| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: bProtector for Windows VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.07.2012, 11:11
| #1 |
 |  bProtector for Windows Virus Hallo bin neu hier und benötige unbedingt eure Hilfe. Mir ist ein Prozess aufgefallen "bProtect.exe" dessen Dateipfad (Computer/ TrippleCore (C: )/ ProgramData/ bProtector for Windows/ 2.2.463.83) Aber am meisten auffallend ist wenn ich in einen Ordner gehe wie zb. Fallout 3, Musik, .... dan kopiert es wenn ich rausgehe 2 Ordner rein bProtector for Windows und searchplugins. In TrippleCore (C: ) sind 4 Ordner 6ddfa3b7e2adde382cba1a225ec6 ad207b7c739861e177d4f76ee093 ccd60c17528cd5482bc01848b2 cdd992103b29a979016a056da058 dessen Inhalt auch bProtectors for Windows und searchplugins sind. Avira und MalewareBytes Anti Maleware erkennen es nicht als Virus!! Aber das beste kommt zum Schluss ich kann nichts Löschen oder Deinstallieren weil es den Zugriff verweigert Ps: Prozess beenden geht auch nicht. Bitte ganz dringend um Hilfe   |
|
28.07.2012, 14:39
| #2 |
| /// Helfer-Team  |  bProtector for Windows Virus 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
30.07.2012, 08:38
| #3 |
| | bProtector for Windows Virus Das hier ist die Log Datei von Malwarebytes
__________________Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.23.11 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Thomas :: TRIPLECORE [Administrator] 29.07.2012 22:37:59 mbam-log-2012-07-30 (09-35-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 614006 Laufzeit: 3 Stunde(n), 44 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> 2724 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 2 C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 21 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Daten: C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej -> Keine Aktion durchgeführt. HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\Thomas\LOCALS~1\Temp\mswsazk.com -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 17 C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Program Files\Uninstall Information\ib_uninst_515\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Users\Thomas\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Thomas\Downloads\SoftonicDownloader_fuer_free-screen-to-video.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\Thomas\Downloads\SoftonicDownloader_fuer_nasa-world-wind.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. Soll ich alles Löschen? Ich werde jetzt noch OTL installieren und damit auch noch mal n scan machen das sind jetzt die 2 Logs von OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 30.07.2012 09:46:33 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Thomas\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 50,23% Memory free 6,21 Gb Paging File | 4,17 Gb Available in Paging File | 67,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 583,67 Gb Total Space | 120,54 Gb Free Space | 20,65% Space Free | Partition Type: NTFS Drive D: | 12,50 Gb Total Space | 1,82 Gb Free Space | 14,55% Space Free | Partition Type: NTFS Drive F: | 9,52 Gb Total Space | 9,52 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: TRIPLECORE | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe (bProtector) PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc) PRC - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\Steam\Steam.exe (Valve Corporation) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\WINDOWS\System32\atieclxx.exe (AMD) PRC - C:\WINDOWS\System32\atiesrxx.exe (AMD) PRC - C:\WINDOWS\System32\FsUsbExService.Exe (Teruten) PRC - C:\WINDOWS\System32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) PRC - C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe () PRC - C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe () PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll () MOD - C:\Programme\Steam\bin\libcef.dll () MOD - C:\Programme\Steam\bin\avcodec-53.dll () MOD - C:\Programme\Steam\bin\chromehtml.dll () MOD - C:\Programme\Steam\bin\avformat-53.dll () MOD - C:\Programme\Steam\bin\avutil-51.dll () MOD - C:\Programme\BrowserCompanion\sqlite3.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - C:\WINDOWS\System32\atitmpxx.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe () MOD - C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe (bProtector) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SearchAnonymizer) -- C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (AMD External Events Utility) -- C:\WINDOWS\System32\atiesrxx.exe (AMD) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (FsUsbExService) -- C:\WINDOWS\System32\FsUsbExService.Exe (Teruten) SRV - (dgdersvc) -- C:\WINDOWS\System32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (LVPrcSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (ezSharedSvc) -- C:\WINDOWS\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (ssadmdm) -- C:\WINDOWS\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\WINDOWS\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadserd) -- C:\WINDOWS\System32\drivers\ssadserd.sys (MCCI Corporation) DRV - (ssadmdfl) -- C:\WINDOWS\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (androidusb) -- C:\WINDOWS\System32\drivers\ssadadb.sys (Google Inc) DRV - (FlashUSB) -- C:\WINDOWS\System32\drivers\FlashUSB.sys (Danish Wireless Design A/S) DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\WINDOWS\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athur) -- C:\WINDOWS\System32\drivers\athur.sys (Atheros Communications, Inc.) DRV - (FsUsbExDisk) -- C:\WINDOWS\System32\FsUsbExDisk.Sys () DRV - (dgderdrv) -- C:\WINDOWS\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (ss_bmdm) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bserd) -- C:\WINDOWS\System32\drivers\ss_bserd.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\WINDOWS\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (LVUVC) -- C:\WINDOWS\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\WINDOWS\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys () DRV - (hamachi) -- C:\WINDOWS\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sfdrv01) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nvstor32) -- C:\WINDOWS\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (nvrd32) -- C:\WINDOWS\System32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (NPF) -- C:\WINDOWS\System32\drivers\npf.sys (CACE Technologies) DRV - (sfsync02) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=84&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&barid={FE85AB08-8ECE-11E1-B160-002354600696} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{1F236687-06CF-46A3-881B-279C43777065}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1175&systemid=1&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={FE85AB08-8ECE-11E1-B160-002354600696} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=84&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975 IE - HKCU\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D6464726E7726733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F7765622F7B7365617263685465726D737D3F6261627372633D53505F73732661666649443D313031323431266D6E747249643D3930356330366431303030303030303030303030303032373139626231343364&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F637573746F6D2F6A6176612F72656469726563743F636C69656E743D69652674623D4F524A266F3D313030303030303236267372633D63726D26713D7B7365617263685465726D737D266C6F63616C653D2661706E5F70746E72733D55332661706E5F647469643D4F534A303030&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0 IE - HKCU\..\SearchScopes\{1F236687-06CF-46A3-881B-279C43777065}: "URL" = hxxp://slirsredirect.search.aol.com.anonymize-me.de/?anonymto=687474703A2F2F736C69727372656469726563742E7365617263682E616F6C2E636F6D2F736C6972735F687474702F7372656469723F7372656469723D313133342671756572793D7B7365617263685465726D737D26696E766F636174696F6E547970653D746235306870636E64746965372D64652D6174&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0 IE - HKCU\..\SearchScopes\{6C31A4D3-AC62-41BA-AFA4-5D8A1B0911EE}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = hxxp://search.speedbit.com/search.aspx?aff=svd_0&q={searchTerms} IE - HKCU\..\SearchScopes\{8740438D-339F-4A0B-8A34-7F3D76FF566F}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1175&systemid=1&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}: "URL" = hxxp://de.kelkoopartners.net.anonymize-me.de/?anonymto=687474703A2F2F64652E6B656C6B6F6F706172746E6572732E6E65742F63746C2F646F2F7365617263683F7369746553656172636851756572793D7B7365617263685465726D737D2666726F6D666F726D3D7472756526783D7472756526793D7472756526706172746E65723D687026706172746E657249643D3936393133393333&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975 IE - HKCU\..\SearchScopes\{BEB9F905-3B7C-4970-8259-FE12D987E3B0}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{C4EC27A4-1138-4D3F-8A55-63010655BC79}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{CB9448A5-7300-43B2-9BEE-4E772157F03E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{DF349B01-6A03-4545-B880-C7EDE8C42DFF}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D36266372673D332E3130313030303026713D7B7365617263685465726D737D2662617269643D7B46453835414230382D384543452D313145312D423136302D3030323335343630303639367D&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "appbario2 Customized Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "appbario2 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "appbario2 Customized Web Search" FF - prefs.js..browser.search.selectedEngine: "appbario2 Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=2&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Speedbit Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.speedbit.com/search.aspx?aff=svd_0&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Speedbit Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.speedbit.com/?aff=svd_0" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Thomas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SPEEDbit Video Downloader\SPFireFox [2011.12.04 22:02:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox [2011.12.04 22:02:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.05 19:48:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:37:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.03 20:05:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de [2012.04.25 17:56:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net [2012.04.25 18:27:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension [2012.07.13 22:31:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:37:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.03 20:05:58 | 000,000,000 | ---D | M] [2012.05.17 17:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2012.07.17 10:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions [2012.07.17 10:59:09 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} [2012.07.07 10:24:14 | 000,000,000 | ---D | M] (www.Freeware-download.com Community Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40) [2012.05.17 17:09:26 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} [2012.06.26 13:51:55 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.11.03 21:16:21 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.31 20:45:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.13 22:32:18 | 000,000,000 | ---D | M] (appbario2 Community Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5} [2012.06.15 16:21:22 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldheroespatcher@ea.com [2012.07.02 14:47:30 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldplay4free@ea.com [2012.01.23 19:21:35 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com [2012.01.23 21:42:27 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com [2011.11.06 21:33:38 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@Facemoods.com [2012.04.25 18:27:26 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net [2012.04.25 17:56:21 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de [2012.04.25 17:56:17 | 000,002,618 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\askcomsearch.xml [2012.04.25 17:56:17 | 000,001,163 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\bProtect.xml [2012.07.08 13:55:38 | 000,000,921 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\conduit.xml [2012.06.26 13:51:39 | 000,002,520 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\SearchResults.xml [2012.05.17 17:09:03 | 000,002,517 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\Search_Results.xml [2012.04.25 20:18:50 | 000,002,538 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\speedbit.xml [2012.04.25 17:56:18 | 000,004,356 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\sweetim.xml [2012.04.25 17:56:18 | 000,002,069 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{0414432B-22A6-4EC0-8398-2ACA5886E763}.xml [2012.04.25 17:56:18 | 000,002,180 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{41480EEB-54A9-42F1-BC08-E17B83926824}.xml [2012.04.25 17:57:16 | 000,001,086 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{D4B855DD-57D6-4559-919E-69017E7B0909}.xml [2012.04.25 17:56:18 | 000,001,862 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{F74C3F82-3EC4-4400-98B3-19E7459655C5}.xml [2012.05.17 17:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.22 19:28:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.18 21:37:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.15 13:07:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.17 17:04:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.25 17:56:17 | 000,002,395 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.06.17 17:04:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.17 17:04:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.25 17:56:17 | 000,001,617 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2012.06.17 17:04:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.26 13:51:39 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2012.05.17 17:09:03 | 000,002,517 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.06.17 17:04:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 17:04:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48 CHR - homepage: hxxp://www.searchqu.com/417 CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg\2.3.15.10_0\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_1\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg\2.3.15.10_0\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_1\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012.02.29 15:22:15 | 000,000,794 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.) O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll () O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Programme\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Programme\SearchPredict\SearchPredict.dll (Speedbit Ltd.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Programme\SpeedBit Video Downloader\TBU19\tbcore3.dll () O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll (iMesh, Inc) O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Programme\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.) O2 - BHO: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programme\SpeedBit Video Downloader\Toolbar\Grabber.dll (SpeedBit) O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Programme\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll () O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Programme\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll File not found O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I File not found O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Ocs_SM] C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TrayServer] C:\Windows\explorer.