Welcome to Smokey's Security Forums.
As a guest you only have limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

A serious Tor browser flaw leaks users' real IP addresses

The so-called TorMoil flaw stems from a bug in how Firefox handles local file-based addresses.

A serious Tor browser flaw leaks users' real IP addresses

Malware Log Analysis & Removal Help * Ransomware Encryption & Decrytion Techniques * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on RedditShare this topic on TwitterAuthorTopic: otl scan  (Read 2539 times)

0 Members and 1 Guest are viewing this topic.

Starbuck

  • Site Owner
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3421
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: otl scan
« Reply #9 on: March 16, 2013, 09:22:22 PM »
Ok mia, thanks for that.

Step 1
Double click on OTL to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include the whole fix.... right down to and including the Commands section)
Code: [Select]
:Otl
DRV:64bit: - (dump_wmimmc) -- C:\Program Files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys File not found
IE - HKCU\..\SearchScopes\{9E61F094-62FE-44D0-AF97-210CF8AB4A2D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>;192.168.*.*
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{4600494b-92a2-11e0-a3a0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4600494b-92a2-11e0-a3a0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe -- [2011.12.09 17:15:44 | 000,706,888 | R--- | M] ()
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4D066AD2

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.



  • Click the red Run Fix button.



  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


Step 2
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Full Scan" option is selected.
      • Then click on the Scan button.
      • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
      • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
      • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
      • Click OK to close the message box and continue with the removal process.
      • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
      • Make sure that everything is checked, and click Remove Selected.
      • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
      • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
      • Copy and paste the contents of that report in your next reply and exit MBAM.
      Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

      In your next reply, please submit: 
      Otl fix report
      MBAM report


      Thanks.

      miaTopic starter

      • Member
      • *
      • Offline Offline
      • Posts: 5
      Re: otl scan
      « Reply #8 on: March 16, 2013, 07:06:24 PM »
      no, it was not purposely,,,,

      Starbuck

      • Site Owner
      • *
      • Offline Offline
      • location: Midlands. UK
      • Posts: 3421
      • .: Leader Malware Analysis & Removal Team
      • -: Site Help Desk - Support Department
        • WWW
      Re: otl scan
      « Reply #7 on: March 15, 2013, 10:30:42 PM »
      Hi mia,

      Before i write an OTL fix, could you please confirm whether you have purposely set this proxy on your system:

      Quote
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>;192.168.*.*


      Thanks

      miaTopic starter

      • Member
      • *
      • Offline Offline
      • Posts: 5
      Re: otl scan
      « Reply #6 on: March 15, 2013, 10:40:16 AM »
      hello,
      now you got the 2nd otl report:
      OTL logfile created on: 15.03.2013 10:29:31 - Run 3
      OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Emilia\Downloads
      64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
       
      3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 53,11% Memory free
      6,00 Gb Paging File | 4,54 Gb Available in Paging File | 75,71% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]
       
      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 917,41 Gb Total Space | 805,97 Gb Free Space | 87,85% Space Free | Partition Type: NTFS
      Drive D: | 1,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
       
      Computer Name: EMILIA-PC | User Name: Emilia | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
       
      ========== Processes (SafeList) ==========
       
      PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
      PRC - C:\Users\Emilia\Downloads\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
      PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
      PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
      PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
      PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - C:\Users\Emilia\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
      PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
      PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
      PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
      PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
      PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
      PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
      PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer)
       
       
      ========== Modules (No Company Name) ==========
       
      MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
      MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
      MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
      MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
       
       
      ========== Services (SafeList) ==========
       
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
      SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
      SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
      SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
      SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
      SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
      SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
      SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
      SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
       
       
      ========== Driver Services (SafeList) ==========
       
      DRV:64bit: - (dump_wmimmc) -- C:\Program Files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys File not found
      DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
      DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
      DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
      DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
      DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
      DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
      DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
      DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
      DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
      DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
      DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
      DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
      DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola)
      DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
      DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
       
       
      ========== Standard Registry (SafeList) ==========
       
       
      ========== Internet Explorer ==========
       
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360611sn06973e54z55bh851431q
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360611sn06973e54z55bh851431q
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360611sn06973e54z55bh851431q
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360611sn06973e54z55bh851431q
      IE - HKLM\..\SearchScopes,DefaultScope =
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
      IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
       
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360611sn06973e54z55bh851431q
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
      IE - HKCU\..\SearchScopes,DefaultScope =
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
      IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE - HKCU\..\SearchScopes\{9E61F094-62FE-44D0-AF97-210CF8AB4A2D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>;192.168.*.*
       
      ========== FireFox ==========
       
      FF - prefs.js..browser.search.selectedEngine: "Google"
      FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
      FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
      FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.171
      FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.199.0
      FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
      FF - user.js - File not found
       
      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
      FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Emilia\AppData\Roaming\Mozilla\Firefox\Profiles\fm2vjpsr.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
      FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
       
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.14 18:44:08 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.14 18:40:00 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.14 18:40:00 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
       
      [2011.09.16 15:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emilia\AppData\Roaming\mozilla\Extensions
      [2013.03.15 09:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emilia\AppData\Roaming\mozilla\Firefox\Profiles\fm2vjpsr.default\extensions
      [2013.02.03 18:49:22 | 000,000,000 | ---D | M] () -- C:\Users\Emilia\AppData\Roaming\mozilla\Firefox\Profiles\fm2vjpsr.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
      [2013.01.30 16:20:58 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Emilia\AppData\Roaming\mozilla\Firefox\Profiles\fm2vjpsr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
      [2013.02.16 16:59:02 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Emilia\AppData\Roaming\mozilla\Firefox\Profiles\fm2vjpsr.default\extensions\battlefieldheroespatcher@ea.com
      [2012.12.11 18:34:18 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Emilia\AppData\Roaming\mozilla\firefox\profiles\fm2vjpsr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
      [2013.02.15 14:25:09 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Emilia\AppData\Roaming\mozilla\firefox\profiles\fm2vjpsr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
      [2013.03.14 18:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2013.03.14 18:40:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012.07.03 16:47:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
      [2012.09.01 11:03:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012.07.03 16:47:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
      [2012.07.03 16:47:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
      [2012.07.03 16:47:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
      [2012.07.03 16:47:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
       
      ========== Chrome  ==========
       
      CHR - homepage: http://www.google.com/
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
      CHR - homepage: http://www.google.com/
      CHR - Extension: YouTube = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: Google-Suche = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
      CHR - Extension: avast! WebRep = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
      CHR - Extension: Google Mail = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
       
      O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
      O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Emilia\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
      O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
      O4 - Startup: C:\Users\Emilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Emilia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
      O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Emilia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
      O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
      O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
      O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
      O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F58E7125-AF2D-4227-8343-2C5196582E27}: DhcpNameServer = 192.168.0.1
      O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
      O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
      O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
      O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
      O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2011.12.06 14:46:32 | 000,000,075 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
      O33 - MountPoints2\{4600494b-92a2-11e0-a3a0-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{4600494b-92a2-11e0-a3a0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe -- [2011.12.09 17:15:44 | 000,706,888 | R--- | M] ()
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
       
      / MP / S % SYSTEMROOT% \ SYSTEM32 \ *. DLL / LOCKEDFILES % SYSTEMROOT% \ ANWENDUNGSDATEN \ *. JOB / LOCKEDFILES % SYSTEMROOT% \ SYSTEM32 \ DRIVERS \ *. SYS / LOCKEDFILES % SYSTEMROOT% \ SYSTEM32 \ *. EXE / LOCKEDFILES % SYSTEMROOT% \ SYSTEM32 \ CONFIG \ * SAV. % PROGRAMME% \ * % USERPROFILE% \ .. | SMTMP; TRUE; TRUE; WAHREN / RS HKLM \ SOFTWARE \ CLIENTS \ STARTMENUINTERNET | COMMAND / 64 / RS CREATERESTOREPOINT
      Restore point Set: OTL Restore Point
       
      ========== Files/Folders - Created Within 30 Days ==========
       
      [2013.03.14 20:35:31 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Local\Macromedia
      [2013.03.14 20:27:58 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
      [2013.03.14 20:27:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
      [2013.03.14 19:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
      [2013.03.14 19:36:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
      [2013.03.14 19:36:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
      [2013.03.14 19:36:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
      [2013.03.14 19:36:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
      [2013.03.14 19:36:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
      [2013.03.14 19:36:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
      [2013.03.14 19:36:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
      [2013.03.14 19:36:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
      [2013.03.14 19:36:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
      [2013.03.14 19:36:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
      [2013.03.14 19:36:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
      [2013.03.14 19:35:57 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
      [2013.03.14 19:35:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
      [2013.03.14 19:35:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
      [2013.03.14 19:35:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
      [2013.03.14 19:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
      [2013.03.14 19:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
      [2013.03.14 19:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
      [2013.03.14 18:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
      [2013.03.14 18:30:52 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Local\ElevatedDiagnostics
      [2013.03.10 20:15:43 | 000,000,000 | -HSD | C] -- C:\found.001
      [2013.03.05 19:44:12 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Roaming\.minecraft
      [2013.02.27 18:57:25 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
      [2013.02.27 18:57:25 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
      [2013.02.27 18:57:25 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
      [2013.02.27 18:57:25 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
      [2013.02.27 18:57:22 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
      [2013.02.27 18:57:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
      [2013.02.27 18:57:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
      [2013.02.27 18:57:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
      [2013.02.27 18:57:15 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      [2013.02.27 18:57:15 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      [2013.02.27 18:57:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
      [2013.02.27 18:57:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
      [2013.02.27 18:57:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
      [2013.02.27 18:57:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
      [2013.02.27 18:57:14 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
      [2013.02.27 18:57:14 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
      [2013.02.27 18:57:14 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
      [2013.02.27 18:57:14 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
      [2013.02.27 18:57:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
      [2013.02.27 18:57:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
      [2013.02.27 18:57:13 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
      [2013.02.27 18:57:13 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
      [2013.02.27 18:57:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
      [2013.02.27 18:57:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
      [2013.02.27 18:57:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
      [2013.02.27 18:57:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
      [2013.02.27 18:57:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
      [2013.02.27 18:57:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
      [2013.02.27 18:57:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
      [2013.02.27 18:57:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
      [2013.02.27 18:57:12 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
      [2013.02.27 18:57:12 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
      [2013.02.27 18:57:12 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
      [2013.02.27 18:57:12 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
      [2013.02.27 18:57:12 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
      [2013.02.27 18:57:12 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
      [2013.02.27 18:57:12 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
      [2013.02.27 18:57:11 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
      [2013.02.27 18:57:11 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
      [2013.02.27 18:57:10 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
      [2013.02.27 18:57:10 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
      [2013.02.24 14:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
      [2013.02.24 14:31:59 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
      [2013.02.24 14:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
      [2013.02.24 14:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
      [2013.02.24 14:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
      [2013.02.24 14:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
      [2013.02.24 14:19:26 | 090,130,256 | ---- | C] (Apple Inc.) -- C:\Users\Emilia\Desktop\iTunes64Setup.exe
      [2013.02.19 17:27:30 | 000,000,000 | ---D | C] -- C:\Users\Emilia\Documents\My Cheat Tables
      [2013.02.19 17:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
      [2013.02.19 17:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
      [2013.02.14 14:46:58 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
      [2013.02.14 14:46:57 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
      [2013.02.14 14:46:56 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
      [2013.02.14 14:46:46 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
      [2013.02.14 14:46:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
      [2013.02.14 14:46:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
      [2013.02.14 14:46:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
      [2013.02.14 14:46:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
      [2013.02.14 14:46:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
      [2013.02.14 14:46:39 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
      [2009.10.29 07:09:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
      [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
      [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
       
