ad.adserverplus.com - Fenster erscheint auf diversen Seiten

Seelöwe · 09.07.2012, 07:04

Hallo!

Seit einiger Zeit erscheinen mir auf diversen Internetseiten Pop-Ups von ad.adserverplus.com.
Ich habe bereits einen Virenscann mit Norton und SUPERAntiSpyware gemacht, doch es wurde nichts gefunden.
Ich kenne mich nicht gut in dem Bereich aus und bin für jede Hilfe dankbar.

Danke!

cosinus · 11.07.2012, 12:05

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Seelöwe · 12.07.2012, 14:25

Hallo,

Ich hoffe, dass ich alles richtig gemacht habe.

Der Log von Malwarebytes:

Code:

ATTFilter

 Infizierte Speichermodule: 1
C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 22
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Daten: C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Löschen bei Neustart.

Infizierte Dateien: 13
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Löschen bei Neustart.
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lea2\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Löschen bei Neustart.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und der Log von ESET:

Code:

ATTFilter

 

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b2fc85f35f7150448e7a976677d4b3b4
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-12 10:34:10
# local_time=2012-07-12 12:34:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3589 16777213 100 80 2137555 92749338 0 0
# compatibility_mode=5893 16776574 66 94 13816140 93716692 0 0
# compatibility_mode=8192 67108863 100 0 268 268 0 0
# scanned=40049
# found=0
# cleaned=0
# scan_time=2408
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b2fc85f35f7150448e7a976677d4b3b4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-12 01:16:43
# local_time=2012-07-12 03:16:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3589 16777213 100 80 2140155 92751938 0 0
# compatibility_mode=5893 16776574 66 94 13818740 93719292 0 0
# compatibility_mode=8192 67108863 100 0 2868 2868 0 0
# scanned=198722
# found=2
# cleaned=0
# scan_time=9560
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\6ef15ff5-568634e0	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Windows\sys\exproler.exe	Win32/Agent.TGD trojan (unable to clean)	00000000000000000000000000000000	I

Vielen Dank für Ihre Hilfe!

MfG Seelöwe

cosinus · 12.07.2012, 15:09

Log von Malwarebytes ist leider unvollständig

Seelöwe · 12.07.2012, 18:18

Hallo,

Ich habe Malwarebytes noch einmal durchlaufen gelassen, und dies ist der Log den ich bekommen habe. Sollte ich das Ganze falsch verstanden haben, könnten Sie mir freundlicherweise erklären wie ich es richtig mache?

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.11.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lea2 :: LEA-PC [Administrator]

12.07.2012 17:42:04
mbam-log-2012-07-12 (17-42-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 423751
Laufzeit: 1 Stunde(n), 14 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

Ich habe jetzt erst gesehen, dass beim ersten Log ein Stück fehlte.

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.11.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lea2 :: LEA-PC [Administrator]

11.07.2012 21:23:48
mbam-log-2012-07-11 (21-23-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 428646
Laufzeit: 1 Stunde(n), 44 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> 1780 -> Löschen bei Neustart.

Infizierte Speichermodule: 1
C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 22
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Daten: C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Löschen bei Neustart.

Infizierte Dateien: 13
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Löschen bei Neustart.
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lea2\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Erfolg

MfG Seelöwe

cosinus · 12.07.2012, 19:37

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Seelöwe · 12.07.2012, 21:13

Hallo,

der normale Modus von Windows funktioniert uneingeschränkt und im Startmenü und den Programmen ist mir nichts aufgefallen. Meines Erachtens nach ist alles vorhanden.

MfG Seelöwe

cosinus · 13.07.2012, 10:38

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Seelöwe · 13.07.2012, 10:46

Hallo,

Log von AdwCleaner:

Code:

ATTFilter

# AdwCleaner v1.701 - Logfile created 07/13/2012 at 11:44:35
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Lea2 - LEA-PC
# Running from : C:\Users\Lea2\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Lea2\AppData\Local\Smartbar
Folder Found : C:\Users\Lea\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Lea\AppData\LocalLow\Conduit
Folder Found : C:\Users\Lea\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Lea\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Lea\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Lea2\AppData\LocalLow\bbrs_002.tb
Folder Found : C:\Users\Lea2\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Lea2\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Lea2\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\Conduit
Folder Found : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\ConduitCommon
Folder Found : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\ConduitEngine
Folder Found : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\SweetIMToolbarData
Folder Found : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Found : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Folder Found : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Folder Found : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\extensions\engine@conduit.com
Folder Found : C:\Users\Lea2\AppData\Roaming\Mozilla\Firefox\Profiles\fjd5fgsl.default\extensions\bbrs_002@blabbers.com
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Program Files (x86)\Babylon
Folder Found : C:\Program Files (x86)\ConduitEngine
File Found : C:\Users\Lea\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\searchplugins\Conduit.xml
File Found : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\searchplugins\SweetIm.xml
File Found : C:\Users\Lea2\AppData\Roaming\Mozilla\Firefox\Profiles\fjd5fgsl.default\searchplugins\Askcom.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2719325
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKLM\SOFTWARE\BrowserCompanion
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\facemoods.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\SweetIM
[x64] Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\BrowserCompanion
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
[x64] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\prefs.js