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe () O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll () O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll () O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll () O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll () F3 - HKCU WinNT: Load - (C:\Users\Thomas\LOCALS~1\Temp\mswsazk.com) - File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AE252D6-B3E1-4BBA-939F-8F8625AD5C2B}: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AAAC633-BE3B-4E62-960D-48DB50F79B28}: DhcpNameServer = 10.0.0.138 10.0.0.138 O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\bprote~1\22463~1.83\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.09.05 17:49:56 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{84627128-ffb8-11e0-a101-002354600696}\Shell - "" = AutoRun O33 - MountPoints2\{84627128-ffb8-11e0-a101-002354600696}\Shell\AutoRun\command - "" = G:\FalloutLauncher.exe O33 - MountPoints2\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\Shell - "" = AutoRun O33 - MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\Shell\AutoRun\command - "" = L:\SETUP.EXE O33 - MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\Shell\dinstall\command - "" = L:\DirectX\dxsetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.30 09:44:47 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.07.29 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\DirectDownloader [2012.07.27 10:03:43 | 000,000,000 | ---D | C] -- C:\6ddfa3b7e2adde382cba1a225ec6 [2012.07.24 18:15:15 | 000,000,000 | ---D | C] -- C:\ad207b7c739861e177d4f76ee093 [2012.07.23 23:46:17 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Avira [2012.07.23 23:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.23 23:40:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.07.23 23:40:28 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.07.23 23:40:28 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.07.23 23:40:28 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.07.23 23:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.07.23 22:27:36 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes [2012.07.23 22:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.23 22:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.23 22:27:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.23 22:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.21 08:07:36 | 000,000,000 | ---D | C] -- C:\ccd60c17528cd5482bc01848b2 [2012.07.20 21:05:45 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Fallout3 [2012.07.19 11:31:41 | 000,000,000 | -HSD | C] -- C:\found.003 [2012.07.17 10:33:08 | 000,000,000 | ---D | C] -- C:\cdd992103b29a979016a056da058 [2012.07.17 10:15:56 | 000,000,000 | -HSD | C] -- C:\found.002 [2012.07.13 22:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2012.07.13 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\PerformerSoft [2012.07.13 22:32:02 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe [2012.07.13 22:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\PC Performer [2012.07.13 22:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\appbario2 [2012.07.13 22:31:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2012.07.13 22:31:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\bProtectorForWindows [2012.07.13 22:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows [2012.07.13 22:31:29 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\NASA [2012.07.13 22:31:07 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA [2012.07.13 22:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NASA [2012.07.13 22:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\NASA [2012.07.05 23:18:13 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Samsung [2012.07.05 23:18:11 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\PC Suite [2012.07.05 23:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2012.07.05 23:13:17 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Samsung [2012.07.05 21:48:46 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll [2012.07.02 00:01:11 | 004,773,478 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\DragonsDogma screensaver.scr [2012.07.02 00:01:11 | 000,000,000 | ---D | C] -- C:\Windows\DragonsDogma screensaver Uninstaller [2012.07.01 15:28:37 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.30 09:59:11 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.30 09:47:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1001UA.job [2012.07.30 09:47:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1001Core.job [2012.07.30 09:44:53 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.07.30 09:33:43 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Thomas.job [2012.07.30 09:30:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 09:30:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 09:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.30 08:26:01 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1004UA.job [2012.07.29 23:26:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1004Core.job [2012.07.29 19:59:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.29 11:30:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.29 11:30:27 | 3219,611,648 | -HS- | M] () -- C:\hiberfil.sys [2012.07.28 17:00:39 | 005,581,377 | ---- | M] () -- C:\Users\Thomas\Desktop\Dragonskin_Tactical_Vest-15408-Final.7z [2012.07.28 14:06:32 | 000,282,239 | ---- | M] () -- C:\Users\Thomas\Desktop\Solid_Snake_Box_03-4967.rar [2012.07.28 13:50:21 | 017,797,303 | ---- | M] () -- C:\Users\Thomas\Desktop\Military_Equipment-10453.rar [2012.07.28 12:34:10 | 000,933,361 | R--- | M] () -- C:\Users\Thomas\Desktop\WReality_Haven_095b-2687.rar [2012.07.28 00:53:58 | 000,052,736 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.27 19:03:08 | 068,119,300 | ---- | M] () -- C:\Users\Thomas\Desktop\F3ProjectRealityMkI-17418-v1-0beta.rar [2012.07.27 18:38:19 | 006,474,183 | ---- | M] () -- C:\Users\Thomas\Desktop\Glock19V10-8292.zip [2012.07.27 18:37:23 | 000,302,738 | ---- | M] () -- C:\Users\Thomas\Desktop\Northwest_Forest_Redone-_No_DLCs-17758-1-3.rar [2012.07.27 11:15:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.27 11:15:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.26 22:06:35 | 000,252,100 | ---- | M] () -- C:\Users\Thomas\Desktop\Program_Version_-_Recommended-944.zip [2012.07.26 20:56:11 | 019,147,558 | ---- | M] () -- C:\Users\Thomas\Desktop\Fixed_File-11273.rar [2012.07.26 20:46:06 | 051,761,830 | ---- | M] () -- C:\Users\Thomas\Desktop\Dragonskin_Tactical_Outfit_v1_1-10183-1-1.7z [2012.07.26 15:52:10 | 000,001,028 | ---- | M] () -- C:\Users\Thomas\Desktop\Fallout3.lnk [2012.07.26 13:20:15 | 005,481,921 | ---- | M] () -- C:\Users\Thomas\Desktop\m1911_1-1-785.zip [2012.07.26 13:16:25 | 039,314,191 | ---- | M] () -- C:\Users\Thomas\Desktop\USMC_Weapons_Reduced_Damage2-17581-1.zip [2012.07.26 13:14:33 | 014,440,707 | ---- | M] () -- C:\Users\Thomas\Desktop\Mancers_Talon_Armor-16980-v1-0.7z [2012.07.26 12:33:58 | 013,451,895 | ---- | M] () -- C:\Users\Thomas\Desktop\Steyr_AUG_A1-16252-1-1.rar [2012.07.26 12:32:31 | 002,337,765 | ---- | M] () -- C:\Users\Thomas\Desktop\American_AR_to_M4A1_Carbine-5141.zip [2012.07.26 12:27:02 | 025,216,866 | ---- | M] () -- C:\Users\Thomas\Desktop\Slam_M16_Pack_v1_1-12173.rar [2012.07.24 11:22:35 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\Documents\NEWSOFT [2012.07.23 23:40:36 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.23 22:27:22 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.22 21:06:03 | 000,000,051 | ---- | M] () -- C:\ProgramData\jeycukwaohhrwlf [2012.07.21 13:26:58 | 000,139,424 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.07.21 13:26:50 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.07.21 13:26:01 | 000,234,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.07.20 19:46:20 | 000,670,708 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.20 19:46:20 | 000,631,438 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.20 19:46:20 | 000,143,876 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.20 19:46:20 | 000,118,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.13 22:32:21 | 000,000,009 | ---- | M] () -- C:\END [2012.07.13 22:31:08 | 000,001,878 | ---- | M] () -- C:\Users\Thomas\Desktop\World Wind 1.4.lnk [2012.07.05 14:44:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf [2012.07.04 09:37:29 | 000,002,609 | ---- | M] () -- C:\Users\Thomas\Desktop\Microsoft Office Word 2003.lnk [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.28 17:00:15 | 005,581,377 | ---- | C] () -- C:\Users\Thomas\Desktop\Dragonskin_Tactical_Vest-15408-Final.7z [2012.07.28 14:06:30 | 000,282,239 | ---- | C] () -- C:\Users\Thomas\Desktop\Solid_Snake_Box_03-4967.rar [2012.07.28 13:49:08 | 017,797,303 | ---- | C] () -- C:\Users\Thomas\Desktop\Military_Equipment-10453.rar [2012.07.28 12:34:12 | 000,933,361 | R--- | C] () -- C:\Users\Thomas\Desktop\WReality_Haven_095b-2687.rar [2012.07.27 18:58:57 | 068,119,300 | ---- | C] () -- C:\Users\Thomas\Desktop\F3ProjectRealityMkI-17418-v1-0beta.rar [2012.07.27 18:37:56 | 006,474,183 | ---- | C] () -- C:\Users\Thomas\Desktop\Glock19V10-8292.zip [2012.07.27 18:37:21 | 000,302,738 | ---- | C] () -- C:\Users\Thomas\Desktop\Northwest_Forest_Redone-_No_DLCs-17758-1-3.rar [2012.07.26 22:06:32 | 000,252,100 | ---- | C] () -- C:\Users\Thomas\Desktop\Program_Version_-_Recommended-944.zip [2012.07.26 20:54:08 | 019,147,558 | ---- | C] () -- C:\Users\Thomas\Desktop\Fixed_File-11273.rar [2012.07.26 20:43:01 | 051,761,830 | ---- | C] () -- C:\Users\Thomas\Desktop\Dragonskin_Tactical_Outfit_v1_1-10183-1-1.7z [2012.07.26 15:52:10 | 000,001,028 | ---- | C] () -- C:\Users\Thomas\Desktop\Fallout3.lnk [2012.07.26 13:19:45 | 005,481,921 | ---- | C] () -- C:\Users\Thomas\Desktop\m1911_1-1-785.zip [2012.07.26 13:13:06 | 014,440,707 | ---- | C] () -- C:\Users\Thomas\Desktop\Mancers_Talon_Armor-16980-v1-0.7z [2012.07.26 13:12:50 | 039,314,191 | ---- | C] () -- C:\Users\Thomas\Desktop\USMC_Weapons_Reduced_Damage2-17581-1.zip [2012.07.26 12:32:59 | 013,451,895 | ---- | C] () -- C:\Users\Thomas\Desktop\Steyr_AUG_A1-16252-1-1.rar [2012.07.26 12:32:23 | 002,337,765 | ---- | C] () -- C:\Users\Thomas\Desktop\American_AR_to_M4A1_Carbine-5141.zip [2012.07.26 12:25:28 | 025,216,866 | ---- | C] () -- C:\Users\Thomas\Desktop\Slam_M16_Pack_v1_1-12173.rar [2012.07.23 23:40:36 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.23 22:27:22 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.22 21:05:49 | 000,000,051 | ---- | C] () -- C:\ProgramData\jeycukwaohhrwlf [2012.07.13 22:32:21 | 000,000,009 | ---- | C] () -- C:\END [2012.07.13 22:31:08 | 000,001,878 | ---- | C] () -- C:\Users\Thomas\Desktop\World Wind 1.4.lnk [2012.07.05 14:44:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf [2012.06.29 09:13:46 | 000,000,096 | ---- | C] () -- C:\Windows\winlemm.ini [2012.05.09 19:36:13 | 000,147,456 | ---- | C] () -- C:\Windows\Sonnensystem3DUninstaller.exe [2012.04.25 17:56:19 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.01.28 20:37:20 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011.12.04 22:02:39 | 000,102,912 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll [2011.12.04 22:02:39 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll [2011.11.12 16:32:56 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.11.12 16:32:55 | 000,138,056 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\PnkBstrK.sys [2011.11.12 16:32:41 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.10.24 19:49:16 | 000,052,736 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.30 20:29:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.09.30 20:29:31 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.05 11:54:06 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.03.22 14:49:18 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.03.03 20:35:41 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.12.19 19:12:13 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.12.19 19:12:12 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2010.12.16 18:37:39 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010.12.16 18:37:39 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010.11.24 19:10:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010.11.22 19:11:34 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.11.22 18:03:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.11.13 23:45:55 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2010.11.13 23:45:55 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2010.11.12 14:44:34 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.11.10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010.11.10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.11.10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.11.08 18:17:05 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll [2010.11.08 18:10:16 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI [2010.11.05 16:26:00 | 000,001,423 | ---- | C] () -- C:\Windows\System32\avscheck.exe.stackdump [2010.11.05 15:52:39 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.11.05 15:52:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.08.26 03:19:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD36345D @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6152D44C @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:862BDB1A @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66B13F37 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.07.2012 09:46:33 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Thomas\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 50,23% Memory free
6,21 Gb Paging File | 4,17 Gb Available in Paging File | 67,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 583,67 Gb Total Space | 120,54 Gb Free Space | 20,65% Space Free | Partition Type: NTFS
Drive D: | 12,50 Gb Total Space | 1,82 Gb Free Space | 14,55% Space Free | Partition Type: NTFS
Drive F: | 9,52 Gb Total Space | 9,52 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: TRIPLECORE | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SPEEDbitVideoConverter] -- "C:\Program Files\SPEEDbit Video Downloader\Converter.exe" -convert=%1 (SPEEDbit Ltd.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0517CB8C-0357-4334-BD10-C0879A44CC68}" = rport=137 | protocol=17 | dir=out | app=system |
"{0854EE40-77A6-4C74-A6B8-E56E6490EC41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{105BA90B-2242-4E55-B269-DDF1C0893C92}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{20A6BB1D-C4D4-413E-BC7B-4EE2A0D8FB91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{228CA233-1DCF-4FCF-9768-65CF3A208717}" = lport=445 | protocol=6 | dir=in | app=system |
"{3807E7B9-CDEA-4317-B785-37057A0D0046}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{434BE5B6-7A05-4E91-8562-6EF369FCB054}" = rport=138 | protocol=17 | dir=out | app=system |
"{7E991907-ACAF-4689-B0F5-89E37C67CBB2}" = rport=445 | protocol=6 | dir=out | app=system |
"{985DF907-8EC2-457B-A5BC-74421117FA64}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9A8D0AC8-A68B-4376-B879-47D89F29944C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9B07B608-8E1A-40DD-8087-3D4DB4002822}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A40C6F58-1CEE-461C-85C7-0FD61AE73B6D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0280930-244A-4E9A-A3A9-2A401F2F2FA4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B41B1E97-9152-45A3-92E7-B44CB58E2844}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC488A26-0628-4594-BDF1-BF42931F7168}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6281EB1-9069-4019-8695-6C344A2A2A70}" = lport=139 | protocol=6 | dir=in | app=system |
"{E72B47FF-9BB5-464B-8F6B-E3B0FCB64937}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EC75888B-E53C-47B0-A9CE-EC74753DF361}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{FEC5A2C0-2517-4BCB-B3E9-A18E8FB9AEA6}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A3F598-4105-4E1F-99EC-D6F6975E73B4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{045BC31E-5F1C-4AE7-9A57-7A795D31FC52}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{0728BA71-E809-4C93-8718-63AF79A1FAD9}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{09481960-AB14-41E0-833C-BBB28F3646DE}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{0CCFB8E6-E90C-4A1B-9FAE-9A34C8B24A8A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{0DE838BB-27AB-4C09-8777-E941C1351BD9}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 free\arma2free.exe |
"{0F16F81A-F788-45DE-BDE7-E954E6F2BCE8}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{144CDA72-39C6-4AA2-BD64-433FA68287B6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1525D701-684E-40EB-9795-24D510147D41}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{15FA2C69-F223-48DB-986A-C02B4A955ED2}" = protocol=6 | dir=in | app=c:\program files\ubisoft\prince of persia\prince of persia.exe |
"{162A138E-09AC-4BE5-A285-D38BDFCAD671}" = protocol=6 | dir=in | app=c:\program files\cyanide\game of thrones\binaries\win32\shippingpc-agotgame.exe |
"{17806423-72B5-44F4-A29B-DC2F9A992EB9}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{178A5ABB-A3CE-40DA-B18F-B7DDA82183E5}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{17DE0BC2-62D0-49C8-98B6-99ACDA7C165D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{18AC57E8-93E1-467F-BE67-F86044938702}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 free\arma2free.exe |
"{1A5D48C9-19ED-4A9C-BB8A-816BE455D10E}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{1D3927BA-A571-4102-8DFE-5D71A91AC97A}" = protocol=6 | dir=in | app=c:\program files\gaijin\wings of prey\launcher.exe |
"{2127C39B-F0BB-45C8-9F84-30FB1F56D62B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{2528EB59-D2E5-4D99-8F1A-4F5CE409C9FB}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{2537AEBF-E687-48D8-A543-92CD94FE731A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2639B247-B2BC-49D3-88D6-3F84B94BE973}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\akamai\netsession_win.exe |
"{29563E98-6656-4C40-9D15-C465922D42A8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\prince of persia\prince of persia.exe |
"{2AF66E9A-3B68-4F58-9091-F74F4243F72B}" = protocol=17 | dir=in | app=c:\program files\gaijin\wings of prey\launcher.exe |
"{2B9F0F86-E64E-42C9-B7DC-60DFCFFE0D51}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{2D3FB702-E01A-4FC2-90A4-F6D592EEFF46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D968C7A-8976-44D8-8AB0-1A09FFCC2F4A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\section 8 prejudice\s9.exe |
"{2EC9BF47-7E56-44B9-929A-B7CFF7B74C4F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\nation red\nationred.exe |
"{31C39ABB-D8A6-4DB7-A346-ADF9F89E80EC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\section 8 prejudice\s9.exe |
"{34258629-F074-41B2-9FAC-51A263169FC7}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{35939746-0435-4812-B103-A133841097B1}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{378DC7B2-2A21-40EC-B653-9B420C508FEA}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{395C8760-3B6E-405F-8C43-4E8B311C92DA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\prince of persia\princeofpersia_launcher.exe |
"{3ABFA257-FD95-4944-9121-B245068396BB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3E8244DD-7800-47E4-8328-00A6606D4133}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{42237D9F-F32D-4ACC-9821-C4E914DC0892}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{4441A680-6E82-4359-BCFE-D9064A6596BB}" = protocol=17 | dir=in | app=c:\program files\gaijin\wings of prey\yuplay\yuplay.exe |
"{47F79056-6787-45FD-B581-3ECA3C94694F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{49D4875B-9206-4DA7-A263-507E544D2260}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4DFF1A4D-D6AF-4816-8B5E-39B025091773}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe |
"{4E203449-1CEA-42DB-80C1-C72D55277EAD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{56C603E6-0CCC-452D-9A24-5E146B7A5D04}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{57B0C8C4-49B7-4F09-B2F6-854E88E9FE5D}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\directdownloader\directdownloader.exe |
"{596404BD-997B-46B6-ADA1-241658FFC0C3}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{59CD245E-3D61-40E1-8018-8EEB6C4E28B7}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{5AD5A3FE-1DCB-4CC9-B79C-7A93618B5D34}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"{5E06B8FC-EC3C-4322-AEAE-78E85EBAA295}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{5EB8980A-5DE2-4C5A-BBF5-1D359E549B5C}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{61B76272-158E-4BE0-A554-EB27A373E67C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3loader.exe |
"{684CE7AA-DC62-4B6A-8ACC-5545990DAC80}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\directdownloader\directdownloader.exe |