      ========== Files - Modified Within 30 Days ==========
       
      [2013.03.15 09:57:04 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2013.03.15 09:57:04 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2013.03.15 09:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2013.03.15 09:50:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2013.03.15 09:49:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2013.03.15 09:39:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2013.03.14 20:27:58 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
      [2013.03.14 20:27:58 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      [2013.03.14 18:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
      [2013.03.07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
      [2013.03.07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
      [2013.03.07 00:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
      [2013.03.07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
      [2013.03.07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
      [2013.03.07 00:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
      [2013.03.07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
      [2013.03.07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
      [2013.03.07 00:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
      [2013.03.07 00:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
      [2013.03.06 18:05:43 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
      [2013.03.06 18:05:43 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
      [2013.03.06 17:57:30 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
      [2013.03.06 16:42:58 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
      [2013.02.24 14:32:08 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
      [2013.02.24 14:27:47 | 090,130,256 | ---- | M] (Apple Inc.) -- C:\Users\Emilia\Desktop\iTunes64Setup.exe
      [2013.02.18 18:01:52 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
      [2013.02.15 14:19:55 | 000,410,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2013.02.14 19:28:42 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2013.02.14 19:28:42 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
      [2013.02.14 19:28:42 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2013.02.14 19:28:42 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
      [2013.02.14 19:28:42 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2013.02.14 14:36:22 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
      [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
      [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
       
      ========== Files Created - No Company Name ==========
       
      [2013.03.14 20:28:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2013.03.14 18:44:16 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
      [2013.03.14 18:44:14 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
      [2013.02.24 14:32:08 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
      [2012.05.04 17:47:23 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini
      [2012.04.15 10:38:10 | 000,001,107 | ---- | C] () -- C:\Users\Emilia\Dokumente - VerknĂĽpfung.lnk
      [2011.12.04 15:01:21 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
      [2011.12.04 15:01:16 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
      [2011.10.21 16:23:06 | 000,003,584 | ---- | C] () -- C:\Users\Emilia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2011.09.16 15:42:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
      [2011.09.10 11:21:47 | 000,000,314 | ---- | C] () -- C:\Windows\wininit.ini
      [2011.03.08 15:09:56 | 000,000,004 | ---- | C] () -- C:\ProgramData\icw09hbs.inf
       
      ========== ZeroAccess Check ==========
       
      [2012.12.28 09:05:56 | 000,003,975 | ---- | M] () -- C:\Users\Emilia\AppData\Local\Temp\Rar$DRa0.237\l.class
      [2012.12.28 09:05:56 | 000,001,032 | ---- | M] () -- C:\Users\Emilia\AppData\Local\Temp\Rar$DRa0.237\n.class
      [2012.12.28 09:05:56 | 000,001,458 | ---- | M] () -- C:\Users\Emilia\AppData\Local\Temp\Rar$DRa0.237\u.class
      [2012.12.28 09:05:56 | 000,003,975 | ---- | M] () -- C:\Users\Emilia\AppData\Local\Temp\Rar$DRa0.264\l.class
      [2012.12.28 09:05:56 | 000,001,032 | ---- | M] () -- C:\Users\Emilia\AppData\Local\Temp\Rar$DRa0.264\n.class
      [2012.12.28 09:05:56 | 000,001,458 | ---- | M] () -- C:\Users\Emilia\AppData\Local\Temp\Rar$DRa0.264\u.class
      [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
       
      ========== Alternate Data Streams ==========
       
      @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:ABE89FFE
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E1F04E8D
      @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5D7E5A8F
      @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4D066AD2

      < End of report >

      miaTopic starter

      • Member
      • *
      • Offline Offline
      • Posts: 5
      Re: otl scan
      « Reply #5 on: March 15, 2013, 09:58:28 AM »
      good morning,

      i´ve got problems with a green desktop after log in. there is no reaction at all. i can only see and move the mouse.
      after adwcleaner download i got this editor:
      # AdwCleaner v2.112 - Datei am 15/03/2013 um 09:47:33 erstellt
      # Aktualisiert am 10/02/2013 von Xplode
      # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Benutzer : Emilia - EMILIA-PC
      # Bootmodus : Normal
      # AusgefĂĽhrt unter : C:\Users\Emilia\AppData\Local\Temp\OCS\Downloads\705f49176579a643660bff5ff6ae3956\ee8e33e956b0dc98c57df72e892819c6\adwcleaner_2.112.exe
      # Option [Löschen]


      **** [Dienste] ****


      ***** [Dateien / Ordner] *****

      Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
      Datei Gelöscht : C:\Users\Emilia\AppData\Roaming\Mozilla\Firefox\Profiles\fm2vjpsr.default\searchplugins\Conduit.xml
      Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
      Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
      Ordner Gelöscht : C:\Program Files (x86)\Conduit
      Ordner Gelöscht : C:\Program Files (x86)\DealPly
      Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB
      Ordner Gelöscht : C:\Program Files (x86)\Winload
      Ordner Gelöscht : C:\ProgramData\AVG Secure Search
      Ordner Gelöscht : C:\ProgramData\Partner
      Ordner Gelöscht : C:\Users\Emilia\AppData\Local\AVG Secure Search
      Ordner Gelöscht : C:\Users\Emilia\AppData\Local\Conduit
      Ordner Gelöscht : C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk
      Ordner Gelöscht : C:\Users\Emilia\AppData\Local\Temp\avg@toolbar
      Ordner Gelöscht : C:\Users\Emilia\AppData\Local\Temp\Conduit
      Ordner Gelöscht : C:\Users\Emilia\AppData\LocalLow\AVG Secure Search
      Ordner Gelöscht : C:\Users\Emilia\AppData\LocalLow\Conduit
      Ordner Gelöscht : C:\Users\Emilia\AppData\LocalLow\DVDVideoSoftTB
      Ordner Gelöscht : C:\Users\Emilia\AppData\LocalLow\PriceGong
      Ordner Gelöscht : C:\Users\Emilia\AppData\LocalLow\Winload
      Ordner Gelöscht : C:\Users\Emilia\AppData\Roaming\DealPly
      Ordner Gelöscht : C:\Users\Emilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
      Ordner Gelöscht : C:\Users\Emilia\AppData\Roaming\Mozilla\Firefox\Profiles\fm2vjpsr.default\ConduitCommon
      Ordner Gelöscht : C:\Users\Emilia\AppData\Roaming\Mozilla\Firefox\Profiles\fm2vjpsr.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
      Ordner Gelöscht : C:\Users\Emilia\AppData\Roaming\OpenCandy

      ***** [Registrierungsdatenbank] *****

      Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
      Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
      Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
      Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
      Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
      Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
      Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
      Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
      Schlüssel Gelöscht : HKCU\Software\DealPly
      Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
      Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
      Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
      Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
      Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
      Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF653B20-0541-4311-8D44-A0DC1C4AC6F3}
      Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
      Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
      Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
      Schlüssel Gelöscht : HKLM\Software\Conduit
      Schlüssel Gelöscht : HKLM\Software\DealPly
      Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
      Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
      Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
      Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF653B20-0541-4311-8D44-A0DC1C4AC6F3}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
      Schlüssel Gelöscht : HKLM\Software\Winload
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF653B20-0541-4311-8D44-A0DC1C4AC6F3}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F2C1A7D-10F2-4049-8B54-94FF125CB535}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34CA2EAA-A521-49A7-831E-94F8EB634C99}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D66C74B-4564-4E7D-8300-959B474629A2}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1D0EC1F-EC8F-4C99-A310-79E07527E618}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
      Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
      Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
      Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
      Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
      Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
      Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
      Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
      Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
      Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
      Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
      Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
      Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

      ***** [Internet Browser] *****

      -\\ Internet Explorer v9.0.8112.16470

      Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 --> hxxp://www.google.com

      -\\ Mozilla Firefox v19.0.2 (de)

      Datei : C:\Users\Emilia\AppData\Roaming\Mozilla\Firefox\Profiles\fm2vjpsr.default\prefs.js

      C:\Users\Emilia\AppData\Roaming\Mozilla\Firefox\Profiles\fm2vjpsr.default\user.js ... Gelöscht !

      Gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
      Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
      Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
      Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
      Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
      Gelöscht : user_pref("CT2269050.AppTrackingLastCheckTime", "Tue Jul 24 2012 17:24:14 GMT+0200");
      Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
      Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
      Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
      Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
      Gelöscht : user_pref("CT2269050.CurrentServerDate", "8-11-2012");
      Gelöscht : user_pref("CT2269050.DSChangedManually", true);
      Gelöscht : user_pref("CT2269050.DSInstall", true);
      Gelöscht : user_pref("CT2269050.DSProtectChoice", true);
      Gelöscht : user_pref("CT2269050.DSProtectCount", 1);
      Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
      Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Mon Nov 05 2012 17:15:41 GMT+0100");
      Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
      Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Thu Nov 08 2012 16:41:15 GMT+0100");
      Gelöscht : user_pref("CT2269050.FirstServerDate", "22-3-2012");
      Gelöscht : user_pref("CT2269050.FirstTime", true);
      Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
      Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
      Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
      Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
      Gelöscht : user_pref("CT2269050.HPChangedManually", false);
      Gelöscht : user_pref("CT2269050.HPInstall", true);
      Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
      Gelöscht : user_pref("CT2269050.HomePageProtectorEnabled", false);
      Gelöscht : user_pref("CT2269050.HomepageBeforeUnload", "hxxps://isearch.avg.com?cid=%7B05ca5a07-a9c5-49ae-85c3-[...]
      Gelöscht : user_pref("CT2269050.Initialize", true);
      Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
      Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
      Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
      Gelöscht : user_pref("CT2269050.InstalledDate", "Thu Mar 22 2012 18:42:38 GMT+0100");
      Gelöscht : user_pref("CT2269050.InvalidateCache", false);
      Gelöscht : user_pref("CT2269050.IsAlertDBUpdated", true);
      Gelöscht : user_pref("CT2269050.IsGrouping", false);
      Gelöscht : user_pref("CT2269050.IsInitSetupIni", true);
      Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
      Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
      Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
      Gelöscht : user_pref("CT2269050.IsProtectorsInit", true);
      Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Thu Nov 08 2012 16:27:43 GMT+0100");
      Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
      Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
      Gelöscht : user_pref("CT2269050.LastLogin_3.10.0.1", "Mon Apr 23 2012 15:41:05 GMT+0200");
      Gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Wed Apr 25 2012 17:42:52 GMT+0200");
      Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Tue May 22 2012 18:17:48 GMT+0200");
      Gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Thu Jun 28 2012 15:00:58 GMT+0200");
      Gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 17:35:09 GMT+0200");
      Gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Thu Nov 08 2012 16:27:43 GMT+0100");
      Gelöscht : user_pref("CT2269050.LatestVersion", "3.16.0.3");
      Gelöscht : user_pref("CT2269050.Locale", "en");
      Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
      Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
      Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
      Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
      Gelöscht : user_pref("CT2269050.OriginalFirstVersion", "3.10.0.1");
      Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
      Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Thu Nov 08 2012 16:27:42 GMT+0100");
      Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
      Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
      Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
      Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
      Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
      Gelöscht : user_pref("CT2269050.RadioShrinkedFromSetup", false);
      Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
      Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
      Gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13");
      Gelöscht : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
      Gelöscht : user_pref("CT2269050.SearchEngineBeforeUnload", "Google");
      Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
      Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
      Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
      Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
      Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Thu Nov 08 2012 16:27:35 GMT+0100");
      Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
      Gelöscht : user_pref("CT2269050.SearchProtectorEnabled", false);
      Gelöscht : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
      Gelöscht : user_pref("CT2269050.SendProtectorDataViaLogin", true);
      Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Thu Nov 08 2012 16:27:42 GMT+0100");
      Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Thu Nov 08 2012 16:27:34 GMT+0100");
      Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1352142245");
      Gelöscht : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
      Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
      Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Tue Oct 23 2012 20:13:35 GMT+0200");
      Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
      Gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
      Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
      Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
      Gelöscht : user_pref("CT2269050.UserID", "UN12843774372660244");
      Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
      Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
      Gelöscht : user_pref("CT2269050.WeatherPollDate", "Thu Nov 08 2012 16:27:42 GMT+0100");
      Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
      Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
      Gelöscht : user_pref("CT2269050.autoDisableScopes", -1);
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6C7071736F767072");
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747372767779757C7678242F4B4947[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj0j@l@ka$nn", "247E61393F236B25707879742A212C6E414F444[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj3b@:?a#ncf", "247E61393F236B256E7575792A212C6E414F444[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj3f@9lfdm%oo", "247E61393F236B25727574712A212C6E414F44[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj4<hlh@bl%oo", "247E61393F236B256F78757A2A212C6E414F44[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj6<3:<:=$nn", "247E61393F236B256F7671712A212C6E414F444[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj6<?!:ngeca'qq", "247E61393F236B25707879752A212C6E414F[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj6f>?e<$acjfa)ss", "247E61393F236B257677717A722B222D6F[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj6f>?e<k9baobc*ujm", "247E61393F236B2576777877722B222D[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj74k9kg#ncf", "247E61393F236B2576747977792B222D6F42504[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7;chgjd$nn", "247E61393F236B25717277732A212C6E414F444[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7;zy!lad", "247E61393F236B2576777872782B222D6F4250454[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7@3=i\"mbe", "247E61393F236B25707876792A212C6E414F444[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj:fk;b\"ll", "247E61393F236B25737876722A212C6E414F444D[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj;78>!kk", "247E61393F236B25747177792A212C6E414F444D32[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj;y=?bfbl%oo", "247E61393F236B256F7679742A212C6E414F44[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj<f:>!lad", "247E61393F236B257578787A772B222D6F4250454[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj=fc?:=kcn:lths?,vv", "247E61393F236B2576777471752B222[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj>f8:g@lhkj@tj*igs", "247E61393F236B25747778712A212C6E[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj?f>6?@l$nn", "247E61393F236B2576787973782B222D6F42504[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj?f@ai=$>bdbac*tt", "247E61393F236B25717177752A212C6E4[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj@f@a5mkef:'rgj", "247E61393F236B25757078782A212C6E414[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjeik4!kk", "247E61393F236B25767177722A212C6E414F444D32[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjeik4!la$=h", "247E61393F236B25767179722A212C6E414F444[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjej~j?b", "247E61393F236B25717778752A212C6E414F444D327[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjf<7fbn=$nn", "247E61393F236B25767477762A212C6E414F444[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjgf>9i=mb=a@(rr", "247E61393F236B256F7673712A212C6E414[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjg~k?j#o$odg", "247E61393F236B25707879722A212C6E414F44[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjh6gjfj>$nn", "247E61393F236B25717370752A212C6E414F444[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjh<hh@kg?mp@(rr", "247E61393F236B256F7672722A212C6E414[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjhj9h!kk", "247E61393F236B25717375772A212C6E414F444D32[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cji5e k@c", "247E61393F236B2573787229202B6D404E434C3179[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cji68>;la<>\"!(rr", "247E61393F236B2576767329202B6D404E[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cji;<ai\"mbe", "247E61393F236B256E7378762A212C6E414F444[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cji?ckmmo$odg", "247E61393F236B257373287E2A6C3F4D424B30[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjy6>i}\"ll", "247E61393F236B25717471712A212C6E414F444D[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "6F6E6D41414141767A77457A46204B76764E2550244F262A22[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
      Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
      Gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b/556,bi5a>g", "6E6D6C70706B6D6E7170787773");
      Gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
      Gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D464[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6C3B3D727172706D7A6F787775737979204B782222");
      Gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C7071736F766F7673767A");
      Gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
      Gelöscht : user_pref("CT2269050.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
      Gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
      Gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
      Gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
      Gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
      Gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
      Gelöscht : user_pref("CT2269050.backendstorage.cb_experience_000", "34");
      Gelöscht : user_pref("CT2269050.backendstorage.cb_firstuse0100", "31");
      Gelöscht : user_pref("CT2269050.backendstorage.cb_user_id_000", "43423135353430363330353037385F46697265666F78")[...]
      Gelöscht : user_pref("CT2269050.backendstorage.cbcountry_000", "4445");
      Gelöscht : user_pref("CT2269050.backendstorage.cbcountry_001", "4445");
      Gelöscht : user_pref("CT2269050.backendstorage.cbfirsttime", "4D6F6E2041707220313620323031322031363A31323A31362[...]
      Gelöscht : user_pref("CT2269050.backendstorage.ct2269050isadsdisabled", "66616C7365");
      Gelöscht : user_pref("CT2269050.backendstorage.facebook_mode", "32");
      Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "467269204F637420323620323031322031323A[...]
      Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
      Gelöscht : user_pref("CT2269050.backendstorage.url_history0001", "6A6176617363726970743A3A3A3A636C69636B68616E6[...]
      Gelöscht : user_pref("CT2269050.backendstorage.youtubelang", "4445");
      Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
      Gelöscht : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Wed Oct 31 2012 17:23:22 GMT+0100");
      Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
      Gelöscht : user_pref("CT2269050.initDone", true);
      Gelöscht : user_pref("CT2269050.isAppTrackingManagerOn", false);
      Gelöscht : user_pref("CT2269050.isFirstRadioInstallation", false);
      Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
      Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
      Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
      Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
      Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
      Gelöscht : user_pref("CT2269050.navigateToUrlOnSearch", false);
      Gelöscht : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129466585399606892,129[...]
      Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
      Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
      Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
      Gelöscht : user_pref("CT2269050.testingCtid", "");
      Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Thu Nov 08 2012 16:27:43 GMT+0100");
      Gelöscht : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Sun Nov 04 2012 14:51:19 GMT+0100");
      Gelöscht : user_pref("CT2269050.usagesFlag", 2);
      Gelöscht : user_pref("CT2319825..clientLogIsEnabled", false);
      Gelöscht : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
      Gelöscht : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