Found : user_pref("CT2269050..clientLogIsEnabled", true);
Found : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true);
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "12-8-2011");
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DialogsGetterLastCheckTime", "Fri Aug 12 2011 18:45:29 GMT+0200");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Fri Aug 12 2011 18:45:26 GMT+0200");
Found : user_pref("CT2269050.FirstServerDate", "18-4-2010");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FirstTimeSettingsDone", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.HasUserGlobalKeys", true);
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2269050.InstalledDate", "Sun Apr 18 2010 00:52:30 GMT+0200");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsAlertDBUpdated", true);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Aug 12 2011 18:45:29 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_2.5.8.6", "Mon Oct 11 2010 12:39:53 GMT+0200");
Found : user_pref("CT2269050.LastLogin_2.7.0.14", "Tue Sep 21 2010 22:10:17 GMT+0200");
Found : user_pref("CT2269050.LastLogin_2.7.1.3", "Wed Nov 24 2010 22:23:54 GMT+0100");
Found : user_pref("CT2269050.LastLogin_3.5.0.12", "Fri Aug 12 2011 18:45:29 GMT+0200");
Found : user_pref("CT2269050.LatestVersion", "3.3.3.2");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.LoginCache", 4);
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Fri Aug 12 2011 18:45:27 GMT+0200");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioShrinked", "shrinked");
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
Found : user_pref("CT2269050.SearchBoxWidth", 150);
Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Aug 12 2011 18:45:30 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2269050.ServiceMapLastCheckTime", "Fri Aug 12 2011 18:45:24 GMT+0200");
Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2269050.SettingsLastCheckTime", "Fri Aug 12 2011 18:45:26 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1313041524");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Aug 12 2011 18:45:24 GMT+0200");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Found : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2269050.UserID", "UN62874201712399899");
Found : user_pref("CT2269050.ValidationData_Search", 2);
Found : user_pref("CT2269050.ValidationData_Toolbar", 2);
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Fri Aug 12 2011 18:45:27 GMT+0200");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Found : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E706A73744345343D4436387E4A3F422F77317D7C207[...]
Found : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D706F726E6E717577");
Found : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737675787474777B7D242F4B4947[...]
Found : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Found : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E3441402B327844393C29712B7A7C207D3027324740434[...]
Found : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Found : user_pref("CT2269050.backendstorage./9b-0?3g>d", "686F683E3E7470447A7277467920767B7D2025232024242A56[...]
Found : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Found : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "676A6D7273747576");
Found : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D464[...]
Found : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6A706D3F413E43707A71767379757C78794D7A7E7E");
Found : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D706F726E6E71727877757B");
Found : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "434C4F5345");
Found : user_pref("CT2269050.clientLogIsEnabled", false);
Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Fri Aug 12 2011 18:45:30 GMT+0200");
Found : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2269050.initDone", true);
Found : user_pref("CT2269050.isAppTrackingManagerOn", true);
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129391330693125668,129[...]
Found : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Found : user_pref("CT2269050.testingCtid", "");
Found : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Fri Aug 12 2011 18:45:30 GMT+0200");
Found : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Fri Aug 12 2011 18:45:30 GMT+0200");
Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2269050.usagesFlag", 2);
Found : user_pref("CT2431245..clientLogIsEnabled", false);
Found : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2431245.BrowserCompStateIsOpen_129453394044193841", true);
Found : user_pref("CT2431245.CTID", "CT2431245");
Found : user_pref("CT2431245.CurrentServerDate", "12-8-2011");
Found : user_pref("CT2431245.DialogsAlignMode", "LTR");
Found : user_pref("CT2431245.DialogsGetterLastCheckTime", "Fri Aug 12 2011 18:45:42 GMT+0200");
Found : user_pref("CT2431245.DownloadReferralCookieData", "");
Found : user_pref("CT2431245.EMailNotifierPollDate", "Fri Aug 12 2011 18:45:33 GMT+0200");
Found : user_pref("CT2431245.FeedLastCount129009402595187825", 1242);
Found : user_pref("CT2431245.FeedPollDate7470634014180506963", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014269327586", "Fri Aug 12 2011 18:45:34 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014329599698", "Fri Aug 12 2011 18:45:34 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014537505092", "Fri Aug 12 2011 18:45:34 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014970726540", "Fri Aug 12 2011 18:45:34 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015410831318", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015483395460", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015636754705", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015768347545", "Fri Aug 12 2011 18:45:34 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015855543602", "Fri Aug 12 2011 18:45:34 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016030710453", "Fri Aug 12 2011 18:45:34 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016114705611", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016129205152", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016143724791", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016271239162", "Fri Aug 12 2011 18:45:38 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016568520719", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016726993788", "Fri Aug 12 2011 18:45:34 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017109031809", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017132743740", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017299547668", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017302327846", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017344111490", "Fri Aug 12 2011 18:45:34 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017478360748", "Fri Aug 12 2011 18:45:38 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017732797593", "Fri Aug 12 2011 18:45:34 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017821686064", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634018090228721", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Found : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Found : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Found : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Found : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Found : user_pref("CT2431245.FeedTTL7470634017109031809", 30);
Found : user_pref("CT2431245.FeedTTL7470634017299547668", 2);
Found : user_pref("CT2431245.FirstServerDate", "9-5-2010");
Found : user_pref("CT2431245.FirstTime", true);
Found : user_pref("CT2431245.FirstTimeFF3", true);
Found : user_pref("CT2431245.FirstTimeSettingsDone", true);
Found : user_pref("CT2431245.FixPageNotFoundErrors", true);
Found : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2431245.HasUserGlobalKeys", true);
Found : user_pref("CT2431245.Initialize", true);
Found : user_pref("CT2431245.InitializeCommonPrefs", true);
Found : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2431245.InstalledDate", "Sun May 09 2010 13:10:03 GMT+0200");
Found : user_pref("CT2431245.InvalidateCache", false);
Found : user_pref("CT2431245.IsAlertDBUpdated", true);
Found : user_pref("CT2431245.IsGrouping", false);
Found : user_pref("CT2431245.IsMulticommunity", false);
Found : user_pref("CT2431245.IsOpenThankYouPage", false);
Found : user_pref("CT2431245.IsOpenUninstallPage", true);
Found : user_pref("CT2431245.LanguagePackLastCheckTime", "Fri Aug 12 2011 18:45:42 GMT+0200");
Found : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2431245.LastLogin_2.5.8.6", "Mon Oct 11 2010 12:39:55 GMT+0200");
Found : user_pref("CT2431245.LastLogin_2.7.0.14", "Tue Sep 21 2010 22:10:17 GMT+0200");
Found : user_pref("CT2431245.LastLogin_2.7.1.3", "Wed Nov 24 2010 22:23:56 GMT+0100");
Found : user_pref("CT2431245.LastLogin_3.6.0.10", "Fri Aug 12 2011 18:45:37 GMT+0200");
Found : user_pref("CT2431245.LatestVersion", "3.5.0.12");
Found : user_pref("CT2431245.Locale", "de-de");
Found : user_pref("CT2431245.LoginCache", 4);
Found : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Found : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Found : user_pref("CT2431245.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2431245.RadioIsPodcast", false);
Found : user_pref("CT2431245.RadioLastCheckTime", "Fri Aug 12 2011 18:45:34 GMT+0200");
Found : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Found : user_pref("CT2431245.RadioMediaID", "20503672");
Found : user_pref("CT2431245.RadioMediaType", "Media Player");
Found : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Found : user_pref("CT2431245.RadioShrinkedFromSetup", false);
Found : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Found : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Found : user_pref("CT2431245.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2431245.SavedHomepage", "hxxp://www.google.de/");
Found : user_pref("CT2431245.SearchBoxWidth", 166);
Found : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Found : user_pref("CT2431245.SearchInNewTabEnabled", true);
Found : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Fri Aug 12 2011 18:45:43 GMT+0200");
Found : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2431245.ServiceMapLastCheckTime", "Fri Aug 12 2011 18:45:31 GMT+0200");
Found : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2431245.SettingsLastCheckTime", "Fri Aug 12 2011 18:45:33 GMT+0200");
Found : user_pref("CT2431245.SettingsLastUpdate", "1312890813");
Found : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Fri Aug 12 2011 18:45:32 GMT+0200");
Found : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1277823967");
Found : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2431245");
Found : user_pref("CT2431245.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2431245.UserID", "UN61941296555968117");
Found : user_pref("CT2431245.ValidationData_Search", 2);
Found : user_pref("CT2431245.ValidationData_Toolbar", 2);
Found : user_pref("CT2431245.WeatherNetwork", "");
Found : user_pref("CT2431245.WeatherPollDate", "Fri Aug 12 2011 18:45:35 GMT+0200");
Found : user_pref("CT2431245.WeatherUnit", "C");
Found : user_pref("CT2431245.alertChannelId", "825452");
Found : user_pref("CT2431245.backendstorage.active", "796573");
Found : user_pref("CT2431245.backendstorage.firstinstall", "796573");
Found : user_pref("CT2431245.backendstorage.for_aoi", "31333133313637353533");
Found : user_pref("CT2431245.backendstorage.for_ccid", "48616D62757267");
Found : user_pref("CT2431245.backendstorage.for_cdtr2", "31333133313637353734");
Found : user_pref("CT2431245.backendstorage.for_cdtr5", "31333133313637353533");
Found : user_pref("CT2431245.backendstorage.for_cid", "4445");
Found : user_pref("CT2431245.backendstorage.for_ip", "37382E35342E38382E313130");
Found : user_pref("CT2431245.backendstorage.for_lcut", "31333133313637353534");
Found : user_pref("CT2431245.backendstorage.for_pid", "31303130");
Found : user_pref("CT2431245.backendstorage.for_rid", "3034");
Found : user_pref("CT2431245.backendstorage.for_zoneid", "39353933");
Found : user_pref("CT2431245.backendstorage.gsdomain", "");
Found : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "434C4F5345");
Found : user_pref("CT2431245.backendstorage.lastrun", "31333133313637353531333231");
Found : user_pref("CT2431245.backendstorage.partner_id", "3937346665643236");
Found : user_pref("CT2431245.backendstorage.short", "30");
Found : user_pref("CT2431245.backendstorage.tbready", "74727565");
Found : user_pref("CT2431245.clientLogIsEnabled", false);
Found : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2431245.globalFirstTimeInfoLastCheckTime", "Fri Aug 12 2011 18:45:42 GMT+0200");
Found : user_pref("CT2431245.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2431245.initDone", true);
Found : user_pref("CT2431245.isAppTrackingManagerOn", true);
Found : user_pref("CT2431245.isFirstRadioInstallation", false);
Found : user_pref("CT2431245.myStuffEnabled", true);
Found : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2431245.oldAppsList", "129009402577063104,129009402577844366,111,129460318377631679,129[...]
Found : user_pref("CT2431245.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2431245.searchProtectorEnableByLogin", true);
Found : user_pref("CT2431245.testingCtid", "");
Found : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Fri Aug 12 2011 18:45:42 GMT+0200");
Found : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Fri Aug 12 2011 18:45:42 GMT+0200");
Found : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2431245.usagesFlag", 2);
Found : user_pref("CT2719325.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2719325.CTID", "CT2719325");
Found : user_pref("CT2719325.CurrentServerDate", "7-5-2011");
Found : user_pref("CT2719325.DialogsAlignMode", "LTR");
Found : user_pref("CT2719325.DownloadReferralCookieData", "");
Found : user_pref("CT2719325.EMailNotifierPollDate", "Wed Nov 24 2010 22:28:58 GMT+0100");
Found : user_pref("CT2719325.FeedLastCount7577869347469948784", 1173);
Found : user_pref("CT2719325.FeedPollDate129255010923663813", "Wed Nov 24 2010 21:27:23 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923663819", "Wed Nov 24 2010 21:27:23 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923663825", "Wed Nov 24 2010 21:27:23 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923663831", "Wed Nov 24 2010 21:27:23 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923663837", "Wed Nov 24 2010 21:27:24 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820093", "Wed Nov 24 2010 21:27:24 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820099", "Wed Nov 24 2010 21:27:24 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820105", "Wed Nov 24 2010 21:27:24 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820111", "Wed Nov 24 2010 21:27:25 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820117", "Wed Nov 24 2010 21:27:25 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820123", "Wed Nov 24 2010 21:27:25 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820129", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820135", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820141", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820147", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820153", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820159", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820165", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820171", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820177", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820183", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820189", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820195", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820201", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820207", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedPollDate129255010923820213", "Wed Nov 24 2010 21:27:26 GMT+0100");
Found : user_pref("CT2719325.FeedTTL129255010923663825", 5);
Found : user_pref("CT2719325.FeedTTL129255010923663831", 5);
Found : user_pref("CT2719325.FeedTTL129255010923820111", 2);
Found : user_pref("CT2719325.FeedTTL129255010923820141", 5);
Found : user_pref("CT2719325.FeedTTL129255010923820153", 30);
Found : user_pref("CT2719325.FirstServerDate", "11-10-2010");
Found : user_pref("CT2719325.FirstTime", true);
Found : user_pref("CT2719325.FirstTimeFF3", true);
Found : user_pref("CT2719325.FirstTimeSettingsDone", true);
Found : user_pref("CT2719325.FixPageNotFoundErrors", true);
Found : user_pref("CT2719325.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2719325.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2719325.HasUserGlobalKeys", true);
Found : user_pref("CT2719325.Initialize", true);
Found : user_pref("CT2719325.InitializeCommonPrefs", true);
Found : user_pref("CT2719325.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2719325.InstallationType", "UnknownIntegration");
Found : user_pref("CT2719325.InstalledDate", "Mon Oct 11 2010 20:10:10 GMT+0200");
Found : user_pref("CT2719325.InvalidateCache", false);
Found : user_pref("CT2719325.IsGrouping", false);
Found : user_pref("CT2719325.IsMulticommunity", false);
Found : user_pref("CT2719325.IsOpenThankYouPage", false);
Found : user_pref("CT2719325.IsOpenUninstallPage", true);
Found : user_pref("CT2719325.LanguagePackLastCheckTime", "Sat May 07 2011 11:08:21 GMT+0200");
Found : user_pref("CT2719325.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2719325.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2719325.LastLogin_2.5.8.6", "Sat May 07 2011 11:08:20 GMT+0200");
Found : user_pref("CT2719325.LastLogin_2.7.1.3", "Wed Nov 24 2010 22:23:58 GMT+0100");
Found : user_pref("CT2719325.LatestVersion", "3.3.3.2");
Found : user_pref("CT2719325.Locale", "de");
Found : user_pref("CT2719325.LoginCache", 4);
Found : user_pref("CT2719325.MCDetectTooltipHeight", "83");
Found : user_pref("CT2719325.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2719325.MCDetectTooltipWidth", "295");
Found : user_pref("CT2719325.RadioIsPodcast", false);
Found : user_pref("CT2719325.RadioLastCheckTime", "Wed Nov 24 2010 21:27:23 GMT+0100");
Found : user_pref("CT2719325.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2719325.RadioLastUpdateServer", "129331774707600000");
Found : user_pref("CT2719325.RadioMediaID", "21056683");
Found : user_pref("CT2719325.RadioMediaType", "Media Player");
Found : user_pref("CT2719325.RadioMenuSelectedID", "EBRadioMenu_CT271932521056683");
Found : user_pref("CT2719325.RadioShrinked", "shrinked");
Found : user_pref("CT2719325.RadioStationName", "MDR%20Info");
Found : user_pref("CT2719325.RadioStationURL", "hxxp://mdr.streamfarm.net/cms/_vm100/radios/mdr/live/info_cm[...]
Found : user_pref("CT2719325.SearchBoxWidth", 150);
Found : user_pref("CT2719325.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2719325.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2719325.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT271[...]
Found : user_pref("CT2719325.SearchInNewTabEnabled", true);
Found : user_pref("CT2719325.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2719325.SearchInNewTabLastCheckTime", "Sat May 07 2011 11:08:20 GMT+0200");
Found : user_pref("CT2719325.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2719325.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2719325.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2719325.SettingsLastCheckTime", "Sat May 07 2011 11:08:20 GMT+0200");
Found : user_pref("CT2719325.SettingsLastUpdate", "1290521031");
Found : user_pref("CT2719325.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2719325.ThirdPartyComponentsLastCheck", "Sat May 07 2011 11:08:20 GMT+0200");
Found : user_pref("CT2719325.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2719325.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT2719325.UserID", "UN73384690719254285");
Found : user_pref("CT2719325.ValidationData_Toolbar", 2);
Found : user_pref("CT2719325.WeatherNetwork", "");
Found : user_pref("CT2719325.WeatherPollDate", "Wed Nov 24 2010 22:23:59 GMT+0100");
Found : user_pref("CT2719325.WeatherUnit", "C");
Found : user_pref("CT2719325.alertChannelId", "1111610");
Found : user_pref("CT2719325.backendstorage.ct2719325ads1", "25374225323261647325323225334125354225374225323[...]
Found : user_pref("CT2719325.backendstorage.ct2719325current_term", "");
Found : user_pref("CT2719325.backendstorage.ct2719325sdate", "3238");
Found : user_pref("CT2719325.backendstorage.hxxp://cmg1_conduit-widgets_com/simon.state", "4F50454E");
Found : user_pref("CT2719325.clientLogIsEnabled", true);
Found : user_pref("CT2719325.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2719325.myStuffEnabled", true);
Found : user_pref("CT2719325.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2719325.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2719325.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2719325.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2719325.testingCtid", "");
Found : user_pref("CT2719325.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2719325");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2431245&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/maxi.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play_mini[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Lea\\AppData\\Roaming\\Mozilla\\Fir[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Found : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/7/176/CT1764407/Brows[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.labpixies.com/campaigns/youtube/youtu[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/50/226/CT2269050/Gadgets/[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/50/226/CT2269050/Gadgets/[...]
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,CT2431245,CT2719325,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT2431245,CT2719325");
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Mar 24 2011 18:41:24 GMT+0100");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Mar 24 2011 18:41:24 GMT+0100");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "9145c37b-b433-42f6-8c14-4afd76ed5dc8");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Aug 12 2011 18:45:34 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "55e44ba1-f9d7-4825-b660-3604202810ff");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2431245");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Aug 12 2011 18:45:3[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Aug 12 2011 19:45:45 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Aug 12 2011 18:45:26 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "82cd4152-934c-4938-89da-8b58e2c6a02a");
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.FirstServerDate", "12/06/2010 22");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Mon Dec 06 2010 20:01:50 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Mar 24 2011 18:41:25 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.2.3.3", "Sun Feb 06 2011 19:21:54 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Thu Mar 24 2011 18:50:43 GMT+0100");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 28 2011 16:59:50 GMT+0200");
Found : user_pref("ConduitEngine.ThirdPartyComponentsLastCheck", "Tue Jun 28 2011 15:03:32 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN17800186391420003");
Found : user_pref("ConduitEngine.componentAlertEnabled", true);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Mar 24 2011 18:41:25 GMT+0100");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("browser.babylon.HPOnNewTab", "1");
Found : user_pref("browser.search.defaultthis.engineName", "softonic-de3 Customized Web Search");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 7);
Found : user_pref("extensions.BabylonToolbar.cntry", "DE");
Found : user_pref("extensions.BabylonToolbar.firstRun", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "441A9F1A892142EBAB263C692217B7EC");
Found : user_pref("extensions.BabylonToolbar.lastActv", "7");
Found : user_pref("extensions.BabylonToolbar.lastDP", 7);
Found : user_pref("extensions.facemoods.aflt", "_#stonicde");
Found : user_pref("extensions.facemoods.firstRun", false);
Found : user_pref("extensions.facemoods.lastActv", "28");
Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.mode.debug", "false");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
Found : user_pref("sweetim.toolbar.searchguard.enable", "true");
Found : user_pref("sweetim.toolbar.simapp_id", "{ED9328F4-8722-47F1-B376-0B6293482B56}");