"{69C24112-F235-4120-A1D4-CF0E23E22E19}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{6DA0FCA9-7207-4465-AA19-B812E64D2B39}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{723398D5-9161-48C3-99DE-76E0109A9896}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{738EBC01-9E68-4D10-89E9-E538336DC3E5}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe |
"{73E49447-DE8C-4D68-BFE7-77CFF174DB01}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{75887CFF-56C8-408B-A75A-9BB2CBD6A6B9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\nation red\nationred.exe |
"{7749957A-D4D7-4668-B0DF-153CA14317A4}" = protocol=17 | dir=in | app=c:\program files\atari\aitd\alone.exe |
"{780C7F3B-17A1-4021-B31F-35EF86729FC9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{79CA0D9F-F5EF-47FC-AC7F-2F1B9A5B7746}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{7A1F5256-9E39-4892-B42D-8A1F83D398E0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{7AC55E1F-0AC5-45BB-B8D7-35B8EBB6D6AF}" = protocol=17 | dir=in | app=c:\program files\gaijin\wings of prey\aces.exe |
"{7EA484EA-72E3-4D64-AEFC-33971A45CC79}" = protocol=6 | dir=in | app=c:\program files\gaijin\wings of prey\aces.exe |
"{8295C063-35E9-4756-8235-EE6A9DAE338C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{8376609C-AC1C-45D4-BD42-A4085245BB24}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{83E6BFE9-109F-4D32-852A-E2745A70999B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8743E951-9334-4431-BE87-015124FEB4EA}" = protocol=6 | dir=in | app=c:\program files\battlefield 3™\bf3.exe |
"{886835F5-772B-4F25-86DB-9480A23B50BD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3loader.exe |
"{8B3FE604-C4B4-46FD-A8CD-4D25A1A1F945}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{8E7E944F-1D4E-465D-BCC1-485D63FDB696}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{91BE7450-90F3-4048-937F-8C3CFEB54CF6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\prince of persia\princeofpersia_launcher.exe |
"{92A7521C-BE9B-4BD7-BBBE-8D88B94E4A11}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{95E83FF9-16EA-402C-A82E-5AA02A3B3F52}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{96CA96F9-346C-4101-85CB-7D428D99673B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{96F36F17-E3B3-46CE-AEB1-03E9856D8257}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{9D3B9FB9-5CBC-4A89-AAB6-2985EA92B662}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{9EA4CC61-20D2-4057-9A66-1C33D1487555}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{9FAFE4BA-9EA6-42FE-B115-57D94EAA3279}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{A69E1CCF-3324-4FF1-B89D-D6281A29AA7A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{A773A1F1-576B-4DD9-884E-56B5054CAC9C}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{A8D145B2-3F20-4BFC-A63A-E50708FC1027}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\akamai\netsession_win.exe |
"{ADA0F44A-3C0D-4998-83A3-658857FCD256}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{ADEBE86B-4A83-4A06-8B1F-B0B9A74C3C73}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{AFEAA39C-3530-46E6-A978-C078E52BD231}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{B042C774-942C-413D-BBEF-3691D32F16BB}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B46B6114-99BC-40BE-BF7B-E15FD912A143}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BA2F9C6F-BB72-468B-BDED-7DDE0FBA2689}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{BAE24641-DB1F-42E8-8B30-B9E92FAA72A9}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{BEE0C2B1-444C-4AC7-94E7-70ACF63EA771}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{BF828083-523F-4A66-8FCC-5608852A58B6}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{C0CBAB9B-6372-4E50-A4E6-77C7582888BA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{C1F4FB61-A642-4D0C-832C-90A3C1AC8B50}" = protocol=17 | dir=in | app=c:\program files\battlefield 3™\bf3.exe |
"{C574DFFE-E307-44DD-9D0C-25C6E216B2B9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C76D166D-E330-413F-9B22-FB1EFB8D9119}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C9F301C3-7FC7-4C15-83BE-DBA36EDF5D27}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{CCE63A33-5A9B-43A2-846E-7B34A380DC9B}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"{CE76BBCA-1EBD-4F63-84AD-957CE19CD039}" = protocol=17 | dir=in | app=c:\program files\cyanide\game of thrones\binaries\win32\shippingpc-agotgame.exe |
"{CEEE6507-8047-4B05-8754-D0FB8C5CF419}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D38B7714-C5DC-45D2-9CA0-F180E1A7F607}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D5625998-5D00-4C06-A0F0-92E0695F0975}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{D92D2E76-B981-4E3C-B64D-DB57387F8E48}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{DCEA0037-0095-4D36-A722-FC1DD4ECC4FF}" = protocol=6 | dir=in | app=c:\program files\atari\aitd\alone.exe |
"{DD815B79-1A2E-491F-87F3-77893D6E2E22}" = protocol=58 | dir=in | app=system |
"{E21E485B-E5CE-411B-B2E8-6269D8F43D87}" = dir=in | app=c:\users\thomas\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{E2CBA599-A0A5-4A83-A7B2-E53695438838}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{E3653A21-D7F8-4346-8568-51401A3CD4CA}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{E37C7AF7-633C-4B9D-9CCE-ED61287EBB0F}" = protocol=6 | dir=in | app=c:\program files\gaijin\wings of prey\yuplay\yuplay.exe |
"{E65A5D94-A3A4-4329-8A96-67901B916AED}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{E6F93257-E261-4132-B459-EBE1F6FE47C7}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{F8AD63DD-0724-4FA1-B6D9-615B7571E202}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{FEFD13EA-DCE7-48D1-A7EC-B89E031C9381}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{FF27F4CB-BFDD-4540-896F-2805F3A7131E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"TCP Query User{04891885-4386-4A23-A565-C709C4BAD2DC}C:\users\martin\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{0507A7A3-14E9-47E4-8AEA-545857A619BA}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{08232569-C1D8-4830-BB49-A06358230FD2}C:\users\tom0012\desktop\call of duty - world at war\codwawmp.exe" = protocol=6 | dir=in | app=c:\users\tom0012\desktop\call of duty - world at war\codwawmp.exe |
"TCP Query User{17238A0E-F21A-4AB7-9120-FF6B7641F449}C:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwaw.exe |
"TCP Query User{1DCADE3B-D4A6-47B9-9531-022065E2E37D}C:\program files\greedytorrent\gtor.exe" = protocol=6 | dir=in | app=c:\program files\greedytorrent\gtor.exe |
"TCP Query User{2D4AFA55-3720-4F1C-A080-BF9F92D1A4DF}C:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"TCP Query User{2E781E93-09D5-4D25-925C-3F9A493BFF2C}C:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"TCP Query User{41EEA279-7F1F-4178-8909-3500CFB46363}C:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe |
"TCP Query User{4F393EDF-81E3-4018-992B-2E810DA1692A}C:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwawmp.exe" = protocol=6 | dir=in | app=c:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwawmp.exe |
"TCP Query User{50608E14-95D4-4235-8F21-A22426F340F0}C:\program files\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=c:\program files\call of duty- modern warfare 3\iw5mp_server.exe |
"TCP Query User{6D598505-EB04-4557-A4C7-6946F9BBC45A}C:\program files\steam\steamapps\tom0012\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\tom0012\team fortress 2\hl2.exe |
"TCP Query User{898B25D1-B6F3-411F-8CDF-14402BADAE40}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{9F836961-FFBC-4103-9327-7F7FA65568CB}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin |
"TCP Query User{AC4A097C-ED83-4B7A-B464-9162BDE659AF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C3A4C04F-8A6E-4FC9-8EBF-D471F7165732}C:\program files\steam\steamapps\common\section 8 prejudice\binaries\win32\s9-win32-f.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\section 8 prejudice\binaries\win32\s9-win32-f.exe |
"TCP Query User{C6C182E5-FF28-4E2C-887A-388074F4FBD7}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"TCP Query User{CDED9E2C-94A2-438F-A1F4-BAD29A477582}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{D081AC3F-272E-4C75-BA1F-01D564E182E6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{DA6C188A-29AE-4CB7-8316-DAE1D1D4E453}C:\program files\runes of magic\launcher.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\launcher.exe |
"TCP Query User{ED547C06-F57C-48F1-90C1-B9DC92C7AE25}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{F9578273-FC65-440E-97E1-33261692198F}C:\users\tom0012\desktop\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\users\tom0012\desktop\call of duty - world at war\codwaw.exe |
"UDP Query User{00A91455-629A-48DC-914A-807969AA2B0B}C:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"UDP Query User{103139F5-0017-4C19-B8AA-148575D13A69}C:\users\tom0012\desktop\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\users\tom0012\desktop\call of duty - world at war\codwaw.exe |
"UDP Query User{226C7231-8A99-445F-8380-A85804EB3A06}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{2E204C7C-A3C8-40EF-825E-C80B11E7981D}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin |
"UDP Query User{3455CDF1-FDAE-436A-9B69-805AEF93BF2D}C:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"UDP Query User{50AEFB94-8AAD-4519-ACC0-C2A5AA265265}C:\program files\steam\steamapps\tom0012\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\tom0012\team fortress 2\hl2.exe |
"UDP Query User{63AF79E5-5BB3-44FB-A8EA-9E231F039195}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6C8009A4-5FEC-4685-B9B0-E4E37AF9D244}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"UDP Query User{854CBBFA-CDD9-4A89-A061-4EC10D3F1045}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{8E4BA2CD-844C-4882-B50E-38A022A0C497}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{952F4E26-4A9B-4BAC-9B56-AA64AF3607F4}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{A4211F2A-98E5-42BE-BFB1-0A69B1AD570E}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{A6140DBC-D1E0-4CB4-AF26-5F0F54EE68D2}C:\program files\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=c:\program files\call of duty- modern warfare 3\iw5mp_server.exe |
"UDP Query User{BCAE7795-BB88-4D05-A24C-F2F726B4D98F}C:\users\martin\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{CAD9468F-DD38-482E-ABC3-D4B1224E9FE2}C:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwaw.exe |
"UDP Query User{D1186B42-E8C8-45D3-9874-1850B791ACE6}C:\users\tom0012\desktop\call of duty - world at war\codwawmp.exe" = protocol=17 | dir=in | app=c:\users\tom0012\desktop\call of duty - world at war\codwawmp.exe |
"UDP Query User{D41D9E83-E608-4A31-8134-208F1A881EA5}C:\program files\greedytorrent\gtor.exe" = protocol=17 | dir=in | app=c:\program files\greedytorrent\gtor.exe |
"UDP Query User{D53902FB-AFFA-4F75-80FC-30A3884A34CC}C:\program files\steam\steamapps\common\section 8 prejudice\binaries\win32\s9-win32-f.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\section 8 prejudice\binaries\win32\s9-win32-f.exe |
"UDP Query User{DB848984-512A-4D75-926A-43490527ED67}C:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwawmp.exe" = protocol=17 | dir=in | app=c:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwawmp.exe |
"UDP Query User{DFC6C72B-B7DF-4829-A198-50228502AAF2}C:\program files\runes of magic\launcher.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\launcher.exe |
"UDP Query User{F418974E-BAF0-44DA-8D88-04B7083F8756}C:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{13F59927-CFBE-44D1-8417-7203AD4F1795}" = Gothic 3
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = PC Performer Manager
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.32.0.80
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20F71B17-008C-43B4-8097-58FB62EA7AB8}" = Nero Kwik Media
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26EC9601-D617-02AE-ABE1-F68B8560C408}" = Catalyst Control Center InstallProxy
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A5FB407-4499-4514-BE05-A4BCADD87163}" = Gothic 2 Gold
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40CB0D72-3B19-9BFE-F1B9-896BC4022145}" = HydraVision
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51DC7E02-3EEE-D01E-60D1-103A0DA2C3BF}" = Catalyst Control Center Graphics Previews Common
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56AAE9D5-3D96-8D1D-C4C4-0290B21CE901}" = ccc-core-static
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59ADFE8C-AD8C-2B04-6940-2D417FBAD111}" = CCC Help English
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AF2E5BA0-759C-926D-6C3F-11A3751C286E}" = Catalyst Control Center Graphics Previews Vista
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2390904-74BD-48AA-B2CC-6612F8D46379}" = GameShadow
"{B338F364-B396-48DF-8E38-29840232CF3D}" = MAGIX Video deluxe 17 Plus Download-Version
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD56DFBF-110C-4CC2-910A-80C0759397AA}" = Gothic
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C40FDA46-40CD-46EE-A79D-EA4AE56EA008}" = ACDSee for PENTAX 3.0
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C969744F-EB74-5868-719E-D4B1F3D0792F}" = ccc-utility
"{C9C550CB-2390-410E-883F-3BE147D64143}_is1" = ThuumicShouter version 1.3 Open Beta
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1FD3035-DD6F-4A17-BC30-784E97EFBC68}" = Gothic III - Forsaken Gods
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EE3A0915-E8E5-4F1C-A048-592B7BD374D7}" = MAGIX Video deluxe 17 Download-Version
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE)
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"AGOT_is1" = Game of Thrones Version 1.1.0.0
"Akamai" = Akamai NetSession Interface
"Alone In The Dark_is1" = Alone In The Dark
"appbario2 Toolbar" = appbario2 Toolbar
"ArmA 2" = ArmA 2 Free Uninstall
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"Avanquest_App'-Anwendungsleiste Toolbar" = Avanquest App'-Anwendungsleiste Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"Bengal Special" = Bengal Special
"Blue Byte Game Channel" = Blue Byte Game Channel
"BrowserCompanion" = BrowserCompanion
"CCleaner" = CCleaner
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Wiege Roms" = Die Wiege Roms
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Setup" = DivX-Setup
"DragonsDogma screensaver_is1" = DragonsDogma screensaver
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD-lab PRO 2.0_is1" = DVD-lab PRO 2.0
"facemoods" = Facemoods Toolbar
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"Free Audio Converter_is1" = Free Audio Converter version 2.2.19.602
"Free FLV Converter_is1" = Free FLV Converter V 6.93.0
"Free Image Convert and Resize_is1" = Free Image Convert and Resize version 2.1.14.1228
"Free Screen To Video_is1" = Free Screen To Video V 2.0
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.17.602
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.13.608
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.25.627
"GamesBar" = GamesBar 2.0.1.73
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"GreedyTorrent_is1" = GreedyTorrent v1.01 beta build 170
"Hamster Free Video Converter_is1" = HamsterFreeVideoConverter
"HomepageFIX 2012_is1" = HomepageFIX 2012
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"iMesh" = iMesh
"ImgBurn" = ImgBurn
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LogMeIn Hamachi" = LogMeIn Hamachi
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NASA World Wind 1.4" = NASA World Wind 1.4
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OpenAL" = OpenAL
"Origin" = Origin
"PC-Doctor for Windows" = Hardware Diagnose Tools
"PhotoPad" = PhotoPad Image Editor
"PhotoStage" = PhotoStage Slideshow Producer
"Picasa 3" = Picasa 3
"Power Sound Editor Free" = Power Sound Editor Free
"PunkBusterSvc" = PunkBuster Services
"S3" = Die Siedler III Gold Edition
"SearchAnonymizer" = SearchAnonymizer
"Searchqu 417 MediaBar" = Windows Searchqu Toolbar
"Sonnensystem3D" = Sonnensystem 3D
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Steam App 105600" = Terraria
"Steam App 113420" = Fallen Earth
"Steam App 1250" = Killing Floor
"Steam App 13140" = America's Army 3
"Steam App 17020" = Global Agenda
"Steam App 220" = Half-Life 2
"Steam App 39800" = Nation Red
"Steam App 400" = Portal
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 97100" = Section 8: Prejudice
"Swords and Sandals 2" = Swords and Sandals 2 2.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Walking Dead (c) 3_is1" = The Walking Dead (c) 3 version 1
"TUGZip_is1" = TUGZip 3.5
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"Weg von der Insel" = Weg von der Insel
"WildTangent hp Master Uninstall" = My HP Games
"Wincore MediaBar" = Wincore MediaBar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1 beta
"WinRAR archiver" = WinRAR archiver
"WolfTeam-DE" = WolfTeam-DE
"Xilisoft DVD Creator" = Xilisoft DVD Creator
"YouTube Converter Pro_is1" = YouTube Converter Pro
"yuPlay клиент_is1" = yuPlay client 0.7.17
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"1939085897.www.pcspeedup.com" = PCSpeedUp
"Akamai" = Akamai NetSession Interface
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.04.2012 14:21:14 | Computer Name = TripleCore | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RunDLL32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x0277a8ed, Prozess-ID 0x950, Anwendungsstartzeit
01cd1b348a73147e.
Error - 16.04.2012 12:17:26 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description =
Error - 17.04.2012 15:20:43 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description =
Error - 18.04.2012 11:53:29 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description =
Error - 19.04.2012 07:22:09 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description =
Error - 19.04.2012 12:48:27 | Computer Name = TripleCore | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: db4 Anfangszeit: 01cd1e4aa709af87 Zeitpunkt der Beendigung:
15
Error - 19.04.2012 14:00:44 | Computer Name = TripleCore | Source = VSS | ID = 8194
Description =
Error - 19.04.2012 14:01:10 | Computer Name = TripleCore | Source = System Restore | ID = 8193
Description =
Error - 19.04.2012 16:39:43 | Computer Name = TripleCore | Source = EventSystem | ID = 4621
Description =
Error - 20.04.2012 10:05:46 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description =
Error - 20.04.2012 11:11:59 | Computer Name = TripleCore | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x02d0a8ed, Prozess-ID 0x3d8, Anwendungsstartzeit
01cd1f07e5978700.