      Gelöscht : user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
      Gelöscht : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
      Gelöscht : user_pref("CT2319825.BrowserCompStateIsOpen_129714600517272937", true);
      Gelöscht : user_pref("CT2319825.BrowserCompStateIsOpen_129784504530494139", true);
      Gelöscht : user_pref("CT2319825.CTID", "ct2319825");
      Gelöscht : user_pref("CT2319825.CurrentServerDate", "8-11-2012");
      Gelöscht : user_pref("CT2319825.DialogsAlignMode", "LTR");
      Gelöscht : user_pref("CT2319825.DialogsGetterLastCheckTime", "Mon Nov 05 2012 17:15:42 GMT+0100");
      Gelöscht : user_pref("CT2319825.DownloadReferralCookieData", "");
      Gelöscht : user_pref("CT2319825.EMailNotifierPollDate", "Thu Nov 08 2012 16:41:14 GMT+0100");
      Gelöscht : user_pref("CT2319825.FeedPollDate11908299", "Thu Nov 08 2012 16:27:45 GMT+0100");
      Gelöscht : user_pref("CT2319825.FirstServerDate", "25-9-2011");
      Gelöscht : user_pref("CT2319825.FirstTime", true);
      Gelöscht : user_pref("CT2319825.FirstTimeFF3", true);
      Gelöscht : user_pref("CT2319825.FixPageNotFoundErrors", true);
      Gelöscht : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
      Gelöscht : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
      Gelöscht : user_pref("CT2319825.HasUserGlobalKeys", true);
      Gelöscht : user_pref("CT2319825.Initialize", true);
      Gelöscht : user_pref("CT2319825.InitializeCommonPrefs", true);
      Gelöscht : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
      Gelöscht : user_pref("CT2319825.InstallationType", "ConduitIntegration");
      Gelöscht : user_pref("CT2319825.InstalledDate", "Sun Sep 25 2011 19:11:15 GMT+0200");
      Gelöscht : user_pref("CT2319825.InvalidateCache", false);
      Gelöscht : user_pref("CT2319825.IsAlertDBUpdated", true);
      Gelöscht : user_pref("CT2319825.IsGrouping", false);
      Gelöscht : user_pref("CT2319825.IsInitSetupIni", true);
      Gelöscht : user_pref("CT2319825.IsMulticommunity", false);
      Gelöscht : user_pref("CT2319825.IsOpenThankYouPage", false);
      Gelöscht : user_pref("CT2319825.IsOpenUninstallPage", true);
      Gelöscht : user_pref("CT2319825.LanguagePackLastCheckTime", "Sun Sep 25 2011 19:11:16 GMT+0200");
      Gelöscht : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
      Gelöscht : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
      Gelöscht : user_pref("CT2319825.LastLogin_3.10.0.1", "Thu May 03 2012 15:13:20 GMT+0200");
      Gelöscht : user_pref("CT2319825.LastLogin_3.12.2.3", "Fri Jun 15 2012 14:46:14 GMT+0200");
      Gelöscht : user_pref("CT2319825.LastLogin_3.13.0.6", "Tue Jul 24 2012 17:24:13 GMT+0200");
      Gelöscht : user_pref("CT2319825.LastLogin_3.14.1.0", "Tue Aug 21 2012 17:35:10 GMT+0200");
      Gelöscht : user_pref("CT2319825.LastLogin_3.15.1.0", "Thu Nov 08 2012 16:27:48 GMT+0100");
      Gelöscht : user_pref("CT2319825.LastLogin_3.6.0.10", "Mon Oct 17 2011 17:03:47 GMT+0200");
      Gelöscht : user_pref("CT2319825.LastLogin_3.7.0.6", "Mon Nov 07 2011 14:49:42 GMT+0100");
      Gelöscht : user_pref("CT2319825.LastLogin_3.8.0.8", "Mon Dec 05 2011 14:28:52 GMT+0100");
      Gelöscht : user_pref("CT2319825.LastLogin_3.8.1.0", "Thu Jan 19 2012 08:43:16 GMT+0100");
      Gelöscht : user_pref("CT2319825.LastLogin_3.9.0.3", "Wed Feb 15 2012 15:06:37 GMT+0100");
      Gelöscht : user_pref("CT2319825.LatestVersion", "3.15.1.0");
      Gelöscht : user_pref("CT2319825.Locale", "de");
      Gelöscht : user_pref("CT2319825.MCDetectTooltipHeight", "83");
      Gelöscht : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
      Gelöscht : user_pref("CT2319825.MCDetectTooltipWidth", "295");
      Gelöscht : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
      Gelöscht : user_pref("CT2319825.OriginalFirstVersion", "3.6.0.10");
      Gelöscht : user_pref("CT2319825.RadioIsPodcast", false);
      Gelöscht : user_pref("CT2319825.RadioLastCheckTime", "Sun Sep 25 2011 19:11:16 GMT+0200");
      Gelöscht : user_pref("CT2319825.RadioLastUpdateIPServer", "0");
      Gelöscht : user_pref("CT2319825.RadioMediaID", "11949532");
      Gelöscht : user_pref("CT2319825.RadioMediaType", "Media Player");
      Gelöscht : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
      Gelöscht : user_pref("CT2319825.RadioShrinkedFromSetup", false);
      Gelöscht : user_pref("CT2319825.RadioStationName", "1Live");
      Gelöscht : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
      Gelöscht : user_pref("CT2319825.SavedHomepage", "hxxp://www.google.de/");
      Gelöscht : user_pref("CT2319825.SearchBoxWidth", 249);
      Gelöscht : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
      Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
      Gelöscht : user_pref("CT2319825.SearchInNewTabEnabled", true);
      Gelöscht : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
      Gelöscht : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Sun Sep 25 2011 19:11:15 GMT+0200");
      Gelöscht : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
      Gelöscht : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
      Gelöscht : user_pref("CT2319825.ServiceMapLastCheckTime", "Thu Nov 08 2012 16:31:14 GMT+0100");
      Gelöscht : user_pref("CT2319825.SettingsLastCheckTime", "Sun Sep 25 2011 19:11:13 GMT+0200");
      Gelöscht : user_pref("CT2319825.SettingsLastUpdate", "1313478201");
      Gelöscht : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
      Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sun Sep 25 2011 19:11:13 GMT+0200");
      Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
      Gelöscht : user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
      Gelöscht : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
      Gelöscht : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
      Gelöscht : user_pref("CT2319825.UserID", "UN08698616914964241");
      Gelöscht : user_pref("CT2319825.ValidationData_Search", 2);
      Gelöscht : user_pref("CT2319825.ValidationData_Toolbar", 2);
      Gelöscht : user_pref("CT2319825.WeatherNetwork", "");
      Gelöscht : user_pref("CT2319825.WeatherPollDate", "Thu Nov 08 2012 16:27:45 GMT+0100");
      Gelöscht : user_pref("CT2319825.WeatherUnit", "C");
      Gelöscht : user_pref("CT2319825.alertChannelId", "715912");
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e06cg5el8:", "6E6D6E6E736F6D756E75");
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747374747975737B747B242F4B4947[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e31;cjy6>i}\"ll", "247E61393F236B25717471712A212C6E414F444D[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b-0?3g>d", "3B3E6B6F6E7375447A464546772075784E7A25212325522A26[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b-0?3g@6:5;", "");
      Gelöscht : user_pref("CT2319825.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
      Gelöscht : user_pref("CT2319825.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
      Gelöscht : user_pref("CT2319825.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D464[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b5ba==9cjag", "396C6A3D6D716E757A42737447497B764D7A224F51");
      Gelöscht : user_pref("CT2319825.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6E6E736F6D756E72717877");
      Gelöscht : user_pref("CT2319825.backendstorage./9b9643g3/9e", "6A");
      Gelöscht : user_pref("CT2319825.backendstorage./9b<:222h64<", "393F352F3E");
      Gelöscht : user_pref("CT2319825.backendstorage./9b=+03eh8h8j?:", "4443");
      Gelöscht : user_pref("CT2319825.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
      Gelöscht : user_pref("CT2319825.backendstorage./9b?b0d:8aj62<h", "6D");
      Gelöscht : user_pref("CT2319825.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
      Gelöscht : user_pref("CT2319825.backendstorage.autocompletepro_enable", "31");
      Gelöscht : user_pref("CT2319825.backendstorage.autocompletepro_enable_auto", "31");
      Gelöscht : user_pref("CT2319825.backendstorage.id", "3236333731353137");
      Gelöscht : user_pref("CT2319825.backendstorage.shoppingapp.gk.exipres", "5361742041707220313420323031322032303A[...]
      Gelöscht : user_pref("CT2319825.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
      Gelöscht : user_pref("CT2319825.ct2319825.AppTrackingLastCheckTime", "Sat Jun 23 2012 16:40:37 GMT+0200");
      Gelöscht : user_pref("CT2319825.ct2319825.DialogsAlignMode", "LTR");
      Gelöscht : user_pref("CT2319825.ct2319825.InvalidateCache", false);
      Gelöscht : user_pref("CT2319825.ct2319825.LanguagePackLastCheckTime", "Thu Nov 08 2012 16:27:48 GMT+0100");
      Gelöscht : user_pref("CT2319825.ct2319825.Locale", "de");
      Gelöscht : user_pref("CT2319825.ct2319825.RadioLastCheckTime", "Thu Nov 08 2012 16:27:45 GMT+0100");
      Gelöscht : user_pref("CT2319825.ct2319825.RadioLastUpdateIPServer", "3");
      Gelöscht : user_pref("CT2319825.ct2319825.RadioLastUpdateServer", "129224641269630000");
      Gelöscht : user_pref("CT2319825.ct2319825.SearchInNewTabLastCheckTime", "Thu Nov 08 2012 16:27:45 GMT+0100");
      Gelöscht : user_pref("CT2319825.ct2319825.SettingsLastCheckTime", "Thu Nov 08 2012 16:27:44 GMT+0100");
      Gelöscht : user_pref("CT2319825.ct2319825.SettingsLastUpdate", "1352142245");
      Gelöscht : user_pref("CT2319825.ct2319825.ThirdPartyComponentsLastCheck", "Tue Oct 23 2012 20:13:43 GMT+0200");
      Gelöscht : user_pref("CT2319825.ct2319825.ThirdPartyComponentsLastUpdate", "1331806000");
      Gelöscht : user_pref("CT2319825.ct2319825.globalFirstTimeInfoLastCheckTime", "Wed Oct 31 2012 17:23:24 GMT+0100[...]
      Gelöscht : user_pref("CT2319825.ct2319825.toolbarAppMetaDataLastCheckTime", "Thu Nov 08 2012 16:27:48 GMT+0100"[...]
      Gelöscht : user_pref("CT2319825.ct2319825.toolbarContextMenuLastCheckTime", "Sun Nov 04 2012 14:51:20 GMT+0100"[...]
      Gelöscht : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
      Gelöscht : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Sun Sep 25 2011 19:11:15 GMT+0200");
      Gelöscht : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
      Gelöscht : user_pref("CT2319825.initDone", true);
      Gelöscht : user_pref("CT2319825.isAppTrackingManagerOn", false);
      Gelöscht : user_pref("CT2319825.isFirstRadioInstallation", false);
      Gelöscht : user_pref("CT2319825.myStuffEnabled", true);
      Gelöscht : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
      Gelöscht : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
      Gelöscht : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
      Gelöscht : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
      Gelöscht : user_pref("CT2319825.oldAppsList", "128898076802619665,128898076802619666,111,1000082,12976905385255[...]
      Gelöscht : user_pref("CT2319825.revertSettingsEnabled", true);
      Gelöscht : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
      Gelöscht : user_pref("CT2319825.searchProtectorEnableByLogin", true);
      Gelöscht : user_pref("CT2319825.testingCtid", "");
      Gelöscht : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Sun Sep 25 2011 19:11:13 GMT+0200");
      Gelöscht : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Sun Sep 25 2011 19:11:19 GMT+0200");
      Gelöscht : user_pref("CT2319825.usagesFlag", 2);
      Gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&Search[...]
      Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "Winload Customized Web Search,DVDVideoSoftTB Custom[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2319825/CT2319825[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2319825", [...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2319825&octid=[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"4c5[...]
      Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"7ed[...]
      Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Emilia\\AppData\\Roaming\\Mozilla\\[...]
      Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
      Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetPosition. hxxp://storage.conduit.com/gadgets/LiveTV.html?[...]
      Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize. hxxp://storage.conduit.com/gadgets/LiveTV.html?sour[...]
      Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://chat.loke.com/?utm_source=Conduit&utm_medium=[...]
      Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v213/gadget.html", "[...]
      Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
      Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
      Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/07/dd/07caac7[...]
      Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
      Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2319825,CT2269050");
      Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825,CT2269050");
      Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2319825,CT2269050");
      Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Nov 08 2012 16:27:45 GMT+0100");
      Gelöscht : user_pref("CommunityToolbar.globalUserId", "029a2495-7a56-45f2-9b71-521022b3ae81");
      Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
      Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
      Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
      Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Nov 05 2012 17:41:0[...]
      Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
      Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Nov 08 2012 16:27:52 GMT+010[...]
      Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
      Gelöscht : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
      Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
      Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
      Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Nov 08 2012 16:27:43 GMT+0100");
      Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
      Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
      Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
      Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
      Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
      Gelöscht : user_pref("CommunityToolbar.notifications.userId", "038bd9dc-692c-4679-a0e7-45a0c3a9e119");
      Gelöscht : user_pref("CommunityToolbar.originalHomepage", &quo