Profile name : default 
File : C:\Users\Lea2\AppData\Roaming\Mozilla\Firefox\Profiles\fjd5fgsl.default\prefs.js

Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Ask.com");

*************************

AdwCleaner[R1].txt - [55371 octets] - [13/07/2012 11:44:35]

########## EOF - C:\AdwCleaner[R1].txt - [55500 octets] ##########

MfG Seelöwe

cosinus · 13.07.2012, 20:26

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Seelöwe · 13.07.2012, 21:04

Hallo,

der Log:

Code:

ATTFilter

# AdwCleaner v1.701 - Logfile created 07/13/2012 at 21:57:24
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Lea2 - LEA-PC
# Running from : C:\Users\Lea2\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Lea2\AppData\Local\Smartbar
Folder Deleted : C:\Users\Lea\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Lea\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lea\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Lea\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Lea\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Lea2\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Users\Lea2\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Lea2\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Lea2\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\Conduit
Folder Deleted : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\ConduitCommon
Folder Deleted : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\ConduitEngine
Folder Deleted : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\SweetIMToolbarData
Folder Deleted : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Deleted : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Folder Deleted : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\extensions\engine@conduit.com
Folder Deleted : C:\Users\Lea2\AppData\Roaming\Mozilla\Firefox\Profiles\fjd5fgsl.default\extensions\bbrs_002@blabbers.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Deleted on reboot : C:\Users\Lea\AppData\Local\TempC:\Program Files (x86)\Software
File Deleted : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Lea2\AppData\Roaming\Mozilla\Firefox\Profiles\fjd5fgsl.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2719325
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\facemoods.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\SweetIM

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
[x64] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\iizvctcx.default\prefs.js

