20.3.1.22\wincfi39.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.2.233.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.2.233.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS2) -- c:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (catchme) -- C:\Users\Angela\AppData\Local\Temp\catchme.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130524.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130524.003\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130523.001\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130515.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\N360\1403010.016\symnets.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\1403010.016\symefa.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\1403010.016\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\1403010.016\srtspx.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\1403010.016\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\1403010.016\ironx86.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\1403010.016\ccsetx86.sys (Symantec Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 20 DB 96 8D 88 CA 01 [binary data]
IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\..\SearchScopes\{8ADB80D7-F543-439D-A6B1-B43A4505C4BD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.12.10
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.3.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2010.12.11 17:30:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.31 21:03:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013.05.10 08:59:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013.05.24 22:28:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.19 15:29:00 | 000,000,000 | ---D | M]
[2010.01.04 11:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Extensions
[2013.05.24 22:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\m4hcwook.default\extensions
[2012.12.26 21:06:09 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\m4hcwook.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2013.05.22 11:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.22 11:04:59 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Bio3D (Enabled) = C:\Program Files\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
CHR - plugin: ChemDraw (Enabled) = C:\Program Files\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2013.05.15 22:17:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Programme\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Programme\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - Startup: C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Angela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1111/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{125A7B6C-2123-4E4E-A776-EEA3D34D91FA}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF7F7128-7632-44B7-89A8-DF1FB8AFFDC2}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.24 22:13:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.24 22:12:11 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.24 22:09:44 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Angela\Desktop\JRT.exe
[2013.05.19 15:28:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.16 22:24:59 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 22:24:58 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 22:24:58 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 22:24:57 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 22:24:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 22:24:56 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 22:24:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 22:24:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 22:24:56 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 22:24:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.15 23:05:43 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.05.15 22:26:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.15 22:25:43 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\temp
[2013.05.15 21:44:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.15 21:44:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.15 21:44:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.15 21:42:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.15 21:40:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.15 21:38:49 | 005,066,276 | R--- | C] (Swearware) -- C:\Users\Angela\Desktop\ComboFix.exe
[2013.05.15 08:18:30 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 08:18:29 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 08:18:11 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 08:17:57 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.15 08:17:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.13 21:15:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Angela\Desktop\OTL.exe
[2013.05.10 21:15:09 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Updater
[2013.05.10 21:04:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2013.05.10 19:06:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013.05.10 19:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2013.05.10 19:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013.05.10 18:57:44 | 000,000,000 | ---D | C] -- C:\Creative Suite CS2
[2013.05.10 14:19:33 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\CrashDumps
[2013.05.10 09:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.05.10 09:37:00 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\DVDVideoSoft
[2013.05.10 09:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.05.10 09:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.05.10 09:08:56 | 000,934,488 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\symefa.sys
[2013.05.10 09:08:56 | 000,338,592 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\symnets.sys
[2013.05.10 09:08:56 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\symelam.sys
[2013.05.10 09:08:55 | 000,602,712 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\srtsp.sys
[2013.05.10 09:08:55 | 000,367,704 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\symds.sys
[2013.05.10 09:08:55 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\ironx86.sys
[2013.05.10 09:08:55 | 000,134,304 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\ccsetx86.sys
[2013.05.10 09:08:55 | 000,032,344 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\srtspx.sys
[2013.05.10 09:08:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\1403010.016
[2013.05.10 08:56:49 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.05.10 08:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013.05.10 08:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.05.10 08:54:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2013.05.10 08:54:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013.05.10 08:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2013.05.09 08:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013.05.09 08:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013.05.09 08:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013.05.05 15:50:05 | 000,000,000 | ---D | C] -- C:\Windows\HerculesWebcamUpdater