      Starbuck

      • Site Owner
      • *
      • Offline Offline
      • location: Midlands. UK
      • Posts: 3421
      • .: Leader Malware Analysis & Removal Team
      • -: Site Help Desk - Support Department
        • WWW
      Re: otl scan
      « Reply #4 on: March 14, 2013, 10:20:11 PM »
      Hi mia and welcome to Smokeys.

      You don't say what problems you are having with the system.
      Please explain fully.

      Let's address some issues i can already see from your report:

      Step 1
      Please download AdwCleaner by Xplode onto your desktop.
      • Close all open programs and internet browsers.
      • Double click on adwcleaner.exe to run the tool.
      • Click on the Delete button.
      • A logfile will automatically open after the scan has finished.
      • Please post the contents of that logfile with your next reply.
      • You can find the logfile at C:\AdwCleaner[S1].txt as well.
      .


      Step 2
      Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
      • Download the latest version of  Java Runtime Environment (JRE) 7 Update 17 and save it to your desktop.
      • Scroll down to where it says "Java SE 7 Update 17".
      • Click the "Download JRE" button to the right.
      • Accept the license agreement.
      • select  'Windows x64.exe'  from the list.
      • Save the file to your desktop.
      • Close any programs you may have running - especially your web browser.
      • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
      • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
      • Click the Remove or Change/Remove button.
      • Repeat as many times as necessary to remove each Java versions.
      .
      Java(TM) 6 Update 27
      .
      • Reboot your computer once all Java components are removed.
      • Then from your desktop double-click on downloaded icon to install the newest version.
      .

      Step 3
      Now let's get a fresh set of Otl reports so we can deal with the rest.

      Double click on OTL to run it.
      • Under Extra Registry section, select Use SafeList.
      • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
        .
        Now copy the lines in bold below.

        netsvcs
        msconfig
        %SYSTEMDRIVE%\*.*
        %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
        %systemroot%\*. /mp /s
        %systemroot%\system32\*.dll /lockedfiles
        %systemroot%\Tasks\*.job /lockedfiles
        %systemroot%\system32\drivers\*.sys /lockedfiles
        %systemroot%\system32\*.exe /lockedfiles
        %systemroot%\System32\config\*.sav
        %PROGRAMFILES%\*
        %USERPROFILE%\..|smtmp;true;true;true /FP
        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
        hklm\software\clients\startmenuinternet|command /rs
        hklm\software\clients\startmenuinternet|command /64 /rs
        CREATERESTOREPOINT



      • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


      • Click on Run Scan at the top left hand corner.
      • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.
      .

      In your next reply, please submit: 
      AdwCleaner report
      2 new OTL reports
      and please explain the problems you are experiencing.


      Thanks.

      Smokey

      • Former Site Owner: Deceased - sadly missed
      • Charter Member
      • ******
      • Offline Offline
      • Posts: 5967
      • .: ~veritas odium parit~
      Re: otl scan
      « Reply #3 on: March 14, 2013, 09:02:22 PM »
      Two topics merged.

      miaTopic starter

      • Member
      • *
      • Offline Offline
      • Posts: 5
      OTL.Scan Extras.Txt Editor
      « Reply #2 on: March 14, 2013, 08:20:20 PM »
      [Spoiler]OTL Extras logfile created on: 14.03.2013 18:51:38 - Run 1
      OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Emilia\Downloads
      64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
       
      3,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 45,90% Memory free
      6,00 Gb Paging File | 4,47 Gb Available in Paging File | 74,48% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]
       
      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 917,41 Gb Total Space | 806,65 Gb Free Space | 87,93% Space Free | Partition Type: NTFS
      Drive D: | 1,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
       
      Computer Name: EMILIA-PC | User Name: Emilia | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
       
      ========== Extra Registry (SafeList) ==========
       
       
      ========== File Associations ==========
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
      .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
      .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
      .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
      .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
       
      [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
      .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
       
      ========== Shell Spawning ==========
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      batfile [open] -- "%1" %*
      cmdfile [open] -- "%1" %*
      comfile [open] -- "%1" %*
      exefile [open] -- "%1" %*
      helpfile [open] -- Reg Error: Key error.
      http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
      https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
      inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
      InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
      InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
      piffile [open] -- "%1" %*
      regfile [merge] -- Reg Error: Key error.
      scrfile [config] -- "%1"
      scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
      scrfile [open] -- "%1" /S
      txtfile [edit] -- Reg Error: Key error.
      Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
      Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
      Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Folder [explore] -- Reg Error: Value error.
      Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      batfile [open] -- "%1" %*
      cmdfile [open] -- "%1" %*
      comfile [open] -- "%1" %*
      cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
      exefile [open] -- "%1" %*
      helpfile [open] -- Reg Error: Key error.
      http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
      https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
      inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
      piffile [open] -- "%1" %*
      regfile [merge] -- Reg Error: Key error.
      scrfile [config] -- "%1"
      scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
      scrfile [open] -- "%1" /S
      txtfile [edit] -- Reg Error: Key error.
      Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
      Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
      Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Folder [explore] -- Reg Error: Value error.
      Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
       
      ========== Security Center Settings ==========
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "cval" = 1
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
      "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
      "AntiVirusOverride" = 0
      "AntiSpywareOverride" = 0
      "FirewallOverride" = 0
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
       
      ========== Firewall Settings ==========
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1
       
      ========== Authorized Applications List ==========
       
       
      ========== Vista Active Open Ports Exception List ==========
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{1C1CAAE1-7414-40D1-A4D8-142518D7FEB4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
      "{1CBD11C8-4CBE-486C-9FC2-BC33BDA80C96}" = lport=445 | protocol=6 | dir=in | app=system |
      "{1D804A9F-4D59-450F-BE9F-1B3BF2428CCE}" = lport=10243 | protocol=6 | dir=in | app=system |
      "{241A5378-CC3F-4106-A7C5-8335875FD02C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
      "{4830FCDC-F5F1-4724-8F6C-60875B75A29D}" = rport=138 | protocol=17 | dir=out | app=system |
      "{4B49D9F5-EB5C-4966-845E-83DBF11BED26}" = lport=2869 | protocol=6 | dir=in | app=system |
      "{60A5109B-ABFB-440D-9631-1610AB16E8A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
      "{7D15DDAE-353B-4EA8-8794-41176C6B63B3}" = rport=137 | protocol=17 | dir=out | app=system |
      "{879408EB-13D8-4413-B736-75B20BA98467}" = rport=445 | protocol=6 | dir=out | app=system |
      "{87D301E8-6180-4571-8DCA-936F10CDCBEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
      "{8F8A59D9-EB78-43B7-8F01-5899AF6A7FE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
      "{96E02C34-D2EB-41FF-ADB2-4EF1A12E8429}" = lport=50757 | protocol=6 | dir=in | name=akamai netsession interface |
      "{9A4DFC21-CD3B-40C7-8893-84802434717A}" = lport=139 | protocol=6 | dir=in | app=system |
      "{A08C6C09-A8C0-4D42-8B52-F23F3919054D}" = rport=139 | protocol=6 | dir=out | app=system |
      "{A251D996-90F9-4192-8943-B74A19CBC3CA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
      "{A8B4A384-C48A-4A29-AAF8-D2BB0C67D9F9}" = lport=137 | protocol=17 | dir=in | app=system |
      "{B8923E1C-034F-4BFF-86D0-AE8E91AF57AC}" = lport=138 | protocol=17 | dir=in | app=system |
      "{C2AB635E-9997-48C2-A2B6-803787B36F09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
      "{D3297381-766A-4255-8412-07EA3A070BD0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
      "{D94450BE-4CCA-44F2-9444-224193F04BDB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
      "{E269781A-D554-4683-A11C-0D7B4CC50CAB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
      "{F11426CE-A582-49C1-ABDA-2485B0871202}" = rport=10243 | protocol=6 | dir=out | app=system |
      "{F1D8F198-66E9-4392-8006-96D324DD0A10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
       