Deleted : user_pref("CT2269050..clientLogIsEnabled", true);
Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true);
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "12-8-2011");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Fri Aug 12 2011 18:45:29 GMT+0200");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Fri Aug 12 2011 18:45:26 GMT+0200");
Deleted : user_pref("CT2269050.FirstServerDate", "18-4-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2269050.InstalledDate", "Sun Apr 18 2010 00:52:30 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsAlertDBUpdated", true);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Aug 12 2011 18:45:29 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.5.8.6", "Mon Oct 11 2010 12:39:53 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Tue Sep 21 2010 22:10:17 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_2.7.1.3", "Wed Nov 24 2010 22:23:54 GMT+0100");
Deleted : user_pref("CT2269050.LastLogin_3.5.0.12", "Fri Aug 12 2011 18:45:29 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Fri Aug 12 2011 18:45:27 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioShrinked", "shrinked");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CT2269050.SearchBoxWidth", 150);
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Aug 12 2011 18:45:30 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Fri Aug 12 2011 18:45:24 GMT+0200");
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Fri Aug 12 2011 18:45:26 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1313041524");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Aug 12 2011 18:45:24 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2269050.UserID", "UN62874201712399899");
Deleted : user_pref("CT2269050.ValidationData_Search", 2);
Deleted : user_pref("CT2269050.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Fri Aug 12 2011 18:45:27 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E706A73744345343D4436387E4A3F422F77317D7C207[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D706F726E6E717577");
Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737675787474777B7D242F4B4947[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E3441402B327844393C29712B7A7C207D3027324740434[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT2269050.backendstorage./9b-0?3g>d", "686F683E3E7470447A7277467920767B7D2025232024242A56[...]
Deleted : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Deleted : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "676A6D7273747576");
Deleted : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D464[...]
Deleted : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6A706D3F413E43707A71767379757C78794D7A7E7E");
Deleted : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D706F726E6E71727877757B");
Deleted : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "434C4F5345");
Deleted : user_pref("CT2269050.clientLogIsEnabled", false);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Fri Aug 12 2011 18:45:30 GMT+0200");
Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.initDone", true);
Deleted : user_pref("CT2269050.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129391330693125668,129[...]
Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.testingCtid", "");
Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Fri Aug 12 2011 18:45:30 GMT+0200");
Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Fri Aug 12 2011 18:45:30 GMT+0200");
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2269050.usagesFlag", 2);
Deleted : user_pref("CT2431245..clientLogIsEnabled", false);
Deleted : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2431245.BrowserCompStateIsOpen_129453394044193841", true);
Deleted : user_pref("CT2431245.CTID", "CT2431245");
Deleted : user_pref("CT2431245.CurrentServerDate", "12-8-2011");
Deleted : user_pref("CT2431245.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2431245.DialogsGetterLastCheckTime", "Fri Aug 12 2011 18:45:42 GMT+0200");
Deleted : user_pref("CT2431245.DownloadReferralCookieData", "");
Deleted : user_pref("CT2431245.EMailNotifierPollDate", "Fri Aug 12 2011 18:45:33 GMT+0200");
Deleted : user_pref("CT2431245.FeedLastCount129009402595187825", 1242);
Deleted : user_pref("CT2431245.FeedPollDate7470634014180506963", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014269327586", "Fri Aug 12 2011 18:45:34 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014329599698", "Fri Aug 12 2011 18:45:34 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014537505092", "Fri Aug 12 2011 18:45:34 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014970726540", "Fri Aug 12 2011 18:45:34 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015410831318", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015483395460", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015636754705", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015768347545", "Fri Aug 12 2011 18:45:34 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015855543602", "Fri Aug 12 2011 18:45:34 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016030710453", "Fri Aug 12 2011 18:45:34 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016114705611", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016129205152", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016143724791", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016271239162", "Fri Aug 12 2011 18:45:38 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016568520719", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016726993788", "Fri Aug 12 2011 18:45:34 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017109031809", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017132743740", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017299547668", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017302327846", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017344111490", "Fri Aug 12 2011 18:45:34 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017478360748", "Fri Aug 12 2011 18:45:38 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017732797593", "Fri Aug 12 2011 18:45:34 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017821686064", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634018090228721", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Deleted : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Deleted : user_pref("CT2431245.FeedTTL7470634017109031809", 30);
Deleted : user_pref("CT2431245.FeedTTL7470634017299547668", 2);
Deleted : user_pref("CT2431245.FirstServerDate", "9-5-2010");
Deleted : user_pref("CT2431245.FirstTime", true);
Deleted : user_pref("CT2431245.FirstTimeFF3", true);
Deleted : user_pref("CT2431245.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2431245.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2431245.HasUserGlobalKeys", true);
Deleted : user_pref("CT2431245.Initialize", true);
Deleted : user_pref("CT2431245.InitializeCommonPrefs", true);
Deleted : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2431245.InstalledDate", "Sun May 09 2010 13:10:03 GMT+0200");
Deleted : user_pref("CT2431245.InvalidateCache", false);
Deleted : user_pref("CT2431245.IsAlertDBUpdated", true);
Deleted : user_pref("CT2431245.IsGrouping", false);
Deleted : user_pref("CT2431245.IsMulticommunity", false);
Deleted : user_pref("CT2431245.IsOpenThankYouPage", false);
Deleted : user_pref("CT2431245.IsOpenUninstallPage", true);
Deleted : user_pref("CT2431245.LanguagePackLastCheckTime", "Fri Aug 12 2011 18:45:42 GMT+0200");
Deleted : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2431245.LastLogin_2.5.8.6", "Mon Oct 11 2010 12:39:55 GMT+0200");
Deleted : user_pref("CT2431245.LastLogin_2.7.0.14", "Tue Sep 21 2010 22:10:17 GMT+0200");
Deleted : user_pref("CT2431245.LastLogin_2.7.1.3", "Wed Nov 24 2010 22:23:56 GMT+0100");
Deleted : user_pref("CT2431245.LastLogin_3.6.0.10", "Fri Aug 12 2011 18:45:37 GMT+0200");
Deleted : user_pref("CT2431245.LatestVersion", "3.5.0.12");
Deleted : user_pref("CT2431245.Locale", "de-de");
Deleted : user_pref("CT2431245.LoginCache", 4);
Deleted : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2431245.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2431245.RadioIsPodcast", false);
Deleted : user_pref("CT2431245.RadioLastCheckTime", "Fri Aug 12 2011 18:45:34 GMT+0200");
Deleted : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Deleted : user_pref("CT2431245.RadioMediaID", "20503672");
Deleted : user_pref("CT2431245.RadioMediaType", "Media Player");
Deleted : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Deleted : user_pref("CT2431245.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Deleted : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Deleted : user_pref("CT2431245.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2431245.SavedHomepage", "hxxp://www.google.de/");
Deleted : user_pref("CT2431245.SearchBoxWidth", 166);
Deleted : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2431245.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Fri Aug 12 2011 18:45:43 GMT+0200");
Deleted : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2431245.ServiceMapLastCheckTime", "Fri Aug 12 2011 18:45:31 GMT+0200");
Deleted : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2431245.SettingsLastCheckTime", "Fri Aug 12 2011 18:45:33 GMT+0200");
Deleted : user_pref("CT2431245.SettingsLastUpdate", "1312890813");
Deleted : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Fri Aug 12 2011 18:45:32 GMT+0200");
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1277823967");
Deleted : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2431245");
Deleted : user_pref("CT2431245.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2431245.UserID", "UN61941296555968117");
Deleted : user_pref("CT2431245.ValidationData_Search", 2);
Deleted : user_pref("CT2431245.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2431245.WeatherNetwork", "");
Deleted : user_pref("CT2431245.WeatherPollDate", "Fri Aug 12 2011 18:45:35 GMT+0200");
Deleted : user_pref("CT2431245.WeatherUnit", "C");
Deleted : user_pref("CT2431245.alertChannelId", "825452");
Deleted : user_pref("CT2431245.backendstorage.active", "796573");
Deleted : user_pref("CT2431245.backendstorage.firstinstall", "796573");
Deleted : user_pref("CT2431245.backendstorage.for_aoi", "31333133313637353533");
Deleted : user_pref("CT2431245.backendstorage.for_ccid", "48616D62757267");
Deleted : user_pref("CT2431245.backendstorage.for_cdtr2", "31333133313637353734");
Deleted : user_pref("CT2431245.backendstorage.for_cdtr5", "31333133313637353533");
Deleted : user_pref("CT2431245.backendstorage.for_cid", "4445");
Deleted : user_pref("CT2431245.backendstorage.for_ip", "37382E35342E38382E313130");
Deleted : user_pref("CT2431245.backendstorage.for_lcut", "31333133313637353534");
Deleted : user_pref("CT2431245.backendstorage.for_pid", "31303130");
Deleted : user_pref("CT2431245.backendstorage.for_rid", "3034");
Deleted : user_pref("CT2431245.backendstorage.for_zoneid", "39353933");
Deleted : user_pref("CT2431245.backendstorage.gsdomain", "");
Deleted : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "434C4F5345");
Deleted : user_pref("CT2431245.backendstorage.lastrun", "31333133313637353531333231");
Deleted : user_pref("CT2431245.backendstorage.partner_id", "3937346665643236");
Deleted : user_pref("CT2431245.backendstorage.short", "30");
Deleted : user_pref("CT2431245.backendstorage.tbready", "74727565");
Deleted : user_pref("CT2431245.clientLogIsEnabled", false);
Deleted : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2431245.globalFirstTimeInfoLastCheckTime", "Fri Aug 12 2011 18:45:42 GMT+0200");
Deleted : user_pref("CT2431245.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2431245.initDone", true);
Deleted : user_pref("CT2431245.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2431245.isFirstRadioInstallation", false);
Deleted : user_pref("CT2431245.myStuffEnabled", true);
Deleted : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2431245.oldAppsList", "129009402577063104,129009402577844366,111,129460318377631679,129[...]
Deleted : user_pref("CT2431245.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2431245.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2431245.testingCtid", "");
Deleted : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Fri Aug 12 2011 18:45:42 GMT+0200");
Deleted : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Fri Aug 12 2011 18:45:42 GMT+0200");
Deleted : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2431245.usagesFlag", 2);
Deleted : user_pref("CT2719325.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2719325.CTID", "CT2719325");
Deleted : user_pref("CT2719325.CurrentServerDate", "7-5-2011");
Deleted : user_pref("CT2719325.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2719325.DownloadReferralCookieData", "");
Deleted : user_pref("CT2719325.EMailNotifierPollDate", "Wed Nov 24 2010 22:28:58 GMT+0100");
Deleted : user_pref("CT2719325.FeedLastCount7577869347469948784", 1173);
Deleted : user_pref("CT2719325.FeedPollDate129255010923663813", "Wed Nov 24 2010 21:27:23 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923663819", "Wed Nov 24 2010 21:27:23 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923663825", "Wed Nov 24 2010 21:27:23 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923663831", "Wed Nov 24 2010 21:27:23 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923663837", "Wed Nov 24 2010 21:27:24 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820093", "Wed Nov 24 2010 21:27:24 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820099", "Wed Nov 24 2010 21:27:24 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820105", "Wed Nov 24 2010 21:27:24 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820111", "Wed Nov 24 2010 21:27:25 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820117", "Wed Nov 24 2010 21:27:25 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820123", "Wed Nov 24 2010 21:27:25 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820129", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820135", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820141", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820147", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820153", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820159", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820165", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820171", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820177", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820183", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820189", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820195", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820201", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820207", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedPollDate129255010923820213", "Wed Nov 24 2010 21:27:26 GMT+0100");
Deleted : user_pref("CT2719325.FeedTTL129255010923663825", 5);
Deleted : user_pref("CT2719325.FeedTTL129255010923663831", 5);
Deleted : user_pref("CT2719325.FeedTTL129255010923820111", 2);
Deleted : user_pref("CT2719325.FeedTTL129255010923820141", 5);
Deleted : user_pref("CT2719325.FeedTTL129255010923820153", 30);
Deleted : user_pref("CT2719325.FirstServerDate", "11-10-2010");
Deleted : user_pref("CT2719325.FirstTime", true);
Deleted : user_pref("CT2719325.FirstTimeFF3", true);
Deleted : user_pref("CT2719325.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2719325.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2719325.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2719325.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2719325.HasUserGlobalKeys", true);
Deleted : user_pref("CT2719325.Initialize", true);
Deleted : user_pref("CT2719325.InitializeCommonPrefs", true);
Deleted : user_pref("CT2719325.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2719325.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2719325.InstalledDate", "Mon Oct 11 2010 20:10:10 GMT+0200");
Deleted : user_pref("CT2719325.InvalidateCache", false);
Deleted : user_pref("CT2719325.IsGrouping", false);
Deleted : user_pref("CT2719325.IsMulticommunity", false);
Deleted : user_pref("CT2719325.IsOpenThankYouPage", false);
Deleted : user_pref("CT2719325.IsOpenUninstallPage", true);
Deleted : user_pref("CT2719325.LanguagePackLastCheckTime", "Sat May 07 2011 11:08:21 GMT+0200");
Deleted : user_pref("CT2719325.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2719325.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2719325.LastLogin_2.5.8.6", "Sat May 07 2011 11:08:20 GMT+0200");
Deleted : user_pref("CT2719325.LastLogin_2.7.1.3", "Wed Nov 24 2010 22:23:58 GMT+0100");
Deleted : user_pref("CT2719325.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2719325.Locale", "de");
Deleted : user_pref("CT2719325.LoginCache", 4);
Deleted : user_pref("CT2719325.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2719325.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2719325.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2719325.RadioIsPodcast", false);
Deleted : user_pref("CT2719325.RadioLastCheckTime", "Wed Nov 24 2010 21:27:23 GMT+0100");
Deleted : user_pref("CT2719325.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2719325.RadioLastUpdateServer", "129331774707600000");
Deleted : user_pref("CT2719325.RadioMediaID", "21056683");
Deleted : user_pref("CT2719325.RadioMediaType", "Media Player");
Deleted : user_pref("CT2719325.RadioMenuSelectedID", "EBRadioMenu_CT271932521056683");
Deleted : user_pref("CT2719325.RadioShrinked", "shrinked");
Deleted : user_pref("CT2719325.RadioStationName", "MDR%20Info");
Deleted : user_pref("CT2719325.RadioStationURL", "hxxp://mdr.streamfarm.net/cms/_vm100/radios/mdr/live/info_cm[...]
Deleted : user_pref("CT2719325.SearchBoxWidth", 150);
Deleted : user_pref("CT2719325.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2719325.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2719325.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT271[...]
Deleted : user_pref("CT2719325.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2719325.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2719325.SearchInNewTabLastCheckTime", "Sat May 07 2011 11:08:20 GMT+0200");
Deleted : user_pref("CT2719325.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2719325.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2719325.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2719325.SettingsLastCheckTime", "Sat May 07 2011 11:08:20 GMT+0200");
Deleted : user_pref("CT2719325.SettingsLastUpdate", "1290521031");
Deleted : user_pref("CT2719325.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2719325.ThirdPartyComponentsLastCheck", "Sat May 07 2011 11:08:20 GMT+0200");
Deleted : user_pref("CT2719325.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2719325.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2719325.UserID", "UN73384690719254285");
Deleted : user_pref("CT2719325.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2719325.WeatherNetwork", "");
Deleted : user_pref("CT2719325.WeatherPollDate", "Wed Nov 24 2010 22:23:59 GMT+0100");
Deleted : user_pref("CT2719325.WeatherUnit", "C");
Deleted : user_pref("CT2719325.alertChannelId", "1111610");
Deleted : user_pref("CT2719325.backendstorage.ct2719325ads1", "25374225323261647325323225334125354225374225323[...]
Deleted : user_pref("CT2719325.backendstorage.ct2719325current_term", "");
Deleted : user_pref("CT2719325.backendstorage.ct2719325sdate", "3238");
Deleted : user_pref("CT2719325.backendstorage.hxxp://cmg1_conduit-widgets_com/simon.state", "4F50454E");
Deleted : user_pref("CT2719325.clientLogIsEnabled", true);
Deleted : user_pref("CT2719325.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2719325.myStuffEnabled", true);
Deleted : user_pref("CT2719325.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2719325.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2719325.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2719325.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2719325.testingCtid", "");
Deleted : user_pref("CT2719325.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2719325");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2431245&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/maxi.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play_mini[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Lea\\AppData\\Roaming\\Mozilla\\Fir[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/7/176/CT1764407/Brows[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.labpixies.com/campaigns/youtube/youtu[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/50/226/CT2269050/Gadgets/[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/50/226/CT2269050/Gadgets/[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,CT2431245,CT2719325,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT2431245,CT2719325");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Mar 24 2011 18:41:24 GMT+0100");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Mar 24 2011 18:41:24 GMT+0100");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "9145c37b-b433-42f6-8c14-4afd76ed5dc8");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Aug 12 2011 18:45:34 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "55e44ba1-f9d7-4825-b660-3604202810ff");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2431245");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Aug 12 2011 18:45:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Aug 12 2011 19:45:45 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Aug 12 2011 18:45:26 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "82cd4152-934c-4938-89da-8b58e2c6a02a");
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.FirstServerDate", "12/06/2010 22");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Mon Dec 06 2010 20:01:50 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Mar 24 2011 18:41:25 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.2.3.3", "Sun Feb 06 2011 19:21:54 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Thu Mar 24 2011 18:50:43 GMT+0100");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 28 2011 16:59:50 GMT+0200");
Deleted : user_pref("ConduitEngine.ThirdPartyComponentsLastCheck", "Tue Jun 28 2011 15:03:32 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN17800186391420003");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", true);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Mar 24 2011 18:41:25 GMT+0100");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("browser.babylon.HPOnNewTab", "1");
Deleted : user_pref("browser.search.defaultthis.engineName", "softonic-de3 Customized Web Search");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 7);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "DE");
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "441A9F1A892142EBAB263C692217B7EC");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "7");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 7);
Deleted : user_pref("extensions.facemoods.aflt", "_#stonicde");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "28");
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{ED9328F4-8722-47F1-B376-0B6293482B56}");