[2013.05.05 15:50:03 | 000,374,056 | ---- | C] (Guillemot Corporation S.A.) -- C:\Windows\System32\HWLMSET2.exe
[2013.05.05 15:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Hercules
[2013.04.26 10:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.26 10:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.24 22:33:15 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 22:33:15 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 22:26:07 | 000,000,678 | ---- | M] () -- C:\Windows\Brownie.ini
[2013.05.24 22:26:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.24 22:25:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.24 22:25:40 | 798,564,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.24 22:20:56 | 000,632,031 | ---- | M] () -- C:\Users\Angela\Desktop\adwcleaner.exe
[2013.05.24 22:13:29 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.24 22:10:43 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Angela\Desktop\JRT.exe
[2013.05.24 22:05:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 11:05:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.19 21:00:58 | 000,672,522 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.19 21:00:58 | 000,623,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.19 21:00:58 | 000,135,806 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.19 21:00:58 | 000,111,556 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.17 08:06:16 | 000,414,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.17 08:04:43 | 001,931,797 | ---- | M] () -- C:\Windows\System32\drivers\N360\1403010.016\Cat.DB
[2013.05.15 23:05:51 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 23:05:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.15 23:05:43 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.05.15 22:17:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.15 21:39:11 | 005,066,276 | R--- | M] (Swearware) -- C:\Users\Angela\Desktop\ComboFix.exe
[2013.05.13 21:15:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Angela\Desktop\OTL.exe
[2013.05.10 19:06:36 | 000,001,249 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.05.10 09:25:48 | 000,002,304 | ---- | M] () -- C:\{C44647FC-F019-4957-BD7A-84B1B48CE4D0}
[2013.05.10 08:56:48 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.05.10 08:56:48 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.05.10 08:56:48 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.24 22:20:42 | 000,632,031 | ---- | C] () -- C:\Users\Angela\Desktop\adwcleaner.exe
[2013.05.15 21:44:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.15 21:44:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.15 21:44:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.15 21:44:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.15 21:44:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.10 21:07:20 | 000,002,550 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS2.lnk
[2013.05.10 21:04:42 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2013.05.10 20:31:01 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk
[2013.05.10 19:15:35 | 000,002,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013.05.10 19:15:35 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013.05.10 19:09:26 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013.05.10 19:06:35 | 000,001,249 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.05.10 19:04:54 | 000,001,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2013.05.10 09:25:47 | 000,002,304 | ---- | C] () -- C:\{C44647FC-F019-4957-BD7A-84B1B48CE4D0}
[2013.05.10 09:14:17 | 001,931,797 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\Cat.DB
[2013.05.10 09:11:34 | 000,014,818 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\VT20130115.021
[2013.05.10 09:08:56 | 000,009,670 | R--- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symelam.cat
[2013.05.10 09:08:56 | 000,007,601 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symnet.cat
[2013.05.10 09:08:56 | 000,007,583 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symefa.cat
[2013.05.10 09:08:56 | 000,003,434 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symefa.inf
[2013.05.10 09:08:56 | 000,001,440 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symnet.inf
[2013.05.10 09:08:56 | 000,000,996 | R--- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symelam.inf
[2013.05.10 09:08:55 | 000,007,611 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\ccsetx86.cat
[2013.05.10 09:08:55 | 000,007,593 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\iron.cat
[2013.05.10 09:08:55 | 000,007,581 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\srtspx.cat
[2013.05.10 09:08:55 | 000,007,577 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symds.cat
[2013.05.10 09:08:55 | 000,007,577 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\srtsp.cat
[2013.05.10 09:08:55 | 000,002,852 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symds.inf
[2013.05.10 09:08:55 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\srtspx.inf
[2013.05.10 09:08:55 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\srtsp.inf
[2013.05.10 09:08:55 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\ccsetx86.inf
[2013.05.10 09:08:55 | 000,000,737 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\iron.inf
[2013.05.10 09:08:17 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\isolate.ini
[2013.05.10 08:56:49 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.05.10 08:56:49 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013.05.05 15:50:03 | 000,015,144 | ---- | C] () -- C:\Windows\System32\HWLMSET2PS.dll
[2013.04.21 19:03:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2013.04.21 19:03:39 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2013.02.13 19:44:05 | 000,017,408 | ---- | C] () -- C:\Users\Angela\AppData\Local\WebpageIcons.db
[2013.02.10 21:45:28 | 000,010,851 | ---- | C] () -- C:\Users\Angela\.recently-used.xbel
[2012.11.07 13:41:13 | 000,021,860 | ---- | C] () -- C:\Users\Angela\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2012.08.13 23:11:46 | 000,007,602 | ---- | C] () -- C:\Users\Angela\AppData\Local\Resmon.ResmonCfg
[2011.06.07 09:35:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.07 09:33:32 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.12.14 11:24:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.12.09 10:17:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.29 09:18:08 | 000,000,032 | RHS- | C] () -- C:\Users\Angela\AppData\Local\t56.dat
[2010.06.30 20:48:44 | 000,003,584 | ---- | C] () -- C:\Users\Angela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.03.12 19:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Viele Grüße |
aswMBR.exe und speichere die Datei auf deinem Desktop.
TDSSKiller.exe und speichere diese Datei auf dem Desktop
AdwCleaner auf deinen Desktop.
Textbox. 