Error - 21.04.2012 07:09:57 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description =
Error - 22.04.2012 04:37:24 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27.07.2012 07:21:28 | Computer Name = TripleCore | Source = HTTP | ID = 15016
Description =
Error - 27.07.2012 07:23:06 | Computer Name = TripleCore | Source = Service Control Manager | ID = 7000
Description =
Error - 28.07.2012 02:41:11 | Computer Name = TripleCore | Source = HTTP | ID = 15016
Description =
Error - 28.07.2012 02:42:44 | Computer Name = TripleCore | Source = Service Control Manager | ID = 7000
Description =
Error - 28.07.2012 05:12:04 | Computer Name = TripleCore | Source = HTTP | ID = 15016
Description =
Error - 28.07.2012 05:13:43 | Computer Name = TripleCore | Source = Service Control Manager | ID = 7000
Description =
Error - 29.07.2012 03:21:01 | Computer Name = TripleCore | Source = HTTP | ID = 15016
Description =
Error - 29.07.2012 03:22:36 | Computer Name = TripleCore | Source = Service Control Manager | ID = 7000
Description =
Error - 29.07.2012 05:30:37 | Computer Name = TripleCore | Source = HTTP | ID = 15016
Description =
Error - 29.07.2012 05:32:15 | Computer Name = TripleCore | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
30.07.2012, 11:20
| #4 |
| /// Helfer-Team | bProtector for Windows Virus Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll ()
SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe (bProtector)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (SearchAnonymizer) -- C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&barid={FE85AB08-8ECE-11E1-B160-002354600696}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{1F236687-06CF-46A3-881B-279C43777065}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1175&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={FE85AB08-8ECE-11E1-B160-002354600696}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227975
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227975
IE - HKCU\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D6464726E7726733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F7765622F7B7365617263685465726D737D3F6261627372633D53505F73732661666649443D313031323431266D6E747249643D3930356330366431303030303030303030303030303032373139626231343364&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F637573746F6D2F6A6176612F72656469726563743F636C69656E743D69652674623D4F524A266F3D313030303030303236267372633D63726D26713D7B7365617263685465726D737D266C6F63616C653D2661706E5F70746E72733D55332661706E5F647469643D4F534A303030&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0
IE - HKCU\..\SearchScopes\{1F236687-06CF-46A3-881B-279C43777065}: "URL" = http://slirsredirect.search.aol.com.anonymize-me.de/?anonymto=687474703A2F2F736C69727372656469726563742E7365617263682E616F6C2E636F6D2F736C6972735F687474702F7372656469723F7372656469723D313133342671756572793D7B7365617263685465726D737D26696E766F636174696F6E547970653D746235306870636E64746965372D64652D6174&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0
IE - HKCU\..\SearchScopes\{6C31A4D3-AC62-41BA-AFA4-5D8A1B0911EE}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://search.speedbit.com/search.aspx?aff=svd_0&q={searchTerms}
IE - HKCU\..\SearchScopes\{8740438D-339F-4A0B-8A34-7F3D76FF566F}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1175&systemid=1&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}: "URL" = http://de.kelkoopartners.net.anonymize-me.de/?anonymto=687474703A2F2F64652E6B656C6B6F6F706172746E6572732E6E65742F63746C2F646F2F7365617263683F7369746553656172636851756572793D7B7365617263685465726D737D2666726F6D666F726D3D7472756526783D7472756526793D7472756526706172746E65723D687026706172746E657249643D3936393133393333&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975
IE - HKCU\..\SearchScopes\{BEB9F905-3B7C-4970-8259-FE12D987E3B0}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C4EC27A4-1138-4D3F-8A55-63010655BC79}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{CB9448A5-7300-43B2-9BEE-4E772157F03E}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{DF349B01-6A03-4545-B880-C7EDE8C42DFF}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D36266372673D332E3130313030303026713D7B7365617263685465726D737D2662617269643D7B46453835414230382D384543452D313145312D423136302D3030323335343630303639367D&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;
FF - prefs.js..browser.search.defaultenginename: "appbario2 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "appbario2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "appbario2 Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "appbario2 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3227975&SearchSource=13"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Speedbit Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.speedbit.com/search.aspx?aff=svd_0&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Speedbit Search"
FF - prefs.js..browser.startup.homepage: "http://search.speedbit.com/?aff=svd_0"
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de [2012.04.25 17:56:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net [2012.04.25 18:27:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension [2012.07.13 22:31:38 | 000,000,000 | ---D | M]
[2012.07.17 10:59:09 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}
[2012.07.07 10:24:14 | 000,000,000 | ---D | M] (www.Freeware-download.com Community Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)
[2012.05.17 17:09:26 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012.06.26 13:51:55 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.11.03 21:16:21 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.31 20:45:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.13 22:32:18 | 000,000,000 | ---D | M] (appbario2 Community Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}
[2012.06.15 16:21:22 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldheroespatcher@ea.com
[2012.07.02 14:47:30 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldplay4free@ea.com
[2012.01.23 19:21:35 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com
[2012.01.23 21:42:27 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com
[2011.11.06 21:33:38 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@Facemoods.com
[2012.04.25 18:27:26 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net
[2012.04.25 17:56:21 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de
CHR - homepage: http://search.conduit.com/?ctid=CT3227975&SearchSource=48
CHR - homepage: http://www.searchqu.com/417
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_1\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll File not found
O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No CLSID value found.
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I File not found
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll ()
F3 - HKCU WinNT: Load - (C:\Users\Thomas\LOCALS~1\Temp\mswsazk.com) - File not found
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\22463~1.83\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll ()
O24 - Desktop WallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.05 17:49:56 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{84627128-ffb8-11e0-a101-002354600696}\Shell - "" = AutoRun
O33 - MountPoints2\{84627128-ffb8-11e0-a101-002354600696}\Shell\AutoRun\command - "" = G:\FalloutLauncher.exe
O33 - MountPoints2\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\Shell - "" = AutoRun
O33 - MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\Shell\AutoRun\command - "" = L:\SETUP.EXE
[2012.07.13 22:32:02 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2012.07.13 22:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows
[2012.07.22 21:06:03 | 000,000,051 | ---- | M] () -- C:\ProgramData\jeycukwaohhrwlf
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD36345D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6152D44C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:862BDB1A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66B13F37
[2012.07.13 22:32:21 | 000,000,009 | ---- | M] () -- C:\END
[2012.04.25 17:56:17 | 000,002,618 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\askcomsearch.xml
[2012.04.25 17:56:17 | 000,001,163 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\bProtect.xml
[2012.04.25 17:56:18 | 000,004,356 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\sweetim.xml
[2012.04.25 17:56:18 | 000,002,069 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{0414432B-22A6-4EC0-8398-2ACA5886E763}.xml
[2012.04.25 17:56:18 | 000,002,180 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{41480EEB-54A9-42F1-BC08-E17B83926824}.xml
[2012.04.25 17:56:18 | 000,001,862 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{F74C3F82-3EC4-4400-98B3-19E7459655C5}.xml
[2012.04.25 17:56:17 | 000,002,395 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.04.25 17:56:17 | 000,001,617 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.04.25 17:56:19 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.04.25 17:57:16 | 000,001,086 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{D4B855DD-57D6-4559-919E-69017E7B0909}.xml
[2012.07.08 13:55:38 | 000,000,921 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\conduit.xml
[2012.04.25 20:18:50 | 000,002,538 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\speedbit.xml
[2012.06.17 17:04:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.17 17:04:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.17 17:04:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 17:04:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 17:04:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 17:04:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2012.07.13 22:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\PC Performer
[2012.07.13 22:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\appbario2
[2012.07.13 22:31:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2012.07.13 22:31:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\bProtectorForWindows
[2012.07.30 09:59:11 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.30 09:47:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1001UA.job
[2012.07.30 09:47:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1001Core.job
[2012.07.30 09:33:43 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Thomas.job
[2012.07.30 09:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.30 08:26:01 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1004UA.job
[2012.07.29 23:26:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1004Core.job
[2012.07.29 19:59:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
30.07.2012, 15:48
| #5 |
| | bProtector for Windows Virus All processes killed ========== OTL ========== Service bProtector stopped successfully! Service bProtector deleted successfully! C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe moved successfully. Service Akamai stopped successfully! Service Akamai deleted successfully! c:\program files\common files\akamai/netsession_win_4f7fccd.dll moved successfully. Service SearchAnonymizer stopped successfully! Service SearchAnonymizer deleted successfully! C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe moved successfully. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File system32\DRIVERS\ipinip.sys File not found not found. Service IntcAzAudAddService stopped successfully! Service IntcAzAudAddService deleted successfully! File system32\drivers\RTKVHDA.sys File not found not found. Service EagleNT stopped successfully! Service EagleNT deleted successfully! File C:\Windows\system32\drivers\EagleNT.sys File not found not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\ deleted successfully. C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cdf97ee2-ded0-4369-835e-99dd08225fa5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\ deleted successfully. C:\Programme\appbario2\prxtbappb.dll moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F236687-06CF-46A3-881B-279C43777065}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F236687-06CF-46A3-881B-279C43777065}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cdf97ee2-ded0-4369-835e-99dd08225fa5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\ not found. File C:\Programme\appbario2\prxtbappb.dll not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F236687-06CF-46A3-881B-279C43777065}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F236687-06CF-46A3-881B-279C43777065}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6C31A4D3-AC62-41BA-AFA4-5D8A1B0911EE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C31A4D3-AC62-41BA-AFA4-5D8A1B0911EE}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8740438D-339F-4A0B-8A34-7F3D76FF566F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8740438D-339F-4A0B-8A34-7F3D76FF566F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BEB9F905-3B7C-4970-8259-FE12D987E3B0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB9F905-3B7C-4970-8259-FE12D987E3B0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4EC27A4-1138-4D3F-8A55-63010655BC79}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4EC27A4-1138-4D3F-8A55-63010655BC79}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB9448A5-7300-43B2-9BEE-4E772157F03E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB9448A5-7300-43B2-9BEE-4E772157F03E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DF349B01-6A03-4545-B880-C7EDE8C42DFF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF349B01-6A03-4545-B880-C7EDE8C42DFF}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "appbario2 Customized Web Search" removed from browser.search.defaultenginename Prefs.js: "appbario2 Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "appbario2 Customized Web Search" removed from browser.search.order.1 Prefs.js: "appbario2 Customized Web Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13" removed from browser.startup.homepage Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=2&q=" removed from keyword.URL Prefs.js: "Speedbit Search" removed from sweetim.toolbar.previous.browser.search.defaultenginename Prefs.js: "hxxp://search.speedbit.com/search.aspx?aff=svd_0&q=" removed from sweetim.toolbar.previous.browser.search.defaulturl Prefs.js: "Speedbit Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine Prefs.js: "hxxp://search.speedbit.com/?aff=svd_0" removed from browser.startup.homepage Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\ deleted successfully. C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll moved successfully. File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de not found. File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net not found. File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension not found. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\searchplugin folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\Plugins folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\modules folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\META-INF folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\defaults folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\components folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\chrome folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)\searchplugin folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)\modules folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)\META-INF folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)\defaults folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)\components folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)\chrome folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40) folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\searchbar folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\options folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\css folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\scripts folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\css folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\css folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\modules folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\data\search folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\data folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local\modules folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults\preferences folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\components folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\searchplugin folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\Plugins folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\modules folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\META-INF folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\defaults folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\components folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\chrome folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5} folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldheroespatcher@ea.com\plugins folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldheroespatcher@ea.com\META-INF folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldheroespatcher@ea.com folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldplay4free@ea.com\plugins folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldplay4free@ea.com\META-INF folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldplay4free@ea.com folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com\components folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com\chrome\content\cache folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com\chrome\content folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com\chrome folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com\content folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com\components folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@Facemoods.com folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net\defaults\preferences folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net\defaults folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net\chrome\skin folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net\chrome\content\lists folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net\chrome\content folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net\chrome folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de\chrome\content\skin folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de\chrome\content folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de\chrome folder moved successfully. C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de folder moved successfully. Use Chrome's Settings page to change the HomePage. Use Chrome's Settings page to change the HomePage. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\cache folder moved successfully. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0 folder moved successfully. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_1\cache folder moved successfully. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_1 folder moved successfully. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\res folder moved successfully. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\lib folder moved successfully. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\js folder moved successfully. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0 folder moved successfully. File C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of not found. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0 folder moved successfully. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\res folder moved successfully. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\js folder moved successfully. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0 folder moved successfully. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0 folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ deleted successfully. C:\Programme\BrowserCompanion\jsloader.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found. File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\ not found. File C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}\ deleted successfully. C:\Programme\BrowserCompanion\updatebhoWin32.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\ not found. File C:\Programme\appbario2\prxtbappb.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully. C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\ not found. File Anwendungsleiste\prxtbAvan.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. File C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cdf97ee2-ded0-4369-835e-99dd08225fa5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\ not found. File C:\Programme\appbario2\prxtbappb.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully. File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Browser companion helper deleted successfully. C:\Programme\BrowserCompanion\BCHelper.