Profile name : default 
File : C:\Users\Lea2\AppData\Roaming\Mozilla\Firefox\Profiles\fjd5fgsl.default\prefs.js

Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");

*************************

AdwCleaner[R1].txt - [55434 octets] - [13/07/2012 11:44:35]
AdwCleaner[S1].txt - [55051 octets] - [13/07/2012 21:57:24]

########## EOF - C:\AdwCleaner[S1].txt - [55180 octets] ##########

MfG Seelöwe

cosinus · 13.07.2012, 22:02

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Seelöwe · 14.07.2012, 10:26

Hallo,

hier ist der Log von OTL:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.07.2012 10:51:09 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 66,93% Memory free
5,50 Gb Paging File | 4,04 Gb Available in Paging File | 73,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,41 Gb Total Space | 868,71 Gb Free Space | 94,49% Space Free | Partition Type: NTFS
Drive E: | 1,87 Gb Total Space | 1,86 Gb Free Space | 99,57% Space Free | Partition Type: FAT
 
Computer Name: LEA-PC | User Name: Lea2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.14 10:34:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.06.14 14:27:10 | 000,907,496 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService)
SRV - [2012.07.12 10:42:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.10 20:00:58 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.06.17 09:17:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.19 17:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.04.19 17:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.02.04 20:40:59 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.07.06 13:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011.04.21 03:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.08.26 13:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.30 07:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.03.08 19:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr)
DRV - [2012.06.19 02:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.06.14 20:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120713.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.06.02 11:53:14 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120713.004\ex64.sys -- (NAVEX15)
DRV - [2012.06.02 11:53:14 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120713.004\eng64.sys -- (NAVENG)
DRV - [2012.05.31 11:49:29 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.05.31 11:49:28 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.04.21 17:52:20 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1332&r=17360410sn06973954si58h9i2733n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1332&r=17360410sn06973954si58h9i2733n
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1332&r=17360410sn06973954si58h9i2733n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1332&r=17360410sn06973954si58h9i2733n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\zbani: "URL" = hxxp://home.zbani.com/en/get/{searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1332&r=17360410sn06973954si58h9i2733n
IE - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1332&r=17360410sn06973954si58h9i2733n
IE - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE375
IE - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\..\SearchScopes\{9EB4671A-E185-43AF-850B-0C72F1692F67}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=D2411C44-B165-4022-AF30-E76509E59D54&apn_sauid=7383A753-56A0-4B1F-AB9A-262D07F67092
IE - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012.02.11 10:09:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_9_4 [2012.07.14 10:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 09:17:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.10 17:47:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 09:17:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.10 17:47:31 | 000,000,000 | ---D | M]
 
[2012.02.04 20:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lea2\AppData\Roaming\mozilla\Extensions
[2012.07.13 21:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lea2\AppData\Roaming\mozilla\Firefox\Profiles\fjd5fgsl.default\extensions
[2012.07.09 06:47:41 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Lea2\AppData\Roaming\mozilla\Firefox\Profiles\fjd5fgsl.default\extensions\firefox@ghostery.com
[2012.07.10 10:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.06.17 09:17:04 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.17 09:16:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.17 09:16:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.17 09:16:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.28 19:11:11 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
[2012.06.17 09:16:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 09:16:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 09:16:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.04 00:48:52 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\..\Toolbar\WebBrowser: (no name) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [MacroKeyManager] C:\Windows\SysNative\WTMKM.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Lea2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lea2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lea2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lea2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://myoffice.suedleasing.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.7 213.191.92.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ED23980-5D4A-47C4-A4E1-E7115121792E}: DhcpNameServer = 62.109.123.7 213.191.92.86
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Lea2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: CanonSolutionMenuEx - hkey= - key= - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
MsConfig:64bit - StartUpReg: IJNetworkScannerSelectorEX - hkey= - key= - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: MobileDocuments - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: PlusService - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: swg - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.14 10:34:07 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Lea2\Desktop\OTL.exe
[2012.07.12 11:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.11 21:22:31 | 000,000,000 | ---D | C] -- C:\Users\Lea2\AppData\Roaming\Malwarebytes
[2012.07.11 21:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.11 21:22:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.11 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.10 17:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012.07.10 17:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.07.10 17:45:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.07.10 17:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.07.10 17:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.07.10 17:36:59 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.07.10 12:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012.07.10 10:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.07.10 10:06:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.07.07 18:56:52 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.07.07 18:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.07.04 01:26:21 | 000,000,000 | ---D | C] -- C:\Users\Lea2\AppData\Roaming\SUPERAntiSpyware.com
[2012.07.04 01:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.07.04 01:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.07.04 00:40:51 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012.07.04 00:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2012.06.28 08:57:25 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.28 08:43:07 | 000,000,000 | ---D | C] -- C:\Users\Lea2\AppData\Local\ElevatedDiagnostics
[2012.06.19 14:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.19 14:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.19 14:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.06.02 06:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Users\Lea2\DSETUP.dll
[2009.10.29 05:11:17 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.14 10:53:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.14 10:50:46 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.14 10:50:46 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.14 10:50:46 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.14 10:50:46 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.14 10:50:46 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.14 10:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.14 10:34:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lea2\Desktop\OTL.exe
[2012.07.14 10:28:29 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 10:28:29 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 10:21:18 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 10:20:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.14 10:20:32 | 2213,404,672 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.13 11:43:49 | 000,618,655 | ---- | M] () -- C:\Users\Lea2\Desktop\adwcleaner.exe
[2012.07.12 09:51:25 | 000,450,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 10:11:39 | 000,108,980 | ---- | M] () -- C:\Users\Lea2\Documents\cc_20120710_101120.reg
[2012.07.04 00:49:27 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012.06.22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
 