      ========== Vista Active Application Exception List ==========
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{04AEF630-0F37-4DD3-93E9-8F98D2E266AF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
      "{07681E5A-4CD2-4596-B22D-77FD0666DA62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
      "{08136F0C-6360-45C7-9FC6-0C57DC07A12F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
      "{0C23637D-DD21-4B25-982F-48C0E72A4AFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
      "{0D74D33E-ABA5-4870-B36E-610354526202}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
      "{1BBA9DD5-788A-46EE-8E1E-B89FA3F4CC31}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
      "{2036BDAA-18DD-41DB-A38A-ED7427031935}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
      "{24F402CB-7A7B-43CA-9ED3-F50D12C47657}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
      "{2CF0F247-6C68-493B-B382-7BC5D2F24E94}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\james cameron's avatar - das spiel\bin\avatar.exe |
      "{2D1CC97F-4673-4712-8E4E-39E63B9AC315}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
      "{2F930BF5-64E9-45E1-AC05-8B17712BF67D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
      "{30D11F8E-F72C-44D0-9183-4AF9826BF641}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
      "{31A64A9E-7CB5-4F58-ACDB-8AE3DBF6806F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
      "{32B958E1-B50B-4405-8DE9-1780D130D7F8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
      "{35224E8E-9C81-455F-B9E9-159D34334F40}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
      "{35EF0F6B-5A0B-47E7-B1FA-C84243C5B382}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
      "{3ABCFB46-3340-42F1-943E-2F20710D15A1}" = dir=in | app=c:\brickforce\brickforce.exe |
      "{3BF5C8AA-B6C0-486A-8432-2B418E57D3EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
      "{3C76CEE8-AEE0-421A-BF96-04D94EC22056}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\james cameron's avatar - das spiel\bin\avatar.exe |
      "{45B242DC-AF03-4D0D-8158-A75FD77BA2E3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
      "{4B063598-8CE0-4ED3-AF78-CC6A30588A4B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
      "{5DBAC4AE-43CE-40C8-AF7C-C9D9357B3523}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
      "{5DC7E7C0-3309-4061-9999-66FE36CD5106}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
      "{6319090E-5A22-400B-AE17-8592203E5B5A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
      "{65466EA4-40E3-44C9-A999-EF60028BBEEF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
      "{687E246D-DB76-4D61-9639-672EDC265AC8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
      "{6B2E08BF-679F-4A08-9E48-04FF278BA43F}" = dir=in | app=c:\brickforce\bflauncher.exe |
      "{6EFFBEC8-6817-4C62-9C8A-BCD55B70348C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
      "{72968BFC-E4CF-4FC3-B245-BA1D9EEE62E3}" = protocol=6 | dir=out | app=system |
      "{81280989-379B-4DFF-BE3A-D3D2EDDEC631}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
      "{8195CE9F-A027-438B-BA5A-AFC98CCDDFEF}" = protocol=17 | dir=in | app=c:\users\emilia\appdata\local\akamai\netsession_win.exe |
      "{83FE99F8-9454-4589-8E9F-759D4A36F95C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\james cameron's avatar - das spiel\bin\avatarlauncher.exe |
      "{8DC29C99-0FB3-42E1-B301-80869DD0D17F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
      "{94D36CC5-7951-438F-8C54-1AB3C43BB8B9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
      "{9607E548-8ADB-4060-A79C-5959719B227D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
      "{9C000FCA-8B41-4AD2-A024-F8315E97A2D1}" = protocol=6 | dir=in | app=c:\users\emilia\appdata\local\akamai\netsession_win.exe |
      "{9E41C8AC-416A-44DB-A9C7-22EA0D7FCFB6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
      "{A2FB2BA9-E95F-4F42-A565-33DAE929D885}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
      "{A74636D0-18A2-4FBE-B015-A4017F838C0A}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
      "{B0688DBC-8673-4201-92E6-9B8CBEA662BC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
      "{CA7F1D5E-D493-4A34-9C42-248827D238D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
      "{CD5ACBDD-AE0D-4757-8276-BBEE621FDB14}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
      "{D1486C0B-BBDB-4128-B0E4-8304AE1AD2EC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
      "{D46C16B3-D984-45B7-90DB-96231CCE09A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
      "{E4FDE43B-B6B4-4D94-903B-D30F4F973761}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
      "{E7183DFC-7263-4A23-9B20-906812C0FCAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
      "{EA30E952-41A7-4885-9D0E-ECA58202CF0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
      "{EDC4A482-3549-47CB-9637-30BA03A1C634}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\james cameron's avatar - das spiel\bin\avatarlauncher.exe |
      "{F2695A45-755C-4B49-9CED-E982AB0B861C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
      "{F330B80E-10E2-4B66-B271-36C123DBC730}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
      "{F390B984-F6ED-4775-BF06-B1AF6D9E64BC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
      "TCP Query User{2611D6E1-B673-462A-95D8-899098A51570}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
      "TCP Query User{50452887-3473-4D81-BE98-054467599B0A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
      "TCP Query User{5462D891-40A7-43C8-9985-CFF1F127A3D5}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
      "TCP Query User{FBB9246A-2772-4D2C-9873-3EACB4AE3302}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
      "UDP Query User{1A46913C-51FA-422E-8145-32C72FF17687}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
      "UDP Query User{2BF75854-1FCD-4723-9CE9-EC0A5B40D83B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
      "UDP Query User{52B1A9C2-7A1C-4A54-BA7B-DFED436DF699}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
      "UDP Query User{F7333435-37CC-4FA8-8097-402A5EC9DF7A}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
       
      ========== HKEY_LOCAL_MACHINE Uninstall List ==========
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
      "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
      "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
      "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
      "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
      "{2D2820A1-F214-4B7A-912E-A87E5608CF10}" = Motorola Mobile Drivers Installation 5.0.0
      "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
      "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
      "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
      "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
      "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
      "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
      "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
      "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
      "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
      "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
      "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
      "NVIDIA Drivers" = NVIDIA Drivers
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{130E3A12-3443-4D92-BFFC-4CB1182F8D14}" = TinkerBell’s Abenteuer
      "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
      "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
      "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
      "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
      "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
      "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
      "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
      "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
      "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
      "{2C82E097-694E-44ea-A947-2750679469CF}" = Die Sims™ 2
      "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
      "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
      "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
      "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
      "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
      "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
      "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
      "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
      "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
      "{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
      "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
      "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
      "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
      "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
      "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
      "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
      "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
      "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
      "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
      "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
      "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
      "{7C1824FC-B3EA-DF3F-BCC5-ED8BE0FB74B2}" = Anubis - Das Geheimnis des Osiris
      "{7E19B002-4CA3-4C9F-BA92-91D101B97219}" = James Cameron's AVATAR(tm): DAS SPIEL
      "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
      "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
      "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
      "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
      "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
      "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
      "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
      "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
      "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
      "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
      "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
      "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
      "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
      "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
      "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
      "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
      "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
      "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
      "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
      "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
      "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
      "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
      "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
      "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
      "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
      "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
      "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
      "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
      "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack fĂĽr 2007 Office System
      "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
      "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
      "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
      "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
      "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
      "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
      "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
      "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
      "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
      "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
      "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
      "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
      "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
      "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
      "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
      "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
      "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
      "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
      "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
      "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
      "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
      "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
      "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
      "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
      "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
      "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
      "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
      "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
      "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
      "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
      "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
      "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
      "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
      "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
      "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
      "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
      "{EE7C6B6E-72B3-4346-AF3B-95796F09C61B}" = Pony Friends 2
      "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
      "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
      "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
      "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
      "{f2a1968e-87eb-4bb6-b579-27de6f2b8e4f}" = Nero 9 Essentials
      "{F2F30021-C509-43B2-B2EC-94C1249CC10D}" = S4 League_EU
      "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
      "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
      "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
      "{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
      "Adobe AIR" = Adobe AIR
      "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
      "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
      "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
      "Akamai" = Akamai NetSession Interface Service
      "avast" = avast! Free Antivirus
      "AVG Secure Search" = AVG Security Toolbar
      "Brick-Force" = Brick-Force
      "CDex" = CDex - Open Source Digital Audio CD Extractor
      "Cheat Engine 6.2_is1" = Cheat Engine 6.2
      "de.studio100.anubis.geheimnisosiris.ECD972C667655AB064366A82A4411E55DF698589.1" = Anubis - Das Geheimnis des Osiris
      "DealPly" = DealPly
      "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
      "eMachines Registration" = eMachines Registration
      "eMachines Screensaver" = eMachines ScreenSaver
      "eMachines Welcome Center" = Welcome Center
      "Euro Truck Simulator" = Euro Truck Simulator 1.3
      "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
      "GamersFirst LIVE!" = GamersFirst LIVE!
      "GamersFirst War Rock" = War Rock
      "Google Chrome" = Google Chrome
      "Identity Card" = Identity Card
      "'Lass uns reiten 2'" = 'Lass uns reiten 2'
      "Metin2_is1" = Metin2
      "MotoHelper" = MotoHelper 2.0.49 Driver
      "Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
      "MozillaMaintenanceService" = Mozilla Maintenance Service
      "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
      "Origin" = Origin
      "phase-6" = phase-6 2.1.2.3a
      "phase-6-junior" = phase-6-junior 2.1.2.3a
      "Pony Friends 2" = Pony Friends 2
      "PunkBusterSvc" = PunkBuster Services
      "RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
      "TeamViewer 6" = TeamViewer 6
      "WinLiveSuite_Wave3" = Windows Live Essentials
      "Winload Toolbar" = Winload Toolbar
      "WinRAR archiver" = WinRAR 4.20 (32-Bit)
       
      ========== HKEY_CURRENT_USER Uninstall List ==========
       
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
      "Akamai" = Akamai NetSession Interface
      "DealPly" = Update_DealPly
      "SOE-Free Realms" = Free Realms
       
      ========== Last 20 Event Log Errors ==========
       
      [ Application Events ]
      Error - 23.02.2013 11:14:39 | Computer Name = Emilia-PC | Source = SideBySide | ID = 16842785
      Description = Fehler beim Generieren des Aktivierungskontextes fĂĽr "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
      Die
       abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
       konnte nicht gefunden werden.  Verwenden Sie fĂĽr eine detaillierte Diagnose das Programm
       "sxstrace.exe".
       
      Error - 23.02.2013 11:14:39 | Computer Name = Emilia-PC | Source = SideBySide | ID = 16842785
      Description = Fehler beim Generieren des Aktivierungskontextes fĂĽr "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
      Die
       abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
       konnte nicht gefunden werden.  Verwenden Sie fĂĽr eine detaillierte Diagnose das Programm
       "sxstrace.exe".
       
      Error - 23.02.2013 11:14:39 | Computer Name = Emilia-PC | Source = SideBySide | ID = 16842785
      Description = Fehler beim Generieren des Aktivierungskontextes fĂĽr "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
      Die
       abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
       konnte nicht gefunden werden.  Verwenden Sie fĂĽr eine detaillierte Diagnose das Programm
       "sxstrace.exe".
       
      Error - 24.02.2013 08:53:39 | Computer Name = Emilia-PC | Source = SideBySide | ID = 16842815
      Description = Fehler beim Generieren des Aktivierungskontextes fĂĽr "c:\Program Files
       (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
       Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
       AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
       des "version"-Attributs im assemblyIdentity-Element ist ungĂĽltig.
       
      Error - 24.02.2013 08:54:52 | Computer Name = Emilia-PC | Source = SideBySide | ID = 16842785
      Description = Fehler beim Generieren des Aktivierungskontextes fĂĽr "c:\program files
       (x86)\windows live\messenger\wlcsdk.exe".  Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0""
       konnte nicht gefunden werden.  Verwenden Sie fĂĽr eine detaillierte Diagnose das Programm
       "sxstrace.exe".
       
      Error - 24.02.2013 08:54:52 | Computer Name = Emilia-PC | Source = SideBySide | ID = 16842787
      Description = Fehler beim Generieren des Aktivierungskontextes fĂĽr "c:\program files
       (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
       "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
      im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
       ĂĽberein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
      Definition:
       WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
       das Programm "sxstrace.exe" fĂĽr eine detaillierte Diagnose.
       
      Error - 24.02.2013 08:55:26 | Computer Name = Emilia-PC | Source = SideBySide | ID = 16842785
      Description = Fehler beim Generieren des Aktivierungskontextes fĂĽr "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
      Die
       abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
       konnte nicht gefunden werden.  Verwenden Sie fĂĽr eine detaillierte Diagnose das Programm
       "sxstrace.exe".
       
      Error - 24.02.2013 08:55:26 | Computer Name = Emilia-PC | Source = SideBySide | ID = 16842785
      Description = Fehler beim Generieren des Aktivierungskontextes fĂĽr "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
      Die
       abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
       konnte nicht gefunden werden.  Verwenden Sie fĂĽr eine detaillierte Diagnose das Programm
       "sxstrace.exe".
       