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully. C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KBD deleted successfully. C:\hp\KBD\KbdStub.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully. C:\WINDOWS\System32\NeroCheck.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ocs_SM deleted successfully. C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully. C:\Programme\SweetIM\Messenger\SweetIM.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully. C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully. C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LightScribe Control Panel deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll deleted successfully. C:\Programme\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll deleted successfully. C:\Programme\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll deleted successfully. C:\Programme\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll deleted successfully. C:\Programme\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Thomas\LOCALS~1\Temp\mswsazk.com deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4c3a-B38E-9654A7003239}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A93C934-025B-4c3a-B38E-9654A7003239}\ not found. C:\Programme\BrowserCompanion\tdataprotocol.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\base64\ deleted successfully. Invalid CLSID key: C:\Programme\BrowserCompanion\tdataprotocol.dll File C:\Programme\BrowserCompanion\tdataprotocol.dll not found. File C:\Programme\BrowserCompanion\tdataprotocol.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\chrome\ deleted successfully. File C:\Programme\BrowserCompanion\tdataprotocol.dll not found. File C:\Programme\BrowserCompanion\tdataprotocol.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\prox\ deleted successfully. File C:\Programme\BrowserCompanion\tdataprotocol.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\bprote~1\22463~1.83\protec~1.dll deleted successfully. File move failed. c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll scheduled to be moved on reboot. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\WallPaper deleted successfully. C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\BackupWallPaper deleted successfully. File C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84627128-ffb8-11e0-a101-002354600696}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84627128-ffb8-11e0-a101-002354600696}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84627128-ffb8-11e0-a101-002354600696}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84627128-ffb8-11e0-a101-002354600696}\ not found. File G:\FalloutLauncher.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c40c6126-0dd8-11e1-9ee0-002354600696}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c40c6126-0dd8-11e1-9ee0-002354600696}\ not found. File L:\SETUP.EXE not found. C:\WINDOWS\System32\roboot.exe moved successfully. C:\ProgramData\bProtectorForWindows\2.2.463.83\traking_settings folder moved successfully. C:\ProgramData\bProtectorForWindows\2.2.463.83\searchplugins folder moved successfully. C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension\content folder moved successfully. C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension\components folder moved successfully. C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension folder moved successfully. C:\ProgramData\bProtectorForWindows\2.2.463.83\crashReports folder moved successfully. C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtectorForWindows\2.2.463.83 folder moved successfully. C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtectorForWindows folder moved successfully. Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.463.83 scheduled to be moved on reboot. Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot. C:\ProgramData\jeycukwaohhrwlf moved successfully. ADS C:\ProgramData\TEMP:BD36345D deleted successfully. ADS C:\ProgramData\TEMP:6152D44C deleted successfully. ADS C:\ProgramData\TEMP:862BDB1A deleted successfully. ADS C:\ProgramData\TEMP:66B13F37 deleted successfully. C:\END moved successfully. C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\askcomsearch.xml moved successfully. C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\bProtect.xml moved successfully. C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\sweetim.xml moved successfully. C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{0414432B-22A6-4EC0-8398-2ACA5886E763}.xml moved successfully. C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{41480EEB-54A9-42F1-BC08-E17B83926824}.xml moved successfully. C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{F74C3F82-3EC4-4400-98B3-19E7459655C5}.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully. C:\WINDOWS\System32\sqlite36_engine.dll moved successfully. C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{D4B855DD-57D6-4559-919E-69017E7B0909}.xml moved successfully. C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\conduit.xml moved successfully. C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\speedbit.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully. C:\Program Files\PC Performer\searchplugins folder moved successfully. C:\Program Files\PC Performer\bProtectorForWindows\2.2.463.83 folder moved successfully. C:\Program Files\PC Performer\bProtectorForWindows folder moved successfully. C:\Program Files\PC Performer folder moved successfully. C:\Program Files\appbario2\searchplugins folder moved successfully. C:\Program Files\appbario2\bProtectorForWindows\2.2.463.83 folder moved successfully. C:\Program Files\appbario2\bProtectorForWindows folder moved successfully. C:\Program Files\appbario2 folder moved successfully. C:\Windows\System32\searchplugins folder moved successfully. C:\Windows\System32\bProtectorForWindows\2.2.463.83 folder moved successfully. C:\Windows\System32\bProtectorForWindows folder moved successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1001UA.job moved successfully. C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1001Core.job moved successfully. C:\WINDOWS\Tasks\Norton Security Scan for Thomas.job moved successfully. C:\WINDOWS\Tasks\Adobe Flash Player Updater.job moved successfully. C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1004UA.job moved successfully. C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1004Core.job moved successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Thomas\Desktop\cmd.bat deleted successfully. C:\Users\Thomas\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Josef ->Temp folder emptied: 4769856 bytes ->Temporary Internet Files folder emptied: 13208499 bytes ->Java cache emptied: 125246 bytes ->FireFox cache emptied: 575703233 bytes ->Flash cache emptied: 20837 bytes User: Martin ->Temp folder emptied: 271235254 bytes ->Temporary Internet Files folder emptied: 148278813 bytes ->Java cache emptied: 37215614 bytes ->FireFox cache emptied: 1241038783 bytes ->Google Chrome cache emptied: 356321213 bytes ->Flash cache emptied: 239203 bytes User: Public User: Thomas ->Temp folder emptied: 1985937017 bytes ->Temporary Internet Files folder emptied: 33307376 bytes ->Java cache emptied: 19671997 bytes ->FireFox cache emptied: 117819890 bytes ->Google Chrome cache emptied: 332144973 bytes ->Flash cache emptied: 350318 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 149345276 bytes RecycleBin emptied: 77236 bytes Total Files Cleaned = 5.042,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Josef ->Flash cache emptied: 0 bytes User: Martin ->Flash cache emptied: 0 bytes User: Public User: Thomas ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.55.0 log created on 07302012_134946 Files\Folders moved on Reboot... File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot. File move failed. c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll scheduled to be moved on reboot. C:\ProgramData\bProtectorForWindows\2.2.463.83\traking_settings folder moved successfully. Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.463.83 scheduled to be moved on reboot. Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.463.83 scheduled to be moved on reboot. Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot. File\Folder C:\Windows\temp\logishrd\LVPrcInj0a.dll not found! PendingFileRenameOperations files... [2011.05.27 08:24:06 | 000,061,888 | ---- | M] (Adobe Systems Incorporated) C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll : MD5=48345BD51975E9883DD2DA45D7D1B294 [2012.07.13 22:31:37 | 002,008,096 | ---- | M] () c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll : Unable to obtain MD5 File C:\ProgramData\bProtectorForWindows\2.2.463.83 not found! File C:\ProgramData\bProtectorForWindows not found! File C:\Windows\temp\logishrd\LVPrcInj0a.dll not found! Registry entries deleted on Reboot... |
|
30.07.2012, 15:54
| #6 |
| /// Helfer-Team | bProtector for Windows Virus Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> bProtector for Windows Virus |
|
30.07.2012, 19:30
| #7 |
| | bProtector for Windows Virus der Rechner läuft schon viel besser, der Prozess hat ja 1-2 CPU gebraucht Die Log Datei von Malwarebytes, was soll ich mit den infizierten Daten machen kann ich die ohne bedenken löschen? Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.06 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Thomas :: TRIPLECORE [Administrator] 30.07.2012 17:36:42 mbam-log-2012-07-30 (20-25-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 583276 Laufzeit: 2 Stunde(n), 40 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 37 HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Interface\{3718D0AF-A3B8-4F5E-86F3-FAD8D02043BE} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 6 C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22 (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\bh (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\bProtectorForWindows (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\bProtectorForWindows\2.2.463.83 (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\searchplugins (PUP.Funmoods) -> Keine Aktion durchgeführt. Infizierte Dateien: 24 C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Program Files\Uninstall Information\ib_uninst_515\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Users\Thomas\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Thomas\Downloads\SoftonicDownloader_fuer_free-screen-to-video.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\Thomas\Downloads\SoftonicDownloader_fuer_nasa-world-wind.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\07302012_134946\C_Programme\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Thomas\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\escortShld.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\FavIcon.ico (PUP.Funmoods) -> Keine Aktion durchgeführt. (Ende) Und die Log von AdwCleaner # AdwCleaner v1.703 - Logfile created 07/30/2012 at 20:36:12 # Updated 20/07/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # User : Thomas - TRIPLECORE # Running from : C:\Users\Thomas\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg Folder Found : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Folder Found : C:\Users\Thomas\AppData\Local\Babylon Folder Found : C:\Users\Thomas\AppData\Local\Conduit Folder Found : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj Folder Found : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg Folder Found : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Folder Found : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} Folder Found : C:\Users\Martin\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Martin\AppData\LocalLow\Conduit Folder Found : C:\Users\Martin\AppData\LocalLow\facemoods.com Folder Found : C:\Users\Martin\AppData\LocalLow\Searchqutoolbar Folder Found : C:\Users\Martin\AppData\LocalLow\Toolbar4 Folder Found : C:\Users\Josef\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Josef\AppData\LocalLow\Conduit Folder Found : C:\Users\Josef\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\Josef\AppData\LocalLow\facemoods.com Folder Found : C:\Users\Josef\AppData\LocalLow\Searchqutoolbar Folder Found : C:\Users\Josef\AppData\LocalLow\Toolbar4 Folder Found : C:\Users\Thomas\AppData\LocalLow\Avanquest_App'-Anwendungsleiste Folder Found : C:\Users\Thomas\AppData\LocalLow\bbrs_002.tb Folder Found : C:\Users\Thomas\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\Thomas\AppData\LocalLow\Conduit Folder Found : C:\Users\Thomas\AppData\LocalLow\facemoods.com Folder Found : C:\Users\Thomas\AppData\LocalLow\Searchqutoolbar Folder Found : C:\Users\Thomas\AppData\LocalLow\Toolbar4 Folder Found : C:\Users\Thomas\AppData\Roaming\Babylon Folder Found : C:\Users\Thomas\AppData\Roaming\OpenCandy Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\Searchqutoolbar Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} Folder Found : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\Searchqutoolbar Folder Found : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Folder Found : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} Folder Found : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} Folder Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\ConduitCommon Folder Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\Searchqutoolbar Folder Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@funmoods.com Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\IBUpdaterService Folder Found : C:\ProgramData\InstallMate Folder Found : C:\ProgramData\SweetIM Folder Found : C:\Program Files\Avanquest_App'-Anwendungsleiste Folder Found : C:\Program Files\BrowserCompanion Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\Funmoods Folder Found : C:\Program Files\SweetIM Folder Found : C:\Program Files\Windows Searchqu Toolbar Folder Found : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0} Folder Found : C:\Windows\Installer\{5B58EF61-85F2-4977-97A5-84C19F926579} Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Folder Found : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3} File Found : C:\Users\Thomas\AppData\Local\funmoods.crx File Found : C:\Users\Thomas\AppData\Local\funmoods-speeddial.crx File Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\SearchResults.xml File Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\Search_Results.xml File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml File Found : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2325506[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2529008[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227975 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\Toolbar Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\bProtector Key Found : HKCU\Software\BrowserCompanion Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\facemoods.com Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\SweetIm Key Found : HKLM\SOFTWARE\Avanquest_App'-Anwendungsleiste Key Found : HKLM\SOFTWARE\Babylon Key Found : HKLM\SOFTWARE\BrowserCompanion Key Found : HKLM\SOFTWARE\Canneverbe Limited\OpenCandy Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1 Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1 Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1 Key Found : HKLM\SOFTWARE\Classes\f Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1 Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1 Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1 Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1 Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1 Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1 Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\SOFTWARE\Classes\sim-packages Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1 Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\DataMngr Key Found : HKLM\SOFTWARE\DT Soft Key Found : HKLM\SOFTWARE\facemoods.com Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Key Found : HKLM\SOFTWARE\Iminent Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B58EF61-85F2-4977-97A5-84C19F926579} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avanquest App'-Anwendungsleiste Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avanquest_App'-Anwendungsleiste Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar Key Found : HKLM\SOFTWARE\SearchquMediabarTb Key Found : HKLM\SOFTWARE\SweetIM Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4} Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Found : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2E449EBA-CCDD-4117-866D-D27ABA3B2490} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47} Key Found : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} Key Found : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2D817A1-029F-4C67-BEEA-AC51C6800B2D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E} Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F} Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B} Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E449EBA-CCDD-4117-866D-D27ABA3B2490} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] ***** [Internet Browsers] ***** -\\ Internet Explorer v7.0.6001.18000 [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDyEtA0DtDtCtCtDyC0DtCtN0D0Tzu0CtBtCtCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=346159204 -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\prefs.js Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=1175&systemid=1&sr=0&q="); Profile name : default File : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\prefs.js Found : user_pref("browser.search.defaultenginename", "appbario2 Customized Web Search"); Found : user_pref("browser.search.order.1", "appbario2 Customized Web Search"); Found : user_pref("browser.search.selectedEngine", "appbario2 Customized Web Search"); Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13"); Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=2&q=[...] Found : user_pref("somoto.dnscatch", "hxxp://www.bigseekpro.com/search/toolbar/bigseekpro/{69724877-A711-B82[...] Found : user_pref("somoto.homepage", "hxxp://www.bigseekpro.com/bigseekpro/{69724877-A711-B821-0824-4A8AC5EE[...] Found : user_pref("speedbitvideodownloader.bubble_src", "hxxp%3A//www.bigseekpro.com/widget/0f083e05edf0c73b[...] Profile name : default File : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\prefs.js Found : user_pref("CT2325506..clientLogIsEnabled", false); Found : user_pref("CT2325506..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2325506..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2325506.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2325506.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2325506.BrowserCompStateIsOpen_129665092953814947", true); Found : user_pref("CT2325506.BrowserCompStateIsOpen_129665093155197448", true); Found : user_pref("CT2325506.CT2325506", "CT2325506"); Found : user_pref("CT2325506.CurrentServerDate", "5-7-2012"); Found : user_pref("CT2325506.DSInstall", true); Found : user_pref("CT2325506.DialogsAlignMode", "LTR"); Found : user_pref("CT2325506.DialogsGetterLastCheckTime", "Fri Jul 06 2012 21:09:19 GMT+0200"); Found : user_pref("CT2325506.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...] Found : user_pref("CT2325506.EMailNotifierPollDate", "Sat Jan 14 2012 14:12:28 GMT+0100"); Found : user_pref("CT2325506.FirstServerDate", "14-1-2012"); Found : user_pref("CT2325506.FirstTime", true); Found : user_pref("CT2325506.FirstTimeFF3", true); Found : user_pref("CT2325506.FixPageNotFoundErrors", true); Found : user_pref("CT2325506.GroupingServerCheckInterval", 1440); Found : user_pref("CT2325506.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2325506.HPInstall", true); Found : user_pref("CT2325506.HasUserGlobalKeys", true); Found : user_pref("CT2325506.HomePageProtectorEnabled", true); Found : user_pref("CT2325506.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2325506&SearchSource=[...] Found : user_pref("CT2325506.Initialize", true); Found : user_pref("CT2325506.InitializeCommonPrefs", true); Found : user_pref("CT2325506.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2325506.InstallationType", "DirectDownload"); Found : user_pref("CT2325506.InstalledDate", "Sat Jan 14 2012 13:57:17 GMT+0100"); Found : user_pref("CT2325506.InvalidateCache", false); Found : user_pref("CT2325506.IsGrouping", false); Found : user_pref("CT2325506.IsInitSetupIni", true); Found : user_pref("CT2325506.IsMulticommunity", false); Found : user_pref("CT2325506.IsOpenThankYouPage", true); Found : user_pref("CT2325506.IsOpenUninstallPage", true); Found : user_pref("CT2325506.IsProtectorsInit", true); Found : user_pref("CT2325506.LanguagePackLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200"); Found : user_pref("CT2325506.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2325506.