========== Files Created - No Company Name ==========
 
[2012.07.13 11:43:44 | 000,618,655 | ---- | C] () -- C:\Users\Lea2\Desktop\adwcleaner.exe
[2012.07.10 10:11:28 | 000,108,980 | ---- | C] () -- C:\Users\Lea2\Documents\cc_20120710_101120.reg
[2012.07.04 00:49:24 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012.03.12 23:09:43 | 000,002,048 | -HS- | C] () -- C:\Users\Lea2\AppData\Local\c5c2f047\@
[2012.02.14 19:28:59 | 000,001,467 | ---- | C] () -- C:\Users\Lea2\.recently-used.xbel
[2012.01.26 17:01:06 | 000,008,229 | ---- | C] () -- C:\Windows\aiptbl.ini
[2011.08.23 07:38:19 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini
[2011.07.28 12:06:41 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2011.02.18 21:07:36 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.01.04 00:51:05 | 000,000,140 | ---- | C] () -- C:\ProgramData\xlink.sys
[2011.01.04 00:51:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ntUsrrP_1_0.dll
[2011.01.03 22:52:19 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.07.16 18:07:05 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2010.06.02 06:22:54 | 001,412,902 | ---- | C] () -- C:\Users\Lea2\OCT2006_d3dx9_31_x64.cab
[2010.06.02 06:22:54 | 001,127,217 | ---- | C] () -- C:\Users\Lea2\OCT2006_d3dx9_31_x86.cab
[2010.06.02 06:22:54 | 000,273,960 | ---- | C] () -- C:\Users\Lea2\Nov2008_XAudio_x64.cab
[2010.06.02 06:22:54 | 000,272,611 | ---- | C] () -- C:\Users\Lea2\Nov2008_XAudio_x86.cab
[2010.06.02 06:22:54 | 000,182,361 | ---- | C] () -- C:\Users\Lea2\OCT2006_XACT_x64.cab
[2010.06.02 06:22:54 | 000,138,017 | ---- | C] () -- C:\Users\Lea2\OCT2006_XACT_x86.cab
[2010.06.02 06:22:54 | 000,086,037 | ---- | C] () -- C:\Users\Lea2\Oct2005_xinput_x64.cab
[2010.06.02 06:22:54 | 000,045,359 | ---- | C] () -- C:\Users\Lea2\Oct2005_xinput_x86.cab
[2010.06.02 06:22:52 | 001,906,878 | ---- | C] () -- C:\Users\Lea2\Nov2008_d3dx9_40_x64.cab
[2010.06.02 06:22:52 | 001,550,796 | ---- | C] () -- C:\Users\Lea2\Nov2008_d3dx9_40_x86.cab
[2010.06.02 06:22:52 | 000,965,421 | ---- | C] () -- C:\Users\Lea2\Nov2008_d3dx10_40_x86.cab
[2010.06.02 06:22:52 | 000,121,794 | ---- | C] () -- C:\Users\Lea2\Nov2008_XACT_x64.cab
[2010.06.02 06:22:52 | 000,092,684 | ---- | C] () -- C:\Users\Lea2\Nov2008_XACT_x86.cab
[2010.06.02 06:22:52 | 000,054,522 | ---- | C] () -- C:\Users\Lea2\Nov2008_X3DAudio_x64.cab
[2010.06.02 06:22:52 | 000,021,851 | ---- | C] () -- C:\Users\Lea2\Nov2008_X3DAudio_x86.cab
[2010.06.02 06:22:50 | 000,994,154 | ---- | C] () -- C:\Users\Lea2\Nov2008_d3dx10_40_x64.cab
[2010.06.02 06:22:50 | 000,196,762 | ---- | C] () -- C:\Users\Lea2\NOV2007_XACT_x64.cab
[2010.06.02 06:22:50 | 000,148,264 | ---- | C] () -- C:\Users\Lea2\NOV2007_XACT_x86.cab
[2010.06.02 06:22:50 | 000,046,144 | ---- | C] () -- C:\Users\Lea2\NOV2007_X3DAudio_x64.cab
[2010.06.02 06:22:50 | 000,018,496 | ---- | C] () -- C:\Users\Lea2\NOV2007_X3DAudio_x86.cab
[2010.06.02 06:22:48 | 001,802,058 | ---- | C] () -- C:\Users\Lea2\Nov2007_d3dx9_36_x64.cab
[2010.06.02 06:22:48 | 001,709,360 | ---- | C] () -- C:\Users\Lea2\Nov2007_d3dx9_36_x86.cab
[2010.06.02 06:22:48 | 000,864,600 | ---- | C] () -- C:\Users\Lea2\Nov2007_d3dx10_36_x64.cab
[2010.06.02 06:22:48 | 000,803,884 | ---- | C] () -- C:\Users\Lea2\Nov2007_d3dx10_36_x86.cab
[2010.06.02 06:22:48 | 000,273,018 | ---- | C] () -- C:\Users\Lea2\Mar2009_XAudio_x86.cab
[2010.06.02 06:22:46 | 000,275,044 | ---- | C] () -- C:\Users\Lea2\Mar2009_XAudio_x64.cab
[2010.06.02 06:22:46 | 000,121,506 | ---- | C] () -- C:\Users\Lea2\Mar2009_XACT_x64.cab
[2010.06.02 06:22:46 | 000,092,740 | ---- | C] () -- C:\Users\Lea2\Mar2009_XACT_x86.cab
[2010.06.02 06:22:38 | 000,054,600 | ---- | C] () -- C:\Users\Lea2\Mar2009_X3DAudio_x64.cab
[2010.06.02 06:22:38 | 000,021,298 | ---- | C] () -- C:\Users\Lea2\Mar2009_X3DAudio_x86.cab
[2010.06.02 06:22:36 | 001,973,702 | ---- | C] () -- C:\Users\Lea2\Mar2009_d3dx9_41_x64.cab
[2010.06.02 06:22:36 | 001,612,446 | ---- | C] () -- C:\Users\Lea2\Mar2009_d3dx9_41_x86.cab
[2010.06.02 06:22:36 | 001,067,160 | ---- | C] () -- C:\Users\Lea2\Mar2009_d3dx10_41_x64.cab
[2010.06.02 06:22:36 | 001,040,745 | ---- | C] () -- C:\Users\Lea2\Mar2009_d3dx10_41_x86.cab
[2010.06.02 06:22:36 | 000,251,194 | ---- | C] () -- C:\Users\Lea2\Mar2008_XAudio_x64.cab
[2010.06.02 06:22:36 | 000,226,250 | ---- | C] () -- C:\Users\Lea2\Mar2008_XAudio_x86.cab
[2010.06.02 06:22:36 | 000,122,336 | ---- | C] () -- C:\Users\Lea2\Mar2008_XACT_x64.cab
[2010.06.02 06:22:36 | 000,093,734 | ---- | C] () -- C:\Users\Lea2\Mar2008_XACT_x86.cab
[2010.06.02 06:22:34 | 001,769,862 | ---- | C] () -- C:\Users\Lea2\Mar2008_d3dx9_37_x64.cab
[2010.06.02 06:22:34 | 001,443,282 | ---- | C] () -- C:\Users\Lea2\Mar2008_d3dx9_37_x86.cab
[2010.06.02 06:22:34 | 000,818,260 | ---- | C] () -- C:\Users\Lea2\Mar2008_d3dx10_37_x86.cab
[2010.06.02 06:22:34 | 000,055,058 | ---- | C] () -- C:\Users\Lea2\Mar2008_X3DAudio_x64.cab
[2010.06.02 06:22:34 | 000,021,867 | ---- | C] () -- C:\Users\Lea2\Mar2008_X3DAudio_x86.cab
[2010.06.02 06:22:32 | 000,937,246 | ---- | C] () -- C:\Users\Lea2\Jun2010_d3dx9_43_x64.cab
[2010.06.02 06:22:32 | 000,844,884 | ---- | C] () -- C:\Users\Lea2\Mar2008_d3dx10_37_x64.cab
[2010.06.02 06:22:32 | 000,768,036 | ---- | C] () -- C:\Users\Lea2\Jun2010_d3dx9_43_x86.cab
[2010.06.02 06:22:32 | 000,278,060 | ---- | C] () -- C:\Users\Lea2\Jun2010_XAudio_x86.cab
[2010.06.02 06:22:32 | 000,277,338 | ---- | C] () -- C:\Users\Lea2\Jun2010_XAudio_x64.cab
[2010.06.02 06:22:32 | 000,124,596 | ---- | C] () -- C:\Users\Lea2\Jun2010_XACT_x64.cab
[2010.06.02 06:22:32 | 000,093,686 | ---- | C] () -- C:\Users\Lea2\Jun2010_XACT_x86.cab
[2010.06.02 06:22:30 | 000,762,188 | ---- | C] () -- C:\Users\Lea2\Jun2010_d3dcsx_43_x86.cab
[2010.06.02 06:22:30 | 000,235,955 | ---- | C] () -- C:\Users\Lea2\Jun2010_d3dx10_43_x64.cab
[2010.06.02 06:22:30 | 000,197,283 | ---- | C] () -- C:\Users\Lea2\Jun2010_d3dx10_43_x86.cab
[2010.06.02 06:22:30 | 000,138,205 | ---- | C] () -- C:\Users\Lea2\Jun2010_d3dx11_43_x64.cab
[2010.06.02 06:22:30 | 000,109,445 | ---- | C] () -- C:\Users\Lea2\Jun2010_d3dx11_43_x86.cab
[2010.06.02 06:22:28 | 000,944,460 | ---- | C] () -- C:\Users\Lea2\Jun2010_D3DCompiler_43_x64.cab
[2010.06.02 06:22:28 | 000,931,471 | ---- | C] () -- C:\Users\Lea2\Jun2010_D3DCompiler_43_x86.cab
[2010.06.02 06:22:28 | 000,752,783 | ---- | C] () -- C:\Users\Lea2\Jun2010_d3dcsx_43_x64.cab
[2010.06.02 06:22:20 | 000,269,024 | ---- | C] () -- C:\Users\Lea2\JUN2008_XAudio_x86.cab
[2010.06.02 06:22:18 | 001,792,608 | ---- | C] () -- C:\Users\Lea2\JUN2008_d3dx9_38_x64.cab
[2010.06.02 06:22:18 | 001,463,878 | ---- | C] () -- C:\Users\Lea2\JUN2008_d3dx9_38_x86.cab
[2010.06.02 06:22:18 | 000,867,828 | ---- | C] () -- C:\Users\Lea2\JUN2008_d3dx10_38_x64.cab
[2010.06.02 06:22:18 | 000,849,919 | ---- | C] () -- C:\Users\Lea2\JUN2008_d3dx10_38_x86.cab
[2010.06.02 06:22:18 | 000,269,628 | ---- | C] () -- C:\Users\Lea2\JUN2008_XAudio_x64.cab
[2010.06.02 06:22:18 | 000,152,909 | ---- | C] () -- C:\Users\Lea2\JUN2007_XACT_x86.cab
[2010.06.02 06:22:18 | 000,121,054 | ---- | C] () -- C:\Users\Lea2\JUN2008_XACT_x64.cab
[2010.06.02 06:22:18 | 000,093,128 | ---- | C] () -- C:\Users\Lea2\JUN2008_XACT_x86.cab
[2010.06.02 06:22:18 | 000,055,154 | ---- | C] () -- C:\Users\Lea2\JUN2008_X3DAudio_x64.cab
[2010.06.02 06:22:18 | 000,021,905 | ---- | C] () -- C:\Users\Lea2\JUN2008_X3DAudio_x86.cab
[2010.06.02 06:22:16 | 001,607,774 | ---- | C] () -- C:\Users\Lea2\JUN2007_d3dx9_34_x64.cab
[2010.06.02 06:22:16 | 001,607,286 | ---- | C] () -- C:\Users\Lea2\JUN2007_d3dx9_34_x86.cab
[2010.06.02 06:22:16 | 001,064,925 | ---- | C] () -- C:\Users\Lea2\Jun2005_d3dx9_26_x86.cab