      Error - 24.02.2013 08:55:27 | Computer Name = Emilia-PC | Source = SideBySide | ID = 16842785
      Description = Fehler beim Generieren des Aktivierungskontextes fĂĽr "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
      Die
       abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
       konnte nicht gefunden werden.  Verwenden Sie fĂĽr eine detaillierte Diagnose das Programm
       "sxstrace.exe".
       
      Error - 24.02.2013 08:55:27 | Computer Name = Emilia-PC | Source = SideBySide | ID = 16842785
      Description = Fehler beim Generieren des Aktivierungskontextes fĂĽr "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
      Die
       abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
       konnte nicht gefunden werden.  Verwenden Sie fĂĽr eine detaillierte Diagnose das Programm
       "sxstrace.exe".
       
      [ Media Center Events ]
      Error - 10.03.2013 15:21:01 | Computer Name = Emilia-PC | Source = MCUpdate | ID = 0
      Description = 20:21:00 - Fehler beim Herstellen der Internetverbindung.  20:21:00
      -     Serververbindung konnte nicht hergestellt werden.. 
       
      Error - 10.03.2013 15:21:14 | Computer Name = Emilia-PC | Source = MCUpdate | ID = 0
      Description = 20:21:06 - Fehler beim Herstellen der Internetverbindung.  20:21:06
      -     Serververbindung konnte nicht hergestellt werden.. 
       
      Error - 10.03.2013 16:21:20 | Computer Name = Emilia-PC | Source = MCUpdate | ID = 0
      Description = 21:21:20 - Fehler beim Herstellen der Internetverbindung.  21:21:20
      -     Serververbindung konnte nicht hergestellt werden.. 
       
      Error - 10.03.2013 16:21:31 | Computer Name = Emilia-PC | Source = MCUpdate | ID = 0
      Description = 21:21:25 - Fehler beim Herstellen der Internetverbindung.  21:21:25
      -     Serververbindung konnte nicht hergestellt werden.. 
       
      Error - 11.03.2013 11:34:31 | Computer Name = Emilia-PC | Source = MCUpdate | ID = 0
      Description = 16:34:31 - Fehler beim Herstellen der Internetverbindung.  16:34:31
      -     Serververbindung konnte nicht hergestellt werden.. 
       
      Error - 11.03.2013 11:34:42 | Computer Name = Emilia-PC | Source = MCUpdate | ID = 0
      Description = 16:34:36 - Fehler beim Herstellen der Internetverbindung.  16:34:36
      -     Serververbindung konnte nicht hergestellt werden.. 
       
      Error - 11.03.2013 12:34:47 | Computer Name = Emilia-PC | Source = MCUpdate | ID = 0
      Description = 17:34:47 - Fehler beim Herstellen der Internetverbindung.  17:34:47
      -     Serververbindung konnte nicht hergestellt werden.. 
       
      Error - 11.03.2013 12:34:54 | Computer Name = Emilia-PC | Source = MCUpdate | ID = 0
      Description = 17:34:52 - Fehler beim Herstellen der Internetverbindung.  17:34:52
      -     Serververbindung konnte nicht hergestellt werden.. 
       
      Error - 12.03.2013 13:47:11 | Computer Name = Emilia-PC | Source = MCUpdate | ID = 0
      Description = 18:47:11 - Fehler beim Herstellen der Internetverbindung.  18:47:11
      -     Serververbindung konnte nicht hergestellt werden.. 
       
      Error - 12.03.2013 13:47:24 | Computer Name = Emilia-PC | Source = MCUpdate | ID = 0
      Description = 18:47:16 - Fehler beim Herstellen der Internetverbindung.  18:47:16
      -     Serververbindung konnte nicht hergestellt werden.. 
       
      [ System Events ]
      Error - 14.03.2013 13:20:53 | Computer Name = Emilia-PC | Source = nvstor64 | ID = 14548995
      Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-22M2B0

      Firmware-Version:
       01.0    Seriennummer:      WD-WCAV54659905    Anschluss: 0 
       
      Error - 14.03.2013 13:20:53 | Computer Name = Emilia-PC | Source = nvstor64 | ID = 14548995
      Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-22M2B0

      Firmware-Version:
       01.0    Seriennummer:      WD-WCAV54659905    Anschluss: 0 
       
      Error - 14.03.2013 13:20:53 | Computer Name = Emilia-PC | Source = nvstor64 | ID = 14548995
      Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-22M2B0

      Firmware-Version:
       01.0    Seriennummer:      WD-WCAV54659905    Anschluss: 0 
       
      Error - 14.03.2013 13:20:53 | Computer Name = Emilia-PC | Source = nvstor64 | ID = 14548995
      Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-22M2B0

      Firmware-Version:
       01.0    Seriennummer:      WD-WCAV54659905    Anschluss: 0 
       
      Error - 14.03.2013 13:20:53 | Computer Name = Emilia-PC | Source = nvstor64 | ID = 14548995
      Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-22M2B0

      Firmware-Version:
       01.0    Seriennummer:      WD-WCAV54659905    Anschluss: 0 
       
      Error - 14.03.2013 13:20:53 | Computer Name = Emilia-PC | Source = nvstor64 | ID = 14548995
      Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-22M2B0

      Firmware-Version:
       01.0    Seriennummer:      WD-WCAV54659905    Anschluss: 0 
       
      Error - 14.03.2013 13:20:53 | Computer Name = Emilia-PC | Source = nvstor64 | ID = 14548995
      Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-22M2B0

      Firmware-Version:
       01.0    Seriennummer:      WD-WCAV54659905    Anschluss: 0 
       
      Error - 14.03.2013 13:20:53 | Computer Name = Emilia-PC | Source = nvstor64 | ID = 14548995
      Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-22M2B0

      Firmware-Version:
       01.0    Seriennummer:      WD-WCAV54659905    Anschluss: 0 
       
      Error - 14.03.2013 13:20:53 | Computer Name = Emilia-PC | Source = nvstor64 | ID = 14548995
      Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-22M2B0

      Firmware-Version:
       01.0    Seriennummer:      WD-WCAV54659905    Anschluss: 0 
       
      Error - 14.03.2013 13:20:56 | Computer Name = Emilia-PC | Source = nvstor64 | ID = 14548995
      Description = Datenfehler des Geräts.        Gerät: \Device\RaidPort0    Modell: WDC WD10EADS-22M2B0

      Firmware-Version:
       01.0    Seriennummer:      WD-WCAV54659905    Anschluss: 0 
       
       
      < End of report >
      [/Spoiler]

      miaTopic starter

      • Member
      • *
      • Offline Offline
      • Posts: 5
      otl scan
      « Reply #1 on: March 14, 2013, 08:18:33 PM »
      OTL logfile created on: 14.03.2013 18:51:38 - Run 1
      OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Emilia\Downloads
      64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
       
      3,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 45,90% Memory free
      6,00 Gb Paging File | 4,47 Gb Available in Paging File | 74,48% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]
       
      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 917,41 Gb Total Space | 806,65 Gb Free Space | 87,93% Space Free | Partition Type: NTFS
      Drive D: | 1,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
       
      Computer Name: EMILIA-PC | User Name: Emilia | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
       
      ========== Processes (SafeList) ==========
       
      PRC - C:\Users\Emilia\Downloads\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
      PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
      PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
      PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
      PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
      PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      PRC - C:\Users\Emilia\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
      PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
      PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
      PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
      PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
      PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
      PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
      PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer)
       
       
      ========== Modules (No Company Name) ==========
       
      MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
      MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
      MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll ()
      MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
      MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
      MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
       
       
      ========== Services (SafeList) ==========
       
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
      SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
      SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
      SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
      SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
      SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
      SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
      SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
       
       
      ========== Driver Services (SafeList) ==========
       
      DRV:64bit: - (dump_wmimmc) -- C:\Program Files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys File not found
      DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
      DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
      DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
      DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
      DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
      DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
      DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
      DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
      DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
      DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
      DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
      DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
      DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola)
      DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
      DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
       
       
      ========== Standard Registry (SafeList) ==========
       
       
      ========== Internet Explorer ==========
       
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360611sn06973e54z55bh851431q
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360611sn06973e54z55bh851431q
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360611sn06973e54z55bh851431q
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360611sn06973e54z55bh851431q
      IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
      IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
      IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
      IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
       
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360611sn06973e54z55bh851431q
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825
      IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
      IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
      IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
      IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={3FC8FCA6-5FAA-4D55-BDD1-16DDC20403C2}&mid=b4ef13903de447d0adfbd16c5781482a-cef66dd1959c9c1a628d01e564a5d6d8dd2ff59e&lang=de&ds=od011&pr=sa&d=2012-10-01 17:37:42&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
      IE - HKCU\..\SearchScopes\{9E61F094-62FE-44D0-AF97-210CF8AB4A2D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>;192.168.*.*
       
      ========== FireFox ==========
       
      FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
      FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
      FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
      FF - prefs.js..browser.search.selectedEngine: "Google"
      FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com/?cid={3FC8FCA6-5FAA-4D55-BDD1-16DDC20403C2}&mid=b4ef13903de447d0adfbd16c5781482a-cef66dd1959c9c1a628d01e564a5d6d8dd2ff59e&lang=de&ds=od011&pr=sa&d=2012-10-01 17:37:42&v=14.0.2.14&pid=avg&sg=&sap=hp"
      FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
      FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
      FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.171
      FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.199.0
      FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.2.0.1
      FF - prefs.js..extensions.enabledAddons: %7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0
      FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
       
       
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
      FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
      FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Emilia\AppData\Roaming\Mozilla\Firefox\Profiles\fm2vjpsr.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
      FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
       
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.18 18:02:09 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.14 18:44:08 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 17:47:55 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 17:47:55 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
       