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2325506.LastLogin_3.12.2.3", "Sun May 20 2012 20:35:53 GMT+0200"); Found : user_pref("CT2325506.LastLogin_3.13.0.6", "Fri Jul 06 2012 21:09:19 GMT+0200"); Found : user_pref("CT2325506.LastLogin_3.9.0.3", "Sat Jan 14 2012 13:57:28 GMT+0100"); Found : user_pref("CT2325506.LatestVersion", "3.13.0.6"); Found : user_pref("CT2325506.Locale", "de"); Found : user_pref("CT2325506.MCDetectTooltipHeight", "83"); Found : user_pref("CT2325506.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2325506.MCDetectTooltipWidth", "295"); Found : user_pref("CT2325506.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2325506.OriginalFirstVersion", "3.9.0.3"); Found : user_pref("CT2325506.RadioIsPodcast", false); Found : user_pref("CT2325506.RadioLastCheckTime", "Sat Jan 14 2012 13:57:17 GMT+0100"); Found : user_pref("CT2325506.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2325506.RadioLastUpdateServer", "3"); Found : user_pref("CT2325506.RadioMediaID", "9962"); Found : user_pref("CT2325506.RadioMediaType", "Media Player"); Found : user_pref("CT2325506.RadioMenuSelectedID", "EBRadioMenu_CT23255069962"); Found : user_pref("CT2325506.RadioShrinkedFromSetup", false); Found : user_pref("CT2325506.RadioStationName", "California%20Rock"); Found : user_pref("CT2325506.RadioStationURL", "hxxp://feedlive.net/california.asx"); Found : user_pref("CT2325506.SavedHomepage", "hxxp://search.speedbit.com/?aff=svd_0"); Found : user_pref("CT2325506.SearchCaption", "www.Freeware-download.com Customized Web Search"); Found : user_pref("CT2325506.SearchEngineBeforeUnload", "www.Freeware-download.com Customized Web Search"); Found : user_pref("CT2325506.SearchFromAddressBarIsInit", true); Found : user_pref("CT2325506.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT232[...] Found : user_pref("CT2325506.SearchInNewTabEnabled", true); Found : user_pref("CT2325506.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2325506.SearchInNewTabLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200"); Found : user_pref("CT2325506.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2325506.SearchProtectorEnabled", true); Found : user_pref("CT2325506.SearchProtectorToolbarDisabled", false); Found : user_pref("CT2325506.SendProtectorDataViaLogin", true); Found : user_pref("CT2325506.ServiceMapLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200"); Found : user_pref("CT2325506.SettingsLastCheckTime", "Fri Jul 06 2012 21:09:19 GMT+0200"); Found : user_pref("CT2325506.SettingsLastUpdate", "1337169810"); Found : user_pref("CT2325506.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2325506&SearchSource=13"); Found : user_pref("CT2325506.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2325506.ThirdPartyComponentsLastCheck", "Sat Jan 14 2012 13:57:13 GMT+0100"); Found : user_pref("CT2325506.ThirdPartyComponentsLastUpdate", "1255344657"); Found : user_pref("CT2325506.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2325506.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2325506"); Found : user_pref("CT2325506.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2325506.UserID", "UN89571293570935501"); Found : user_pref("CT2325506.WeatherNetwork", ""); Found : user_pref("CT2325506.WeatherPollDate", "Sat Jan 14 2012 13:57:28 GMT+0100"); Found : user_pref("CT2325506.WeatherUnit", "C"); Found : user_pref("CT2325506.alertChannelId", "721521"); Found : user_pref("CT2325506.backendstorage.appbuttondisablenull", "30"); Found : user_pref("CT2325506.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365"); Found : user_pref("CT2325506.components.1000234", true); Found : user_pref("CT2325506.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2325506.globalFirstTimeInfoLastCheckTime", "Sat Jan 14 2012 13:57:14 GMT+0100"); Found : user_pref("CT2325506.homepageProtectorEnableByLogin", true); Found : user_pref("CT2325506.initDone", true); Found : user_pref("CT2325506.isAppTrackingManagerOn", true); Found : user_pref("CT2325506.isFirstRadioInstallation", false); Found : user_pref("CT2325506.myStuffEnabled", true); Found : user_pref("CT2325506.myStuffPublihserMinWidth", 400); Found : user_pref("CT2325506.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2325506.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2325506.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2325506.revertSettingsEnabled", true); Found : user_pref("CT2325506.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2325506.searchProtectorEnableByLogin", true); Found : user_pref("CT2325506.testingCtid", ""); Found : user_pref("CT2325506.toolbarAppMetaDataLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200"); Found : user_pref("CT2325506.toolbarContextMenuLastCheckTime", "Sat Jan 14 2012 13:57:17 GMT+0100"); Found : user_pref("CT2325506.usagesFlag", 2); Found : user_pref("CT2529008..clientLogIsEnabled", false); Found : user_pref("CT2529008..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2529008..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2529008.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2529008.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2529008.BrowserCompStateIsOpen_129466649857206449", true); Found : user_pref("CT2529008.BrowserCompStateIsOpen_129466655526582105", true); Found : user_pref("CT2529008.BrowserCompStateIsOpen_129795774021372572", true); Found : user_pref("CT2529008.BrowserCompStateIsOpen_129851688744881277", true); Found : user_pref("CT2529008.CTID", "CT2529008"); Found : user_pref("CT2529008.CurrentServerDate", "30-7-2012"); Found : user_pref("CT2529008.DSInstall", true); Found : user_pref("CT2529008.DialogsAlignMode", "LTR"); Found : user_pref("CT2529008.DialogsGetterLastCheckTime", "Sun Jul 29 2012 22:13:51 GMT+0200"); Found : user_pref("CT2529008.DownloadReferralCookieData", ""); Found : user_pref("CT2529008.EMailNotifierPollDate", "Tue Apr 24 2012 11:45:59 GMT+0200"); Found : user_pref("CT2529008.FirstServerDate", "24-4-2012"); Found : user_pref("CT2529008.FirstTime", true); Found : user_pref("CT2529008.FirstTimeFF3", true); Found : user_pref("CT2529008.FixPageNotFoundErrors", true); Found : user_pref("CT2529008.GroupingServerCheckInterval", 1440); Found : user_pref("CT2529008.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2529008.HPInstall", true); Found : user_pref("CT2529008.HasUserGlobalKeys", true); Found : user_pref("CT2529008.HomePageProtectorEnabled", true); Found : user_pref("CT2529008.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2529008&SearchSource=[...] Found : user_pref("CT2529008.Initialize", true); Found : user_pref("CT2529008.InitializeCommonPrefs", true); Found : user_pref("CT2529008.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2529008.InstallationId", "drivergenius11professional_de_ppc_content_ct2529008"); Found : user_pref("CT2529008.InstallationType", "ConduitNSISIntegration"); Found : user_pref("CT2529008.InstalledDate", "Tue Apr 24 2012 11:11:26 GMT+0200"); Found : user_pref("CT2529008.InvalidateCache", false); Found : user_pref("CT2529008.IsAlertDBUpdated", true); Found : user_pref("CT2529008.IsGrouping", false); Found : user_pref("CT2529008.IsInitSetupIni", true); Found : user_pref("CT2529008.IsMulticommunity", false); Found : user_pref("CT2529008.IsOpenThankYouPage", false); Found : user_pref("CT2529008.IsOpenUninstallPage", true); Found : user_pref("CT2529008.IsProtectorsInit", true); Found : user_pref("CT2529008.LanguagePackLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200"); Found : user_pref("CT2529008.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2529008.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2529008.LastLogin_3.12.0.8", "Wed Apr 25 2012 20:19:54 GMT+0200"); Found : user_pref("CT2529008.LastLogin_3.12.2.3", "Tue May 29 2012 19:30:42 GMT+0200"); Found : user_pref("CT2529008.LastLogin_3.13.0.6", "Tue Jul 17 2012 10:29:11 GMT+0200"); Found : user_pref("CT2529008.LastLogin_3.14.1.0", "Mon Jul 30 2012 13:35:46 GMT+0200"); Found : user_pref("CT2529008.LatestVersion", "3.14.1.0"); Found : user_pref("CT2529008.Locale", "de"); Found : user_pref("CT2529008.MCDetectTooltipHeight", "83"); Found : user_pref("CT2529008.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2529008.MCDetectTooltipWidth", "295"); Found : user_pref("CT2529008.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2529008.OriginalFirstVersion", "3.12.0.8"); Found : user_pref("CT2529008.RadioIsPodcast", false); Found : user_pref("CT2529008.RadioLastCheckTime", "Tue Apr 24 2012 11:11:31 GMT+0200"); Found : user_pref("CT2529008.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2529008.RadioLastUpdateServer", "129217682650600000"); Found : user_pref("CT2529008.RadioMediaID", "20661013"); Found : user_pref("CT2529008.RadioMediaType", "Media Player"); Found : user_pref("CT2529008.RadioMenuSelectedID", "EBRadioMenu_CT252900820661013"); Found : user_pref("CT2529008.RadioShrinkedFromSetup", false); Found : user_pref("CT2529008.RadioStationName", "Einslive"); Found : user_pref("CT2529008.RadioStationURL", "hxxp://www.wdr.de/wdrlive/media/einslive-wm32.asx"); Found : user_pref("CT2529008.SavedHomepage", "hxxp://search.speedbit.com/?aff=svd_0"); Found : user_pref("CT2529008.SearchCaption", "Avanquest App'-Anwendungsleiste Customized Web Search"); Found : user_pref("CT2529008.SearchEngineBeforeUnload", "Avanquest App'-Anwendungsleiste Customized Web Sear[...] Found : user_pref("CT2529008.SearchFromAddressBarIsInit", true); Found : user_pref("CT2529008.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT252[...] Found : user_pref("CT2529008.SearchInNewTabEnabled", true); Found : user_pref("CT2529008.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2529008.SearchInNewTabLastCheckTime", "Mon Jul 30 2012 13:25:38 GMT+0200"); Found : user_pref("CT2529008.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2529008.SearchProtectorEnabled", true); Found : user_pref("CT2529008.SearchProtectorToolbarDisabled", false); Found : user_pref("CT2529008.SendProtectorDataViaLogin", true); Found : user_pref("CT2529008.ServiceMapLastCheckTime", "Mon Jul 30 2012 13:25:39 GMT+0200"); Found : user_pref("CT2529008.SettingsLastCheckTime", "Mon Jul 30 2012 13:42:07 GMT+0200"); Found : user_pref("CT2529008.SettingsLastUpdate", "1343051001"); Found : user_pref("CT2529008.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2529008&SearchSource=13"); Found : user_pref("CT2529008.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2529008.ThirdPartyComponentsLastCheck", "Tue Apr 24 2012 11:11:23 GMT+0200"); Found : user_pref("CT2529008.ThirdPartyComponentsLastUpdate", "1255344657"); Found : user_pref("CT2529008.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2529008.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2529008"); Found : user_pref("CT2529008.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2529008.UserID", "UN22645025072808023"); Found : user_pref("CT2529008.WeatherNetwork", ""); Found : user_pref("CT2529008.WeatherPollDate", "Tue Apr 24 2012 11:46:00 GMT+0200"); Found : user_pref("CT2529008.WeatherUnit", "C"); Found : user_pref("CT2529008.alertChannelId", "922015"); Found : user_pref("CT2529008.autoDisableScopes", -1); Found : user_pref("CT2529008.backendstorage.cbcountry_000", "4154"); Found : user_pref("CT2529008.backendstorage.cbfirsttime", "5475652041707220323420323031322031313A31313A34332[...] Found : user_pref("CT2529008.backendstorage.shoppingapp.gk.exipres", "53756E2041707220323920323031322031313A[...] Found : user_pref("CT2529008.backendstorage.shoppingapp.gk.geolocation", "61757374726961"); Found : user_pref("CT2529008.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365"); Found : user_pref("CT2529008.backendstorage.url_history0001", "687474703A2F2F7777772E677265656479746F7272656[...] Found : user_pref("CT2529008.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2529008.globalFirstTimeInfoLastCheckTime", "Tue Apr 24 2012 11:11:25 GMT+0200"); Found : user_pref("CT2529008.homepageProtectorEnableByLogin", true); Found : user_pref("CT2529008.initDone", true); Found : user_pref("CT2529008.isAppTrackingManagerOn", true); Found : user_pref("CT2529008.isFirstRadioInstallation", false); Found : user_pref("CT2529008.myStuffEnabled", true); Found : user_pref("CT2529008.myStuffPublihserMinWidth", 400); Found : user_pref("CT2529008.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2529008.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2529008.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2529008.navigateToUrlOnSearch", false); Found : user_pref("CT2529008.revertSettingsEnabled", true); Found : user_pref("CT2529008.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2529008.searchProtectorEnableByLogin", true); Found : user_pref("CT2529008.testingCtid", ""); Found : user_pref("CT2529008.toolbarAppMetaDataLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200"); Found : user_pref("CT2529008.toolbarContextMenuLastCheckTime", "Tue Apr 24 2012 11:11:31 GMT+0200"); Found : user_pref("CT2529008.usagesFlag", 2); Found : user_pref("CT3227975..clientLogIsEnabled", false); Found : user_pref("CT3227975..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT3227975..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT3227975.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT3227975.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT3227975.BrowserCompStateIsOpen_129837869372071867", true); Found : user_pref("CT3227975.BrowserCompStateIsOpen_8835725162801969040", true); Found : user_pref("CT3227975.CTID", "CT3227975"); Found : user_pref("CT3227975.CurrentServerDate", "30-7-2012"); Found : user_pref("CT3227975.DSInstall", true); Found : user_pref("CT3227975.DialogsAlignMode", "LTR"); Found : user_pref("CT3227975.DialogsGetterLastCheckTime", "Sun Jul 29 2012 22:13:51 GMT+0200"); Found : user_pref("CT3227975.DownloadReferralCookieData", ""); Found : user_pref("CT3227975.FirstServerDate", "13-7-2012"); Found : user_pref("CT3227975.FirstTime", true); Found : user_pref("CT3227975.FirstTimeFF3", true); Found : user_pref("CT3227975.FirstTimeHiddenVer", true); Found : user_pref("CT3227975.FixPageNotFoundErrors", true); Found : user_pref("CT3227975.GroupingServerCheckInterval", 1440); Found : user_pref("CT3227975.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT3227975.HPInstall", true); Found : user_pref("CT3227975.HasUserGlobalKeys", true); Found : user_pref("CT3227975.HomePageProtectorEnabled", true); Found : user_pref("CT3227975.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=[...] Found : user_pref("CT3227975.Initialize", true); Found : user_pref("CT3227975.InitializeCommonPrefs", true); Found : user_pref("CT3227975.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT3227975.InstallationId", "installbrain"); Found : user_pref("CT3227975.InstallationType", "ConduitNSISIntegration"); Found : user_pref("CT3227975.InstalledDate", "Fri Jul 13 2012 22:32:47 GMT+0200"); Found : user_pref("CT3227975.InvalidateCache", false); Found : user_pref("CT3227975.IsGrouping", false); Found : user_pref("CT3227975.IsInitSetupIni", true); Found : user_pref("CT3227975.IsMulticommunity", false); Found : user_pref("CT3227975.IsOpenThankYouPage", false); Found : user_pref("CT3227975.IsOpenUninstallPage", true); Found : user_pref("CT3227975.IsProtectorsInit", true); Found : user_pref("CT3227975.LanguagePackLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200"); Found : user_pref("CT3227975.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT3227975.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT3227975.LastLogin_3.14.1.0", "Mon Jul 30 2012 13:35:46 GMT+0200"); Found : user_pref("CT3227975.LatestVersion", "3.14.1.0"); Found : user_pref("CT3227975.Locale", "en"); Found : user_pref("CT3227975.MCDetectTooltipHeight", "83"); Found : user_pref("CT3227975.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT3227975.MCDetectTooltipWidth", "295"); Found : user_pref("CT3227975.MyStuffEnabledAtInstallation", true); Found : user_pref("CT3227975.OriginalFirstVersion", "3.14.1.0"); Found : user_pref("CT3227975.RadioIsPodcast", false); Found : user_pref("CT3227975.RadioLastCheckTime", "Fri Jul 13 2012 22:32:50 GMT+0200"); Found : user_pref("CT3227975.RadioLastUpdateIPServer", "3"); Found : user_pref("CT3227975.RadioLastUpdateServer", "3"); Found : user_pref("CT3227975.RadioMediaID", "9962"); Found : user_pref("CT3227975.RadioMediaType", "Media Player"); Found : user_pref("CT3227975.RadioMenuSelectedID", "EBRadioMenu_CT32279759962"); Found : user_pref("CT3227975.RadioShrinkedFromSetup", false); Found : user_pref("CT3227975.RadioStationName", "California%20Rock"); Found : user_pref("CT3227975.RadioStationURL", "hxxp://feedlive.net/california.asx"); Found : user_pref("CT3227975.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13"); Found : user_pref("CT3227975.SearchCaption", "appbario2 Customized Web Search"); Found : user_pref("CT3227975.SearchEngineBeforeUnload", "appbario2 Customized Web Search"); Found : user_pref("CT3227975.SearchFromAddressBarIsInit", true); Found : user_pref("CT3227975.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...] Found : user_pref("CT3227975.SearchInNewTabEnabled", true); Found : user_pref("CT3227975.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT3227975.SearchInNewTabLastCheckTime", "Mon Jul 30 2012 13:25:39 GMT+0200"); Found : user_pref("CT3227975.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT3227975.SearchProtectorEnabled", true); Found : user_pref("CT3227975.SearchProtectorToolbarDisabled", false); Found : user_pref("CT3227975.SendProtectorDataViaLogin", true); Found : user_pref("CT3227975.ServiceMapLastCheckTime", "Mon Jul 30 2012 13:25:39 GMT+0200"); Found : user_pref("CT3227975.SettingsLastCheckTime", "Mon Jul 30 2012 13:42:07 GMT+0200"); Found : user_pref("CT3227975.SettingsLastUpdate", "1343552276"); Found : user_pref("CT3227975.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13"); Found : user_pref("CT3227975.ThirdPartyComponentsInterval", 504); Found : user_pref("CT3227975.ThirdPartyComponentsLastCheck", "Fri Jul 13 2012 22:32:45 GMT+0200"); Found : user_pref("CT3227975.ThirdPartyComponentsLastUpdate", "1331805997"); Found : user_pref("CT3227975.ToolbarShrinkedFromSetup", false); Found : user_pref("CT3227975.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3227975"); Found : user_pref("CT3227975.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT3227975.UserID", "UN44926301802381934"); Found : user_pref("CT3227975.alertChannelId", "1663741"); Found : user_pref("CT3227975.autoDisableScopes", -1); Found : user_pref("CT3227975.backendstorage.bday_installdate", "31332D36"); Found : user_pref("CT3227975.backendstorage.bday_installfromtoolbar", "796573"); Found : user_pref("CT3227975.backendstorage.cbcountry_001", "4154"); Found : user_pref("CT3227975.backendstorage.cbfirsttime", "467269204A756C20313320323031322032323A33333A31332[...] Found : user_pref("CT3227975.backendstorage.ct3227975ads1", "25374225323261647325323225334125354225374225323[...] Found : user_pref("CT3227975.backendstorage.ct3227975current_term", ""); Found : user_pref("CT3227975.backendstorage.ct3227975sdate", "3133"); Found : user_pref("CT3227975.backendstorage.shoppingapp.gk.exipres", "576564204A756C20313820323031322032323A[...] Found : user_pref("CT3227975.backendstorage.shoppingapp.gk.geolocation", "61757374726961"); Found : user_pref("CT3227975.backendstorage.url_history0001", "68747470733A2F2F7777772E66616365626F6F6B2E636[...] Found : user_pref("CT3227975.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT3227975.globalFirstTimeInfoLastCheckTime", "Fri Jul 13 2012 22:32:48 GMT+0200"); Found : user_pref("CT3227975.homepageProtectorEnableByLogin", true); Found : user_pref("CT3227975.initDone", true); Found : user_pref("CT3227975.isAppTrackingManagerOn", true); Found : user_pref("CT3227975.isFirstRadioInstallation", false); Found : user_pref("CT3227975.myStuffEnabled", true); Found : user_pref("CT3227975.myStuffPublihserMinWidth", 400); Found : user_pref("CT3227975.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT3227975.myStuffServiceIntervalMM", 1440); Found : user_pref("CT3227975.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT3227975.navigateToUrlOnSearch", false); Found : user_pref("CT3227975.revertSettingsEnabled", true); Found : user_pref("CT3227975.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT3227975.searchProtectorEnableByLogin", true); Found : user_pref("CT3227975.testingCtid", ""); Found : user_pref("CT3227975.toolbarAppMetaDataLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200"); Found : user_pref("CT3227975.toolbarContextMenuLastCheckTime", "Fri Jul 13 2012 22:32:53 GMT+0200"); Found : user_pref("CT3227975.usagesFlag", 2); Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2325506&Search[...] Found : user_pref("CommunityToolbar.ConduitSearchList", "www.Freeware-download.com Customized Web Search,Ava[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2325506/CT2325506[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2529008/CT2529008[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3227975/CT3227975[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1663741/1656268/AT", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/721521/717372/AT", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/922015/917806/AT", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2325506", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2529008", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3227975", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2325506",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2529008",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3227975",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...] Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Thomas\\AppData\\Roaming\\Mozilla\\[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.speedbit.com/search.aspx?a[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2325506,CT2529008,CT3227975"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2325506,CT2529008,CT3227975"); Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2325506,CT2529008,CT3227975"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Jan 14 2012 13:57:18 GMT+0100"); Found : user_pref("CommunityToolbar.globalUserId", "18e26391-d766-4c5f-aef0-5bdb4dafb70d"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3227975"); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 13 2012 22:32:4[...] Found : user_pref("CommunityToolbar.notifications.alertEnabled", true); Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jul 13 2012 23:32:49 GMT+020[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 13 2012 22:32:45 GMT+0200"); Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "bf8b8c4a-ed00-45ac-9848-660f4e420b6e"); Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.speedbit.com/?aff=svd_0"); Found : user_pref("CommunityToolbar.originalSearchEngine", "Speedbit Search"); Found : user_pref("extensions.BabylonToolbar.admin", false); Found : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar.babExt", ""); Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=101241"); Found : user_pref("extensions.BabylonToolbar.bbDpng", 30); Found : user_pref("extensions.BabylonToolbar.dfltSrch", false); Found : user_pref("extensions.BabylonToolbar.hmpg", false); Found : user_pref("extensions.BabylonToolbar.instlDay", "15362"); Found : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar.lastDP", 30); Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", ""); Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "14.0"); Found : user_pref("extensions.BabylonToolbar.newTab", true); Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP"); Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar.propectorlck", 82198022); Found : user_pref("extensions.BabylonToolbar.ptch_0717", true); Found : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101241"); Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15362"); Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar_i.newTab", false); Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Found : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,{972ce4c6-7e08-4474-a285-3208198ce[...] Found : user_pref("extensions.facemoods._xpiupdate", true); Found : user_pref("extensions.facemoods.aflt", "_#wbst"); Found : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4"); Found : user_pref("extensions.facemoods.first_time", false); Found : user_pref("extensions.facemoods.id", "_#c587a747742e472f942c915f1fb1bbba"); Found : user_pref("extensions.facemoods.instlDay", "_#15286"); Found : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com"); Found : user_pref("extensions.facemoods.sid", "_#c587a747742e472f942c915f1fb1bbba"); Found : user_pref("extensions.facemoods.update", "_#v1.4.0"); Found : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5"); Found : user_pref("extensions.funmoods.aflt", "nv1"); Found : user_pref("extensions.funmoods.autoRvrt", false); Found : user_pref("extensions.funmoods.cntry", "AT"); Found : user_pref("extensions.funmoods.cv", "cv5"); Found : user_pref("extensions.funmoods.dfltLng", ""); Found : user_pref("extensions.funmoods.dfltSrch", true); Found : user_pref("extensions.funmoods.dnsErr", true); Found : user_pref("extensions.funmoods.envrmnt", "production"); Found : user_pref("extensions.funmoods.excTlbr", false); Found : user_pref("extensions.funmoods.hdrMd5", "7C92FC1582C118269E524006BF730C44"); Found : user_pref("extensions.funmoods.hmpg", true); Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...] Found : user_pref("extensions.funmoods.id", "7A790543D01106D1"); Found : user_pref("extensions.funmoods.instlDay", "15551"); Found : user_pref("extensions.funmoods.instlRef", "nv1"); Found : user_pref("extensions.funmoods.isdcmntcmplt", true); Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2210:33:48"); Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Found : user_pref("extensions.funmoods.newTab", true); Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...] Found : user_pref("extensions.funmoods.prdct", "funmoods"); Found : user_pref("extensions.funmoods.prtnrId", "funmoods"); Found : user_pref("extensions.funmoods.sg", "none"); Found : user_pref("extensions.funmoods.smplGrp", "none"); Found : user_pref("extensions.funmoods.srchPrvdr", "Search"); Found : user_pref("extensions.funmoods.tlbrId", "base"); Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...] Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2210:33:48"); Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Found : user_pref("extensions.funmoods_i.newTab", true); Found : user_pref("extensions.funmoods_i.smplGrp", "none"); Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2210:33:48"); Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", ""); Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.speedbit.com/?aff=svd_[...] Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&barid={FE85AB08-8[...] -\\ Google Chrome v20.0.1132.57 File : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT252900[...] Found : "description": "SweetIm for Facebook", Found : "name": "SweetIM for Facebook", Found : "description": "Receive automatic search suggestions while you type into any web sear[...] File : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "update_url": "hxxp://update.funmoods.com/speeddial/update.xml?bu=st", Found : "baseUrl":"hxxp://start.funmoods.com/results.php?" Found : "homepage": "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48", Found : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48"[...] Found : "icon_url": "hxxp://search.conduit.com/fav.ico", Found : "keyword": "search.conduit.com", Found : "name": "Conduit", Found : "search_url": "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...] Found : "suggest_url": "hxxp://search.conduit.com/" Found : "update_url": "hxxp://update.funmoods.com/speeddial/update.xml?bu=st", Found : "baseUrl":"hxxp://start.funmoods.com/results.php?" Found : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...] Found : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...] Found : "path": "plugins/ConduitChromeApiPlugin.dll", Found : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT252900[...] Found : "description": "SweetIm for Facebook", Found : "name": "SweetIM for Facebook", Found : "description": "Receive automatic search suggestions while you type into any web sear[...] Found : "homepage": "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48", Found : "path": "C:\\Users\\Thomas\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll", Found : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48" ] ************************* AdwCleaner[R1].txt - [70526 octets] - [30/07/2012 20:36:12] ########## EOF - C:\AdwCleaner[R1].txt - [70655 octets] ########## Geändert von Thomas97 (30.07.2012 um 19:38 Uhr) |
|
30.07.2012, 20:02
| #8 |
| /// Helfer-Team | bProtector for Windows Virus
|
|
30.07.2012, 21:00
| #9 |
| | bProtector for Windows Virus # AdwCleaner v1.703 - Logfile created 07/30/2012 at 21:52:35 # Updated 20/07/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # User : Thomas - TRIPLECORE # Running from : C:\Users\Thomas\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg Folder Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Folder Deleted : C:\Users\Thomas\AppData\Local\Babylon Folder Deleted : C:\Users\Thomas\AppData\Local\Conduit Folder Deleted : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj Folder Deleted : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg Folder Deleted : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Folder Deleted : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} Folder Deleted : C:\Users\Martin\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Martin\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Martin\AppData\LocalLow\facemoods.com Folder Deleted : C:\Users\Martin\AppData\LocalLow\Searchqutoolbar Folder Deleted : C:\Users\Martin\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\Josef\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Josef\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Josef\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Josef\AppData\LocalLow\facemoods.com Folder Deleted : C:\Users\Josef\AppData\LocalLow\Searchqutoolbar Folder Deleted : C:\Users\Josef\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\Thomas\AppData\LocalLow\Avanquest_App'-Anwendungsleiste Folder Deleted : C:\Users\Thomas\AppData\LocalLow\bbrs_002.tb Folder Deleted : C:\Users\Thomas\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\Thomas\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Thomas\AppData\LocalLow\facemoods.com Folder Deleted : C:\Users\Thomas\AppData\LocalLow\Searchqutoolbar Folder Deleted : C:\Users\Thomas\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\Thomas\AppData\Roaming\Babylon Folder Deleted : C:\Users\Thomas\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\Searchqutoolbar Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} Folder Deleted : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\Searchqutoolbar Folder Deleted : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Folder Deleted : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} Folder Deleted : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} Folder Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\ConduitCommon Folder Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\Searchqutoolbar Folder Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@funmoods.com Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\IBUpdaterService Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\SweetIM Folder Deleted : C:\Program Files\Avanquest_App'-Anwendungsleiste Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\Funmoods Folder Deleted : C:\Program Files\SweetIM Folder Deleted : C:\Program Files\Windows Searchqu Toolbar Folder Deleted : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0} Folder Deleted : C:\Windows\Installer\{5B58EF61-85F2-4977-97A5-84C19F926579} Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3} File Deleted : C:\Users\Thomas\AppData\Local\funmoods-speeddial.crx File Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\SearchResults.xml File Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\Search_Results.xml File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2325506[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2529008[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227975 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\bProtector Key Deleted : HKCU\Software\BrowserCompanion Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\facemoods.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\SweetIm Key Deleted : HKLM\SOFTWARE\Avanquest_App'-Anwendungsleiste Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\BrowserCompanion Key Deleted : HKLM\SOFTWARE\Canneverbe Limited\OpenCandy Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1 Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\sim-packages Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2 Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\DataMngr Key Deleted : HKLM\SOFTWARE\DT Soft Key Deleted : HKLM\SOFTWARE\facemoods.com Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Key Deleted : HKLM\SOFTWARE\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B58EF61-85F2-4977-97A5-84C19F926579} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avanquest App'-Anwendungsleiste Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avanquest_App'-Anwendungsleiste Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar Key Deleted : HKLM\SOFTWARE\SearchquMediabarTb Key Deleted : HKLM\SOFTWARE\SweetIM Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2E449EBA-CCDD-4117-866D-D27ABA3B2490} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2D817A1-029F-4C67-BEEA-AC51C6800B2D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E449EBA-CCDD-4117-866D-D27ABA3B2490} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] ***** [Internet Browsers] ***** -\\ Internet Explorer v7.0.6001.18000 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDyEtA0DtDtCtCtDyC0DtCtN0D0Tzu0CtBtCtCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=346159204 --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\prefs.js Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=1175&systemid=1&sr=0&q="); Profile name : default File : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\prefs.js Deleted : user_pref("browser.search.defaultenginename", "appbario2 Customized Web Search"); Deleted : user_pref("browser.search.order.1", "appbario2 Customized Web Search"); Deleted : user_pref("browser.search.selectedEngine", "appbario2 Customized Web Search"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13"); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=2&q=[...] Deleted : user_pref("somoto.dnscatch", "hxxp://www.bigseekpro.com/search/toolbar/bigseekpro/{69724877-A711-B82[...] Deleted : user_pref("somoto.homepage", "hxxp://www.bigseekpro.com/bigseekpro/{69724877-A711-B821-0824-4A8AC5EE[...] Deleted : user_pref("speedbitvideodownloader.bubble_src", "hxxp%3A//www.bigseekpro.com/widget/0f083e05edf0c73b[...] Profile name : default File : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\prefs.js C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\user.js ... Deleted ! Deleted : user_pref("CT2325506..clientLogIsEnabled", false); Deleted : user_pref("CT2325506..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2325506..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2325506.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2325506.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2325506.BrowserCompStateIsOpen_129665092953814947", true); Deleted : user_pref("CT2325506.BrowserCompStateIsOpen_129665093155197448", true); Deleted : user_pref("CT2325506.CT2325506", "CT2325506"); Deleted : user_pref("CT2325506.CurrentServerDate", "5-7-2012"); Deleted : user_pref("CT2325506.DSInstall", true); Deleted : user_pref("CT2325506.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2325506.DialogsGetterLastCheckTime", "Fri Jul 06 2012 21:09:19 GMT+0200"); Deleted : user_pref("CT2325506.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...] Deleted : user_pref("CT2325506.EMailNotifierPollDate", "Sat Jan 14 2012 14:12:28 GMT+0100"); Deleted : user_pref("CT2325506.FirstServerDate", "14-1-2012"); Deleted : user_pref("CT2325506.FirstTime", true); Deleted : user_pref("CT2325506.FirstTimeFF3", true); Deleted : user_pref("CT2325506.FixPageNotFoundErrors", true); Deleted : user_pref("CT2325506.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2325506.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2325506.HPInstall", true); Deleted : user_pref("CT2325506.HasUserGlobalKeys", true); Deleted : user_pref("CT2325506.HomePageProtectorEnabled", true); Deleted : user_pref("CT2325506.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2325506&SearchSource=[...] Deleted : user_pref("CT2325506.Initialize", true); Deleted : user_pref("CT2325506.InitializeCommonPrefs", true); Deleted : user_pref("CT2325506.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2325506.InstallationType", "DirectDownload"); Deleted : user_pref("CT2325506.InstalledDate", "Sat Jan 14 2012 13:57:17 GMT+0100"); Deleted : user_pref("CT2325506.InvalidateCache", false); Deleted : user_pref("CT2325506.IsGrouping", false); Deleted : user_pref("CT2325506.IsInitSetupIni", true); Deleted : user_pref("CT2325506.IsMulticommunity", false); Deleted : user_pref("CT2325506.IsOpenThankYouPage", true); Deleted : user_pref("CT2325506.IsOpenUninstallPage", true); Deleted : user_pref("CT2325506.IsProtectorsInit", true); Deleted : user_pref("CT2325506.LanguagePackLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200"); Deleted : user_pref("CT2325506.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2325506.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2325506.LastLogin_3.12.2.3", "Sun May 20 2012 20:35:53 GMT+0200"); Deleted : user_pref("CT2325506.LastLogin_3.13.0.6", "Fri Jul 06 2012 21:09:19 GMT+0200"); Deleted : user_pref("CT2325506.LastLogin_3.9.0.3", "Sat Jan 14 2012 13:57:28 GMT+0100"); Deleted : user_pref("CT2325506.LatestVersion", "3.13.0.6"); Deleted : user_pref("CT2325506.Locale", "de"); Deleted : user_pref("CT2325506.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2325506.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2325506.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2325506.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2325506.OriginalFirstVersion", "3.9.0.3"); Deleted : user_pref("CT2325506.RadioIsPodcast", false); Deleted : user_pref("CT2325506.RadioLastCheckTime", "Sat Jan 14 2012 13:57:17 GMT+0100"); Deleted : user_pref("CT2325506.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2325506.RadioLastUpdateServer", "3"); Deleted : user_pref("CT2325506.RadioMediaID", "9962"); Deleted : user_pref("CT2325506.RadioMediaType", "Media Player"); Deleted : user_pref("CT2325506.RadioMenuSelectedID", "EBRadioMenu_CT23255069962"); Deleted : user_pref("CT2325506.RadioShrinkedFromSetup", false); Deleted : user_pref("CT2325506.RadioStationName", "California%20Rock"); Deleted : user_pref("CT2325506.RadioStationURL", "hxxp://feedlive.net/california.asx"); Deleted : user_pref("CT2325506.SavedHomepage", "hxxp://search.speedbit.com/?aff=svd_0"); Deleted : user_pref("CT2325506.SearchCaption", "www.Freeware-download.com Customized Web Search"); Deleted : user_pref("CT2325506.SearchEngineBeforeUnload", "www.Freeware-download.com Customized Web Search"); Deleted : user_pref("CT2325506.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2325506.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT232[...] Deleted : user_pref("CT2325506.SearchInNewTabEnabled", true); Deleted : user_pref("CT2325506.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2325506.SearchInNewTabLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200"); Deleted : user_pref("CT2325506.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2325506.SearchProtectorEnabled", true); Deleted : user_pref("CT2325506.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2325506.SendProtectorDataViaLogin", true); Deleted : user_pref("CT2325506.ServiceMapLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200"); Deleted : user_pref("CT2325506.SettingsLastCheckTime", "Fri Jul 06 2012 21:09:19 GMT+0200"); Deleted : user_pref("CT2325506.SettingsLastUpdate", "1337169810"); Deleted : user_pref("CT2325506.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2325506&SearchSource=13"); Deleted : user_pref("CT2325506.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2325506.ThirdPartyComponentsLastCheck", "Sat Jan 14 2012 13:57:13 GMT+0100"); Deleted : user_pref("CT2325506.ThirdPartyComponentsLastUpdate", "1255344657"); Deleted : user_pref("CT2325506.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2325506.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2325506"); Deleted : user_pref("CT2325506.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2325506.UserID", "UN89571293570935501"); Deleted : user_pref("CT2325506.WeatherNetwork", ""); Deleted : user_pref("CT2325506.WeatherPollDate", "Sat Jan 14 2012 13:57:28 GMT+0100"); Deleted : user_pref("CT2325506.WeatherUnit", "C"); Deleted : user_pref("CT2325506.alertChannelId", "721521"); Deleted : user_pref("CT2325506.backendstorage.appbuttondisablenull", "30"); Deleted : user_pref("CT2325506.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365"); Deleted : user_pref("CT2325506.components.1000234", true); Deleted : user_pref("CT2325506.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2325506.globalFirstTimeInfoLastCheckTime", "Sat Jan 14 2012 13:57:14 GMT+0100"); Deleted : user_pref("CT2325506.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2325506.initDone", true); Deleted : user_pref("CT2325506.isAppTrackingManagerOn", true); Deleted : user_pref("CT2325506.isFirstRadioInstallation", false); Deleted : user_pref("CT2325506.myStuffEnabled", true); Deleted : user_pref("CT2325506.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2325506.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2325506.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2325506.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2325506.revertSettingsEnabled", true); Deleted : user_pref("CT2325506.