[2010.06.02 06:22:16 | 000,699,044 | ---- | C] () -- C:\Users\Lea2\JUN2007_d3dx10_34_x64.cab
[2010.06.02 06:22:16 | 000,698,472 | ---- | C] () -- C:\Users\Lea2\JUN2007_d3dx10_34_x86.cab
[2010.06.02 06:22:16 | 000,197,122 | ---- | C] () -- C:\Users\Lea2\JUN2007_XACT_x64.cab
[2010.06.02 06:22:16 | 000,180,785 | ---- | C] () -- C:\Users\Lea2\JUN2006_XACT_x64.cab
[2010.06.02 06:22:16 | 000,133,671 | ---- | C] () -- C:\Users\Lea2\JUN2006_XACT_x86.cab
[2010.06.02 06:22:14 | 001,336,002 | ---- | C] () -- C:\Users\Lea2\Jun2005_d3dx9_26_x64.cab
[2010.06.02 06:22:14 | 000,277,191 | ---- | C] () -- C:\Users\Lea2\Feb2010_XAudio_x86.cab
[2010.06.02 06:22:14 | 000,276,960 | ---- | C] () -- C:\Users\Lea2\Feb2010_XAudio_x64.cab
[2010.06.02 06:22:14 | 000,122,446 | ---- | C] () -- C:\Users\Lea2\Feb2010_XACT_x64.cab
[2010.06.02 06:22:14 | 000,093,180 | ---- | C] () -- C:\Users\Lea2\Feb2010_XACT_x86.cab
[2010.06.02 06:22:12 | 000,194,675 | ---- | C] () -- C:\Users\Lea2\FEB2007_XACT_x64.cab
[2010.06.02 06:22:12 | 000,147,983 | ---- | C] () -- C:\Users\Lea2\FEB2007_XACT_x86.cab
[2010.06.02 06:22:12 | 000,054,678 | ---- | C] () -- C:\Users\Lea2\Feb2010_X3DAudio_x64.cab
[2010.06.02 06:22:12 | 000,020,713 | ---- | C] () -- C:\Users\Lea2\Feb2010_X3DAudio_x86.cab
[2010.06.02 06:22:10 | 000,178,359 | ---- | C] () -- C:\Users\Lea2\Feb2006_XACT_x64.cab
[2010.06.02 06:22:10 | 000,132,409 | ---- | C] () -- C:\Users\Lea2\Feb2006_XACT_x86.cab
[2010.06.02 06:22:04 | 001,084,720 | ---- | C] () -- C:\Users\Lea2\Feb2006_d3dx9_29_x86.cab
[2010.06.02 06:22:02 | 001,801,048 | ---- | C] () -- C:\Users\Lea2\dsetup32.dll
[2010.06.02 06:22:02 | 001,574,376 | ---- | C] () -- C:\Users\Lea2\DEC2006_d3dx9_32_x86.cab
[2010.06.02 06:22:02 | 001,362,796 | ---- | C] () -- C:\Users\Lea2\Feb2006_d3dx9_29_x64.cab
[2010.06.02 06:22:02 | 001,247,499 | ---- | C] () -- C:\Users\Lea2\Feb2005_d3dx9_24_x64.cab
[2010.06.02 06:22:02 | 001,013,225 | ---- | C] () -- C:\Users\Lea2\Feb2005_d3dx9_24_x86.cab
[2010.06.02 06:22:02 | 000,537,432 | ---- | C] () -- C:\Users\Lea2\DXSETUP.exe
[2010.06.02 06:22:02 | 000,192,475 | ---- | C] () -- C:\Users\Lea2\DEC2006_XACT_x64.cab
[2010.06.02 06:22:02 | 000,145,599 | ---- | C] () -- C:\Users\Lea2\DEC2006_XACT_x86.cab
[2010.06.02 06:22:02 | 000,094,011 | ---- | C] () -- C:\Users\Lea2\dxupdate.cab
[2010.06.02 06:22:02 | 000,042,410 | ---- | C] () -- C:\Users\Lea2\dxdllreg_x86.cab
[2010.06.02 06:22:00 | 001,571,154 | ---- | C] () -- C:\Users\Lea2\DEC2006_d3dx9_32_x64.cab
[2010.06.02 06:22:00 | 001,357,976 | ---- | C] () -- C:\Users\Lea2\Dec2005_d3dx9_28_x64.cab
[2010.06.02 06:22:00 | 001,079,456 | ---- | C] () -- C:\Users\Lea2\Dec2005_d3dx9_28_x86.cab
[2010.06.02 06:22:00 | 000,273,264 | ---- | C] () -- C:\Users\Lea2\Aug2009_XAudio_x64.cab
[2010.06.02 06:22:00 | 000,272,642 | ---- | C] () -- C:\Users\Lea2\Aug2009_XAudio_x86.cab
[2010.06.02 06:22:00 | 000,212,807 | ---- | C] () -- C:\Users\Lea2\DEC2006_d3dx10_00_x64.cab
[2010.06.02 06:22:00 | 000,191,720 | ---- | C] () -- C:\Users\Lea2\DEC2006_d3dx10_00_x86.cab
[2010.06.02 06:22:00 | 000,122,408 | ---- | C] () -- C:\Users\Lea2\Aug2009_XACT_x64.cab
[2010.06.02 06:22:00 | 000,093,106 | ---- | C] () -- C:\Users\Lea2\Aug2009_XACT_x86.cab
[2010.06.02 06:21:58 | 000,930,116 | ---- | C] () -- C:\Users\Lea2\Aug2009_d3dx9_42_x64.cab
[2010.06.02 06:21:58 | 000,728,456 | ---- | C] () -- C:\Users\Lea2\Aug2009_d3dx9_42_x86.cab
[2010.06.02 06:21:58 | 000,232,635 | ---- | C] () -- C:\Users\Lea2\Aug2009_d3dx10_42_x64.cab
[2010.06.02 06:21:58 | 000,192,131 | ---- | C] () -- C:\Users\Lea2\Aug2009_d3dx10_42_x86.cab
[2010.06.02 06:21:58 | 000,136,301 | ---- | C] () -- C:\Users\Lea2\Aug2009_d3dx11_42_x64.cab
[2010.06.02 06:21:58 | 000,105,044 | ---- | C] () -- C:\Users\Lea2\Aug2009_d3dx11_42_x86.cab
[2010.06.02 06:21:56 | 003,319,740 | ---- | C] () -- C:\Users\Lea2\Aug2009_d3dcsx_42_x86.cab
[2010.06.02 06:21:56 | 003,112,111 | ---- | C] () -- C:\Users\Lea2\Aug2009_d3dcsx_42_x64.cab
[2010.06.02 06:21:56 | 000,900,598 | ---- | C] () -- C:\Users\Lea2\Aug2009_D3DCompiler_42_x86.cab
[2010.06.02 06:21:46 | 000,919,044 | ---- | C] () -- C:\Users\Lea2\Aug2009_D3DCompiler_42_x64.cab
[2010.06.02 06:21:46 | 000,271,412 | ---- | C] () -- C:\Users\Lea2\Aug2008_XAudio_x64.cab
[2010.06.02 06:21:46 | 000,271,038 | ---- | C] () -- C:\Users\Lea2\Aug2008_XAudio_x86.cab
[2010.06.02 06:21:44 | 001,794,084 | ---- | C] () -- C:\Users\Lea2\Aug2008_d3dx9_39_x64.cab
[2010.06.02 06:21:44 | 001,464,672 | ---- | C] () -- C:\Users\Lea2\Aug2008_d3dx9_39_x86.cab
[2010.06.02 06:21:44 | 000,849,167 | ---- | C] () -- C:\Users\Lea2\Aug2008_d3dx10_39_x86.cab
[2010.06.02 06:21:44 | 000,198,096 | ---- | C] () -- C:\Users\Lea2\AUG2007_XACT_x64.cab
[2010.06.02 06:21:44 | 000,153,012 | ---- | C] () -- C:\Users\Lea2\AUG2007_XACT_x86.cab
[2010.06.02 06:21:44 | 000,121,772 | ---- | C] () -- C:\Users\Lea2\Aug2008_XACT_x64.cab
[2010.06.02 06:21:44 | 000,092,996 | ---- | C] () -- C:\Users\Lea2\Aug2008_XACT_x86.cab
[2010.06.02 06:21:42 | 001,800,160 | ---- | C] () -- C:\Users\Lea2\AUG2007_d3dx9_35_x64.cab
[2010.06.02 06:21:42 | 001,708,152 | ---- | C] () -- C:\Users\Lea2\AUG2007_d3dx9_35_x86.cab
[2010.06.02 06:21:42 | 000,867,612 | ---- | C] () -- C:\Users\Lea2\Aug2008_d3dx10_39_x64.cab
[2010.06.02 06:21:42 | 000,852,286 | ---- | C] () -- C:\Users\Lea2\AUG2007_d3dx10_35_x64.cab
[2010.06.02 06:21:42 | 000,796,867 | ---- | C] () -- C:\Users\Lea2\AUG2007_d3dx10_35_x86.cab
[2010.06.02 06:21:40 | 001,350,542 | ---- | C] () -- C:\Users\Lea2\Aug2005_d3dx9_27_x64.cab
[2010.06.02 06:21:40 | 001,077,644 | ---- | C] () -- C:\Users\Lea2\Aug2005_d3dx9_27_x86.cab
[2010.06.02 06:21:40 | 000,182,903 | ---- | C] () -- C:\Users\Lea2\AUG2006_XACT_x64.cab
[2010.06.02 06:21:40 | 000,137,235 | ---- | C] () -- C:\Users\Lea2\AUG2006_XACT_x86.cab
[2010.06.02 06:21:40 | 000,087,142 | ---- | C] () -- C:\Users\Lea2\AUG2006_xinput_x64.cab
[2010.06.02 06:21:40 | 000,053,302 | ---- | C] () -- C:\Users\Lea2\APR2007_xinput_x86.cab
[2010.06.02 06:21:40 | 000,046,058 | ---- | C] () -- C:\Users\Lea2\AUG2006_xinput_x86.cab
[2010.06.02 06:21:38 | 001,606,039 | ---- | C] () -- C:\Users\Lea2\APR2007_d3dx9_33_x86.cab
[2010.06.02 06:21:38 | 000,195,766 | ---- | C] () -- C:\Users\Lea2\APR2007_XACT_x64.cab
[2010.06.02 06:21:38 | 000,151,225 | ---- | C] () -- C:\Users\Lea2\APR2007_XACT_x86.cab
[2010.06.02 06:21:38 | 000,096,817 | ---- | C] () -- C:\Users\Lea2\APR2007_xinput_x64.cab
[2010.06.02 06:21:36 | 001,607,358 | ---- | C] () -- C:\Users\Lea2\APR2007_d3dx9_33_x64.cab
[2010.06.02 06:21:36 | 000,698,612 | ---- | C] () -- C:\Users\Lea2\APR2007_d3dx10_33_x64.cab
[2010.06.02 06:21:36 | 000,695,865 | ---- | C] () -- C:\Users\Lea2\APR2007_d3dx10_33_x86.cab
[2010.06.02 06:21:34 | 000,046,010 | ---- | C] () -- C:\Users\Lea2\Apr2006_xinput_x86.cab
[2010.06.02 06:21:20 | 000,087,101 | ---- | C] () -- C:\Users\Lea2\Apr2006_xinput_x64.cab
[2010.06.02 06:21:18 | 004,162,630 | ---- | C] () -- C:\Users\Lea2\Apr2006_MDX1_x86_Archive.cab
[2010.06.02 06:21:18 | 000,916,430 | ---- | C] () -- C:\Users\Lea2\Apr2006_MDX1_x86.cab
[2010.06.02 06:21:18 | 000,179,133 | ---- | C] () -- C:\Users\Lea2\Apr2006_XACT_x64.cab
[2010.06.02 06:21:18 | 000,133,103 | ---- | C] () -- C:\Users\Lea2\Apr2006_XACT_x86.cab
[2010.06.02 06:21:16 | 001,397,830 | ---- | C] () -- C:\Users\Lea2\Apr2006_d3dx9_30_x64.cab
[2010.06.02 06:21:16 | 001,347,354 | ---- | C] () -- C:\Users\Lea2\Apr2005_d3dx9_25_x64.cab
[2010.06.02 06:21:16 | 001,115,221 | ---- | C] () -- C:\Users\Lea2\Apr2006_d3dx9_30_x86.cab
[2010.06.02 06:21:16 | 001,078,962 | ---- | C] () -- C:\Users\Lea2\Apr2005_d3dx9_25_x86.cab
 