      [2011.09.16 15:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emilia\AppData\Roaming\mozilla\Extensions
      [2013.02.19 17:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emilia\AppData\Roaming\mozilla\Firefox\Profiles\fm2vjpsr.default\extensions
      [2013.02.03 18:49:22 | 000,000,000 | ---D | M] () -- C:\Users\Emilia\AppData\Roaming\mozilla\Firefox\Profiles\fm2vjpsr.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
      [2013.01.30 16:20:58 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Emilia\AppData\Roaming\mozilla\Firefox\Profiles\fm2vjpsr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
      [2013.02.19 17:26:36 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Emilia\AppData\Roaming\mozilla\Firefox\Profiles\fm2vjpsr.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
      [2013.02.16 16:59:02 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Emilia\AppData\Roaming\mozilla\Firefox\Profiles\fm2vjpsr.default\extensions\battlefieldheroespatcher@ea.com
      [2012.12.11 18:34:18 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Emilia\AppData\Roaming\mozilla\firefox\profiles\fm2vjpsr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
      [2013.02.15 14:25:09 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Emilia\AppData\Roaming\mozilla\firefox\profiles\fm2vjpsr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
      [2012.03.22 14:54:20 | 000,000,931 | ---- | M] () -- C:\Users\Emilia\AppData\Roaming\mozilla\firefox\profiles\fm2vjpsr.default\searchplugins\conduit.xml
      [2013.02.19 17:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2013.03.14 18:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions
      [2013.03.14 18:40:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      [2013.02.18 18:02:09 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
      [2013.02.19 17:47:55 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012.07.03 16:47:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
      [2013.02.18 18:02:13 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
      [2012.09.01 11:03:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012.07.03 16:47:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
      [2012.07.03 16:47:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
      [2012.07.03 16:47:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
      [2012.07.03 16:47:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
       
      ========== Chrome  ==========
       
      CHR - homepage: http://isearch.avg.com/?cid={3FC8FCA6-5FAA-4D55-BDD1-16DDC20403C2}&mid=b4ef13903de447d0adfbd16c5781482a-cef66dd1959c9c1a628d01e564a5d6d8dd2ff59e&lang=de&ds=od011&pr=sa&d=2012-10-01 17:37:42&v=14.0.2.14&pid=avg&sg=&sap=hp
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
      CHR - homepage: http://isearch.avg.com/?cid={3FC8FCA6-5FAA-4D55-BDD1-16DDC20403C2}&mid=b4ef13903de447d0adfbd16c5781482a-cef66dd1959c9c1a628d01e564a5d6d8dd2ff59e&lang=de&ds=od011&pr=sa&d=2012-10-01 17:37:42&v=14.0.2.14&pid=avg&sg=&sap=hp
      CHR - Extension: YouTube = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: Google-Suche = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
      CHR - Extension: avast! WebRep = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
      CHR - Extension: Winload = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\2.0.1.4_0\
      CHR - Extension: Google Mail = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
       
      O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
      O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
      O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
      O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
      O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
      O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
      O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
      O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
      O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
      O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Emilia\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
      O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
      O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
      O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
      O4 - HKLM..\RunOnce: [aswasOutExt64.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe (AVAST Software)
      O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
      O4 - Startup: C:\Users\Emilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Emilia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
      O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Emilia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
      O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
      O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
      O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
      O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F58E7125-AF2D-4227-8343-2C5196582E27}: DhcpNameServer = 192.168.0.1
      O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
      O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
      O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
      O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2011.12.06 14:46:32 | 000,000,075 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
      O33 - MountPoints2\{4600494b-92a2-11e0-a3a0-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{4600494b-92a2-11e0-a3a0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe -- [2011.12.09 17:15:44 | 000,706,888 | R--- | M] ()
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
       
      ========== Files/Folders - Created Within 30 Days ==========
       
      [2013.03.14 18:30:52 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Local\ElevatedDiagnostics
      [2013.03.10 20:15:43 | 000,000,000 | -HSD | C] -- C:\found.001
      [2013.03.05 19:44:12 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Roaming\.minecraft
      [2013.02.27 18:57:25 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
      [2013.02.27 18:57:25 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
      [2013.02.27 18:57:25 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
      [2013.02.27 18:57:25 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
      [2013.02.27 18:57:22 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
      [2013.02.27 18:57:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
      [2013.02.27 18:57:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
      [2013.02.27 18:57:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
      [2013.02.27 18:57:15 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      [2013.02.27 18:57:15 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      [2013.02.27 18:57:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
      [2013.02.27 18:57:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
      [2013.02.27 18:57:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
      [2013.02.27 18:57:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
      [2013.02.27 18:57:14 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
      [2013.02.27 18:57:14 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
      [2013.02.27 18:57:14 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
      [2013.02.27 18:57:14 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
      [2013.02.27 18:57:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
      [2013.02.27 18:57:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
      [2013.02.27 18:57:13 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
      [2013.02.27 18:57:13 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
      [2013.02.27 18:57:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
      [2013.02.27 18:57:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
      [2013.02.27 18:57:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
      [2013.02.27 18:57:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
      [2013.02.27 18:57:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
      [2013.02.27 18:57:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
      [2013.02.27 18:57:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
      [2013.02.27 18:57:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
      [2013.02.27 18:57:12 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
      [2013.02.27 18:57:12 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
      [2013.02.27 18:57:12 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
      [2013.02.27 18:57:12 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
      [2013.02.27 18:57:12 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
      [2013.02.27 18:57:12 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
      [2013.02.27 18:57:12 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
      [2013.02.27 18:57:11 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
      [2013.02.27 18:57:11 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
      [2013.02.27 18:57:10 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
      [2013.02.27 18:57:10 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
      [2013.02.24 14:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
      [2013.02.24 14:31:59 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
      [2013.02.24 14:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
      [2013.02.24 14:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
      [2013.02.24 14:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
      [2013.02.24 14:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
      [2013.02.24 14:19:26 | 090,130,256 | ---- | C] (Apple Inc.) -- C:\Users\Emilia\Desktop\iTunes64Setup.exe
      [2013.02.19 17:47:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
      [2013.02.19 17:27:30 | 000,000,000 | ---D | C] -- C:\Users\Emilia\Documents\My Cheat Tables
      [2013.02.19 17:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
      [2013.02.19 17:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
      [2013.02.19 17:26:49 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
      [2013.02.19 17:26:43 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Roaming\DealPly
      [2013.02.19 17:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
      [2013.02.14 19:25:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
      [2013.02.14 19:25:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
      [2013.02.14 19:25:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
      [2013.02.14 19:25:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
      [2013.02.14 19:25:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
      [2013.02.14 19:25:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
      [2013.02.14 19:25:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
      [2013.02.14 19:25:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
      [2013.02.14 19:25:18 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
      [2013.02.14 19:25:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
      [2013.02.14 19:25:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
      [2013.02.14 19:25:18 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
      [2013.02.14 19:25:13 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
      [2013.02.14 19:25:12 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
      [2013.02.14 19:25:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
      [2013.02.14 14:46:58 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
      [2013.02.14 14:46:57 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
      [2013.02.14 14:46:56 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
      [2013.02.14 14:46:46 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
      [2013.02.14 14:46:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
      [2013.02.14 14:46:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
      [2013.02.14 14:46:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
      [2013.02.14 14:46:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
      [2013.02.14 14:46:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
      [2013.02.14 14:46:39 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
      [2009.10.29 07:09:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
      [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
      [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
       
      ========== Files - Modified Within 30 Days ==========
       
      [2013.03.14 18:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
      [2013.03.14 18:39:23 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2013.03.14 18:29:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2013.03.14 18:29:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2013.03.14 18:16:21 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2013.03.14 18:12:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2013.03.07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
      [2013.03.07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
      [2013.03.07 00:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
      [2013.03.07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
      [2013.03.07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
      [2013.03.07 00:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
      [2013.03.07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
      [2013.03.07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
      [2013.03.07 00:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
      [2013.03.07 00:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
      [2013.03.06 18:05:43 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
      [2013.03.06 18:05:43 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
      [2013.03.06 17:57:30 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
      [2013.03.06 16:42:58 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
      [2013.02.24 14:32:08 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
      [2013.02.24 14:27:47 | 090,130,256 | ---- | M] (Apple Inc.) -- C:\Users\Emilia\Desktop\iTunes64Setup.exe
      [2013.02.18 18:01:52 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
      [2013.02.15 14:19:55 | 000,410,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2013.02.14 19:28:42 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2013.02.14 19:28:42 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
      [2013.02.14 19:28:42 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2013.02.14 19:28:42 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
      [2013.02.14 19:28:42 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2013.02.14 14:36:22 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
      [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
      [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
       
      ========== Files Created - No Company Name ==========
       
      [2013.03.14 18:44:16 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
      [2013.03.14 18:44:14 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
      [2013.02.24 14:32:08 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
      [2012.05.04 17:47:23 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini
      [2012.04.15 10:38:10 | 000,001,107 | ---- | C] () -- C:\Users\Emilia\Dokumente - VerknĂĽpfung.lnk
      [2011.12.04 15:01:21 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
      [2011.12.04 15:01:16 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
      [2011.10.21 16:23:06 | 000,003,584 | ---- | C] () -- C:\Users\Emilia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2011.09.16 15:42:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
      [2011.09.10 11:21:47 | 000,000,314 | ---- | C] () -- C:\Windows\wininit.ini
      [2011.03.08 15:09:56 | 000,000,004 | ---- | C] () -- C:\ProgramData\icw09hbs.inf
       
      ========== ZeroAccess Check ==========
       
      [2012.12.28 09:05:56 | 000,003,975 | ---- | M] () -- C:\Users\Emilia\AppData\Local\Temp\Rar$DRa0.237\l.class
      [2012.12.28 09:05:56 | 000,001,032 | ---- | M] () -- C:\Users\Emilia\AppData\Local\Temp\Rar$DRa0.237\n.class
      [2012.12.28 09:05:56 | 000,001,458 | ---- | M] () -- C:\Users\Emilia\AppData\Local\Temp\Rar$DRa0.237\u.class
      [2012.12.28 09:05:56 | 000,003,975 | ---- | M] () -- C:\Users\Emilia\AppData\Local\Temp\Rar$DRa0.264\l.class
      [2012.12.28 09:05:56 | 000,001,032 | ---- | M] () -- C:\Users\Emilia\AppData\Local\Temp\Rar$DRa0.264\n.class
      [2012.12.28 09:05:56 | 000,001,458 | ---- | M] () -- C:\Users\Emilia\AppData\Local\Temp\Rar$DRa0.264\u.class
      [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
       
      ========== Alternate Data Streams ==========
       
      @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:ABE89FFE
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E1F04E8D
      @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5D7E5A8F
      @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4D066AD2

      < End of report >
       

      * Permissions
      You can't post new topics.
      You can't post replies.
      You can't post attachments.
      You can't modify your posts.
      BBCode Enabled
      Smilies Enabled
      [img] Enabled
      HTML Disabled


      Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2017 Smokey Services™ -- All rights reserved
      Design board graphics, banners and images by Meg&Millie - Emma aka Tinker

      This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
      Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

          

        

      Smokey's also provides free fully qualified FRST (Farbar Recovery Scan Tool) Log / Malware Analysis & Removal Help and System Health Checks
      rifle
      rifle
      rifle
      rifle