========== LOP Check ==========
 
[2010.06.27 15:02:40 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Ahnenblatt
[2011.01.08 14:55:56 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Anvil Studio
[2010.08.15 15:33:02 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Artweaver
[2012.01.01 16:30:25 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Canon
[2011.07.26 13:44:06 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\DVDVideoSoft
[2011.08.04 22:10:30 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.18 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\FreeAudioPack
[2011.12.29 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\gtk-2.0
[2011.01.14 11:08:05 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Juniper Networks
[2010.04.21 06:21:21 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\OpenOffice.org
[2011.06.08 19:54:45 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Openworld Learning
[2011.07.03 00:25:39 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Papyrus Autor
[2010.04.18 22:01:12 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\PlayFirst
[2011.10.04 21:33:19 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\RenPy
[2010.11.14 17:13:29 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Smith Micro
[2010.12.18 18:47:49 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Sony
[2010.08.29 16:24:42 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Synthesia
[2010.04.22 18:55:32 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\SYSTEMAX Software Development
[2011.07.03 18:31:13 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\TIPP10
[2011.06.20 12:02:34 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\uTorrent
[2012.02.04 20:08:59 | 000,000,000 | -HSD | M] -- C:\Users\Lea2\AppData\Roaming\.#
[2012.02.27 20:41:19 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\.minecraft
[2012.02.10 20:06:42 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\Canon
[2012.07.07 18:58:00 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\DVDVideoSoft
[2012.02.12 19:40:23 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.04 20:08:53 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\GameConsole
[2012.02.14 19:28:59 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\gtk-2.0
[2012.06.12 21:43:54 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\hdbADS
[2012.03.10 20:41:01 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\LolClient
[2012.06.12 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\MrJobs
[2012.02.12 23:39:43 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\OpenOffice.org
[2012.02.18 19:17:40 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\POV-Ray
[2012.02.13 23:59:30 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\RenPy
[2012.02.04 22:53:15 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\SYSTEMAX Software Development
[2012.03.13 11:12:19 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\Tific
[2012.05.09 17:50:03 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.04 20:08:59 | 000,000,000 | -HSD | M] -- C:\Users\Lea2\AppData\Roaming\.#
[2012.02.27 20:41:19 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\.minecraft
[2012.02.13 21:18:24 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\Adobe
[2012.07.04 10:59:08 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\Apple Computer
[2012.02.10 20:06:42 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\Canon
[2012.07.07 18:58:00 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\DVDVideoSoft
[2012.02.12 19:40:23 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.04 20:08:53 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\GameConsole
[2012.02.19 20:01:49 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\Google
[2012.02.14 19:28:59 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\gtk-2.0
[2012.06.12 21:43:54 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\hdbADS
[2012.02.04 20:11:08 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\Identities
[2012.03.10 20:41:01 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\LolClient
[2012.02.04 20:11:35 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\Macromedia
[2012.07.11 21:22:31 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\Media Center Programs
[2012.04.24 16:56:02 | 000,000,000 | --SD | M] -- C:\Users\Lea2\AppData\Roaming\Microsoft
[2012.02.04 20:17:44 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\Mozilla
[2012.06.12 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\MrJobs
[2012.02.12 23:39:43 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\OpenOffice.org
[2012.02.18 19:17:40 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\POV-Ray
[2012.02.13 23:59:30 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\RenPy
[2012.07.04 01:26:21 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\SUPERAntiSpyware.com
[2012.02.04 22:53:15 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\SYSTEMAX Software Development
[2012.03.13 11:12:19 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\Tific
[2012.02.04 22:54:32 | 000,000,000 | ---D | M] -- C:\Users\Lea2\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.06.12 21:49:09 | 000,010,134 | R--- | M] () -- C:\Users\Lea2\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2012.06.12 21:49:09 | 000,000,766 | R--- | M] () -- C:\Users\Lea2\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2012.02.18 19:17:57 | 000,121,334 | R--- | M] () -- C:\Users\Lea2\AppData\Roaming\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\ARPPRODUCTICON.exe
[2012.02.18 19:17:57 | 000,159,744 | R--- | M] (Macrovision Corporation) -- C:\Users\Lea2\AppData\Roaming\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\NewShortcut2_D0CE053E0E5E4C129BAED0F36021E911.exe
[2012.02.18 19:17:57 | 000,159,744 | R--- | M] (Macrovision Corporation) -- C:\Users\Lea2\AppData\Roaming\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\PVEngine.ProgramMe_D0CE053E0E5E4C129BAED0F36021E911.exe
[2009.05.29 01:11:40 | 003,196,744 | ---- | M] (Persistence of Vision Raytracer Pty. Ltd.) -- C:\Users\Lea2\AppData\Roaming\POV-Ray\v3.6\bin\pvengine-sse2.exe
[2009.05.29 01:11:16 | 003,061,576 | ---- | M] (Persistence of Vision Raytracer Pty. Ltd.) -- C:\Users\Lea2\AppData\Roaming\POV-Ray\v3.6\bin\pvengine.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:444C53BA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:4D066AD2

< End of report >

--- --- ---

[/code]

MfG Seelöwe

cosinus · 14.07.2012, 15:11

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\..\SearchScopes\{9EB4671A-E185-43AF-850B-0C72F1692F67}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=D2411C44-B165-4022-AF30-E76509E59D54&apn_sauid=7383A753-56A0-4B1F-AB9A-262D07F67092
FF - user.js - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\..\Toolbar\WebBrowser: (no name) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2364204294-1336410954-2551016912-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O32 - HKLM CDRom: AutoRun - 1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:444C53BA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:4D066AD
:Files
C:\ProgramData\FullRemove.exe
C:\Windows\SysNative\drivers\kgpcpy.cfg
C:\Users\Lea2\AppData\Local\c5c2f047
C:\Users\Lea2\AppData\Roaming\.#
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Windows\sys
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Seelöwe · 14.07.2012, 16:25

Hallo,

der Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2364204294-1336410954-2551016912-1005\Software\Microsoft\Internet Explorer\SearchScopes\{9EB4671A-E185-43AF-850B-0C72F1692F67}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EB4671A-E185-43AF-850B-0C72F1692F67}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2364204294-1336410954-2551016912-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2364204294-1336410954-2551016912-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-2364204294-1336410954-2551016912-1005\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2364204294-1336410954-2551016912-1005\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
ADS C:\ProgramData\TEMP:ABE89FFE deleted successfully.
ADS C:\ProgramData\TEMP:444C53BA deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:4D066AD .
========== FILES ==========
C:\ProgramData\FullRemove.exe moved successfully.
C:\Windows\SysNative\drivers\kgpcpy.cfg moved successfully.
C:\Users\Lea2\AppData\Local\c5c2f047\U folder moved successfully.
C:\Users\Lea2\AppData\Local\c5c2f047 folder moved successfully.
C:\Users\Lea2\AppData\Roaming\.# folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Lea2\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Windows\sys folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Lea
->Temp folder emptied: 5912492 bytes
->Temporary Internet Files folder emptied: 1827626 bytes
->Java cache emptied: 14052946 bytes
->FireFox cache emptied: 1147005104 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 36572 bytes
 
User: Lea2
->Temp folder emptied: 11076492 bytes
->Temporary Internet Files folder emptied: 821419 bytes
->FireFox cache emptied: 1043929485 bytes
->Flash cache emptied: 6291 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74768 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 413631 bytes
 
Total Files Cleaned = 2.123,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: Default
 
User: Default User
 
User: Lea
->Flash cache emptied: 0 bytes
 
User: Lea2
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07142012_170728

Files\Folders moved on Reboot...
C:\Users\Lea2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Lea2\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

MfG Seelöwe

12.07.2012, 15:09	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ad.adserverplus.com - Fenster erscheint auf diversen Seiten Log von Malwarebytes ist leider unvollständig __________________ Logfiles bitte immer in CODE-Tags posten

12.07.2012, 19:37	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ad.adserverplus.com - Fenster erscheint auf diversen Seiten Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ --> ad.adserverplus.com - Fenster erscheint auf diversen Seiten

ad.adserverplus.com - Fenster erscheint auf diversen Seiten

Log-Analyse und Auswertung: ad.adserverplus.com - Fenster erscheint auf diversen Seiten