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2325506.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2325506.testingCtid", ""); Deleted : user_pref("CT2325506.toolbarAppMetaDataLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200"); Deleted : user_pref("CT2325506.toolbarContextMenuLastCheckTime", "Sat Jan 14 2012 13:57:17 GMT+0100"); Deleted : user_pref("CT2325506.usagesFlag", 2); Deleted : user_pref("CT2529008..clientLogIsEnabled", false); Deleted : user_pref("CT2529008..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2529008..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2529008.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2529008.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2529008.BrowserCompStateIsOpen_129466649857206449", true); Deleted : user_pref("CT2529008.BrowserCompStateIsOpen_129466655526582105", true); Deleted : user_pref("CT2529008.BrowserCompStateIsOpen_129795774021372572", true); Deleted : user_pref("CT2529008.BrowserCompStateIsOpen_129851688744881277", true); Deleted : user_pref("CT2529008.CTID", "CT2529008"); Deleted : user_pref("CT2529008.CurrentServerDate", "30-7-2012"); Deleted : user_pref("CT2529008.DSInstall", true); Deleted : user_pref("CT2529008.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2529008.DialogsGetterLastCheckTime", "Sun Jul 29 2012 22:13:51 GMT+0200"); Deleted : user_pref("CT2529008.DownloadReferralCookieData", ""); Deleted : user_pref("CT2529008.EMailNotifierPollDate", "Tue Apr 24 2012 11:45:59 GMT+0200"); Deleted : user_pref("CT2529008.FirstServerDate", "24-4-2012"); Deleted : user_pref("CT2529008.FirstTime", true); Deleted : user_pref("CT2529008.FirstTimeFF3", true); Deleted : user_pref("CT2529008.FixPageNotFoundErrors", true); Deleted : user_pref("CT2529008.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2529008.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2529008.HPInstall", true); Deleted : user_pref("CT2529008.HasUserGlobalKeys", true); Deleted : user_pref("CT2529008.HomePageProtectorEnabled", true); Deleted : user_pref("CT2529008.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2529008&SearchSource=[...] Deleted : user_pref("CT2529008.Initialize", true); Deleted : user_pref("CT2529008.InitializeCommonPrefs", true); Deleted : user_pref("CT2529008.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2529008.InstallationId", "drivergenius11professional_de_ppc_content_ct2529008"); Deleted : user_pref("CT2529008.InstallationType", "ConduitNSISIntegration"); Deleted : user_pref("CT2529008.InstalledDate", "Tue Apr 24 2012 11:11:26 GMT+0200"); Deleted : user_pref("CT2529008.InvalidateCache", false); Deleted : user_pref("CT2529008.IsAlertDBUpdated", true); Deleted : user_pref("CT2529008.IsGrouping", false); Deleted : user_pref("CT2529008.IsInitSetupIni", true); Deleted : user_pref("CT2529008.IsMulticommunity", false); Deleted : user_pref("CT2529008.IsOpenThankYouPage", false); Deleted : user_pref("CT2529008.IsOpenUninstallPage", true); Deleted : user_pref("CT2529008.IsProtectorsInit", true); Deleted : user_pref("CT2529008.LanguagePackLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200"); Deleted : user_pref("CT2529008.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2529008.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2529008.LastLogin_3.12.0.8", "Wed Apr 25 2012 20:19:54 GMT+0200"); Deleted : user_pref("CT2529008.LastLogin_3.12.2.3", "Tue May 29 2012 19:30:42 GMT+0200"); Deleted : user_pref("CT2529008.LastLogin_3.13.0.6", "Tue Jul 17 2012 10:29:11 GMT+0200"); Deleted : user_pref("CT2529008.LastLogin_3.14.1.0", "Mon Jul 30 2012 13:35:46 GMT+0200"); Deleted : user_pref("CT2529008.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT2529008.Locale", "de"); Deleted : user_pref("CT2529008.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2529008.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2529008.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2529008.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2529008.OriginalFirstVersion", "3.12.0.8"); Deleted : user_pref("CT2529008.RadioIsPodcast", false); Deleted : user_pref("CT2529008.RadioLastCheckTime", "Tue Apr 24 2012 11:11:31 GMT+0200"); Deleted : user_pref("CT2529008.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2529008.RadioLastUpdateServer", "129217682650600000"); Deleted : user_pref("CT2529008.RadioMediaID", "20661013"); Deleted : user_pref("CT2529008.RadioMediaType", "Media Player"); Deleted : user_pref("CT2529008.RadioMenuSelectedID", "EBRadioMenu_CT252900820661013"); Deleted : user_pref("CT2529008.RadioShrinkedFromSetup", false); Deleted : user_pref("CT2529008.RadioStationName", "Einslive"); Deleted : user_pref("CT2529008.RadioStationURL", "hxxp://www.wdr.de/wdrlive/media/einslive-wm32.asx"); Deleted : user_pref("CT2529008.SavedHomepage", "hxxp://search.speedbit.com/?aff=svd_0"); Deleted : user_pref("CT2529008.SearchCaption", "Avanquest App'-Anwendungsleiste Customized Web Search"); Deleted : user_pref("CT2529008.SearchEngineBeforeUnload", "Avanquest App'-Anwendungsleiste Customized Web Sear[...] Deleted : user_pref("CT2529008.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2529008.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT252[...] Deleted : user_pref("CT2529008.SearchInNewTabEnabled", true); Deleted : user_pref("CT2529008.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2529008.SearchInNewTabLastCheckTime", "Mon Jul 30 2012 13:25:38 GMT+0200"); Deleted : user_pref("CT2529008.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2529008.SearchProtectorEnabled", true); Deleted : user_pref("CT2529008.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2529008.SendProtectorDataViaLogin", true); Deleted : user_pref("CT2529008.ServiceMapLastCheckTime", "Mon Jul 30 2012 13:25:39 GMT+0200"); Deleted : user_pref("CT2529008.SettingsLastCheckTime", "Mon Jul 30 2012 13:42:07 GMT+0200"); Deleted : user_pref("CT2529008.SettingsLastUpdate", "1343051001"); Deleted : user_pref("CT2529008.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2529008&SearchSource=13"); Deleted : user_pref("CT2529008.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2529008.ThirdPartyComponentsLastCheck", "Tue Apr 24 2012 11:11:23 GMT+0200"); Deleted : user_pref("CT2529008.ThirdPartyComponentsLastUpdate", "1255344657"); Deleted : user_pref("CT2529008.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2529008.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2529008"); Deleted : user_pref("CT2529008.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2529008.UserID", "UN22645025072808023"); Deleted : user_pref("CT2529008.WeatherNetwork", ""); Deleted : user_pref("CT2529008.WeatherPollDate", "Tue Apr 24 2012 11:46:00 GMT+0200"); Deleted : user_pref("CT2529008.WeatherUnit", "C"); Deleted : user_pref("CT2529008.alertChannelId", "922015"); Deleted : user_pref("CT2529008.autoDisableScopes", -1); Deleted : user_pref("CT2529008.backendstorage.cbcountry_000", "4154"); Deleted : user_pref("CT2529008.backendstorage.cbfirsttime", "5475652041707220323420323031322031313A31313A34332[...] Deleted : user_pref("CT2529008.backendstorage.shoppingapp.gk.exipres", "53756E2041707220323920323031322031313A[...] Deleted : user_pref("CT2529008.backendstorage.shoppingapp.gk.geolocation", "61757374726961"); Deleted : user_pref("CT2529008.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365"); Deleted : user_pref("CT2529008.backendstorage.url_history0001", "687474703A2F2F7777772E677265656479746F7272656[...] Deleted : user_pref("CT2529008.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2529008.globalFirstTimeInfoLastCheckTime", "Tue Apr 24 2012 11:11:25 GMT+0200"); Deleted : user_pref("CT2529008.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2529008.initDone", true); Deleted : user_pref("CT2529008.isAppTrackingManagerOn", true); Deleted : user_pref("CT2529008.isFirstRadioInstallation", false); Deleted : user_pref("CT2529008.myStuffEnabled", true); Deleted : user_pref("CT2529008.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2529008.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2529008.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2529008.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2529008.navigateToUrlOnSearch", false); Deleted : user_pref("CT2529008.revertSettingsEnabled", true); Deleted : user_pref("CT2529008.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2529008.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2529008.testingCtid", ""); Deleted : user_pref("CT2529008.toolbarAppMetaDataLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200"); Deleted : user_pref("CT2529008.toolbarContextMenuLastCheckTime", "Tue Apr 24 2012 11:11:31 GMT+0200"); Deleted : user_pref("CT2529008.usagesFlag", 2); Deleted : user_pref("CT3227975..clientLogIsEnabled", false); Deleted : user_pref("CT3227975..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3227975..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3227975.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT3227975.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3227975.BrowserCompStateIsOpen_129837869372071867", true); Deleted : user_pref("CT3227975.BrowserCompStateIsOpen_8835725162801969040", true); Deleted : user_pref("CT3227975.CTID", "CT3227975"); Deleted : user_pref("CT3227975.CurrentServerDate", "30-7-2012"); Deleted : user_pref("CT3227975.DSInstall", true); Deleted : user_pref("CT3227975.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3227975.DialogsGetterLastCheckTime", "Sun Jul 29 2012 22:13:51 GMT+0200"); Deleted : user_pref("CT3227975.DownloadReferralCookieData", ""); Deleted : user_pref("CT3227975.FirstServerDate", "13-7-2012"); Deleted : user_pref("CT3227975.FirstTime", true); Deleted : user_pref("CT3227975.FirstTimeFF3", true); Deleted : user_pref("CT3227975.FirstTimeHiddenVer", true); Deleted : user_pref("CT3227975.FixPageNotFoundErrors", true); Deleted : user_pref("CT3227975.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3227975.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3227975.HPInstall", true); Deleted : user_pref("CT3227975.HasUserGlobalKeys", true); Deleted : user_pref("CT3227975.HomePageProtectorEnabled", true); Deleted : user_pref("CT3227975.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=[...] Deleted : user_pref("CT3227975.Initialize", true); Deleted : user_pref("CT3227975.InitializeCommonPrefs", true); Deleted : user_pref("CT3227975.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3227975.InstallationId", "installbrain"); Deleted : user_pref("CT3227975.InstallationType", "ConduitNSISIntegration"); Deleted : user_pref("CT3227975.InstalledDate", "Fri Jul 13 2012 22:32:47 GMT+0200"); Deleted : user_pref("CT3227975.InvalidateCache", false); Deleted : user_pref("CT3227975.IsGrouping", false); Deleted : user_pref("CT3227975.IsInitSetupIni", true); Deleted : user_pref("CT3227975.IsMulticommunity", false); Deleted : user_pref("CT3227975.IsOpenThankYouPage", false); Deleted : user_pref("CT3227975.IsOpenUninstallPage", true); Deleted : user_pref("CT3227975.IsProtectorsInit", true); Deleted : user_pref("CT3227975.LanguagePackLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200"); Deleted : user_pref("CT3227975.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3227975.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3227975.LastLogin_3.14.1.0", "Mon Jul 30 2012 13:35:46 GMT+0200"); Deleted : user_pref("CT3227975.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT3227975.Locale", "en"); Deleted : user_pref("CT3227975.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3227975.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3227975.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3227975.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT3227975.OriginalFirstVersion", "3.14.1.0"); Deleted : user_pref("CT3227975.RadioIsPodcast", false); Deleted : user_pref("CT3227975.RadioLastCheckTime", "Fri Jul 13 2012 22:32:50 GMT+0200"); Deleted : user_pref("CT3227975.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT3227975.RadioLastUpdateServer", "3"); Deleted : user_pref("CT3227975.RadioMediaID", "9962"); Deleted : user_pref("CT3227975.RadioMediaType", "Media Player"); Deleted : user_pref("CT3227975.RadioMenuSelectedID", "EBRadioMenu_CT32279759962"); Deleted : user_pref("CT3227975.RadioShrinkedFromSetup", false); Deleted : user_pref("CT3227975.RadioStationName", "California%20Rock"); Deleted : user_pref("CT3227975.RadioStationURL", "hxxp://feedlive.net/california.asx"); Deleted : user_pref("CT3227975.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13"); Deleted : user_pref("CT3227975.SearchCaption", "appbario2 Customized Web Search"); Deleted : user_pref("CT3227975.SearchEngineBeforeUnload", "appbario2 Customized Web Search"); Deleted : user_pref("CT3227975.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3227975.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...] Deleted : user_pref("CT3227975.SearchInNewTabEnabled", true); Deleted : user_pref("CT3227975.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3227975.SearchInNewTabLastCheckTime", "Mon Jul 30 2012 13:25:39 GMT+0200"); Deleted : user_pref("CT3227975.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3227975.SearchProtectorEnabled", true); Deleted : user_pref("CT3227975.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT3227975.SendProtectorDataViaLogin", true); Deleted : user_pref("CT3227975.ServiceMapLastCheckTime", "Mon Jul 30 2012 13:25:39 GMT+0200"); Deleted : user_pref("CT3227975.SettingsLastCheckTime", "Mon Jul 30 2012 13:42:07 GMT+0200"); Deleted : user_pref("CT3227975.SettingsLastUpdate", "1343552276"); Deleted : user_pref("CT3227975.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13"); Deleted : user_pref("CT3227975.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3227975.ThirdPartyComponentsLastCheck", "Fri Jul 13 2012 22:32:45 GMT+0200"); Deleted : user_pref("CT3227975.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT3227975.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT3227975.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3227975"); Deleted : user_pref("CT3227975.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3227975.UserID", "UN44926301802381934"); Deleted : user_pref("CT3227975.alertChannelId", "1663741"); Deleted : user_pref("CT3227975.autoDisableScopes", -1); Deleted : user_pref("CT3227975.backendstorage.bday_installdate", "31332D36"); Deleted : user_pref("CT3227975.backendstorage.bday_installfromtoolbar", "796573"); Deleted : user_pref("CT3227975.backendstorage.cbcountry_001", "4154"); Deleted : user_pref("CT3227975.backendstorage.cbfirsttime", "467269204A756C20313320323031322032323A33333A31332[...] Deleted : user_pref("CT3227975.backendstorage.ct3227975ads1", "25374225323261647325323225334125354225374225323[...] Deleted : user_pref("CT3227975.backendstorage.ct3227975current_term", ""); Deleted : user_pref("CT3227975.backendstorage.ct3227975sdate", "3133"); Deleted : user_pref("CT3227975.backendstorage.shoppingapp.gk.exipres", "576564204A756C20313820323031322032323A[...] Deleted : user_pref("CT3227975.backendstorage.shoppingapp.gk.geolocation", "61757374726961"); Deleted : user_pref("CT3227975.backendstorage.url_history0001", "68747470733A2F2F7777772E66616365626F6F6B2E636[...] Deleted : user_pref("CT3227975.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3227975.globalFirstTimeInfoLastCheckTime", "Fri Jul 13 2012 22:32:48 GMT+0200"); Deleted : user_pref("CT3227975.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3227975.initDone", true); Deleted : user_pref("CT3227975.isAppTrackingManagerOn", true); Deleted : user_pref("CT3227975.isFirstRadioInstallation", false); Deleted : user_pref("CT3227975.myStuffEnabled", true); Deleted : user_pref("CT3227975.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3227975.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3227975.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3227975.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3227975.navigateToUrlOnSearch", false); Deleted : user_pref("CT3227975.revertSettingsEnabled", true); Deleted : user_pref("CT3227975.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3227975.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3227975.testingCtid", ""); Deleted : user_pref("CT3227975.toolbarAppMetaDataLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200"); Deleted : user_pref("CT3227975.toolbarContextMenuLastCheckTime", "Fri Jul 13 2012 22:32:53 GMT+0200"); Deleted : user_pref("CT3227975.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2325506&Search[...] Deleted : user_pref("CommunityToolbar.ConduitSearchList", "www.Freeware-download.com Customized Web Search,Ava[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2325506/CT2325506[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2529008/CT2529008[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3227975/CT3227975[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1663741/1656268/AT", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/721521/717372/AT", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/922015/917806/AT", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2325506", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2529008", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3227975", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2325506",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2529008",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3227975",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Thomas\\AppData\\Roaming\\Mozilla\\[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.speedbit.com/search.aspx?a[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2325506,CT2529008,CT3227975"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2325506,CT2529008,CT3227975"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2325506,CT2529008,CT3227975"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Jan 14 2012 13:57:18 GMT+0100"); Deleted : user_pref("CommunityToolbar.globalUserId", "18e26391-d766-4c5f-aef0-5bdb4dafb70d"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3227975"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 13 2012 22:32:4[...] Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true); Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jul 13 2012 23:32:49 GMT+020[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 13 2012 22:32:45 GMT+0200"); Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "bf8b8c4a-ed00-45ac-9848-660f4e420b6e"); Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.speedbit.com/?aff=svd_0"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Speedbit Search"); Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=101241"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 30); Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false); Deleted : user_pref("extensions.BabylonToolbar.hmpg", false); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15362"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.lastDP", 30); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", ""); Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "14.0"); Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP"); Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 82198022); Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101241"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15362"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false); Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,{972ce4c6-7e08-4474-a285-3208198ce[...] Deleted : user_pref("extensions.facemoods._xpiupdate", true); Deleted : user_pref("extensions.facemoods.aflt", "_#wbst"); Deleted : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4"); Deleted : user_pref("extensions.facemoods.first_time", false); Deleted : user_pref("extensions.facemoods.id", "_#c587a747742e472f942c915f1fb1bbba"); Deleted : user_pref("extensions.facemoods.instlDay", "_#15286"); Deleted : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com"); Deleted : user_pref("extensions.facemoods.sid", "_#c587a747742e472f942c915f1fb1bbba"); Deleted : user_pref("extensions.facemoods.update", "_#v1.4.0"); Deleted : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5"); Deleted : user_pref("extensions.funmoods.aflt", "nv1"); Deleted : user_pref("extensions.funmoods.autoRvrt", false); Deleted : user_pref("extensions.funmoods.cntry", "AT"); Deleted : user_pref("extensions.funmoods.cv", "cv5"); Deleted : user_pref("extensions.funmoods.dfltLng", ""); Deleted : user_pref("extensions.funmoods.dfltSrch", true); Deleted : user_pref("extensions.funmoods.dnsErr", true); Deleted : user_pref("extensions.funmoods.envrmnt", "production"); Deleted : user_pref("extensions.funmoods.excTlbr", false); Deleted : user_pref("extensions.funmoods.hdrMd5", "7C92FC1582C118269E524006BF730C44"); Deleted : user_pref("extensions.funmoods.hmpg", true); Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...] Deleted : user_pref("extensions.funmoods.id", "7A790543D01106D1"); Deleted : user_pref("extensions.funmoods.instlDay", "15551"); Deleted : user_pref("extensions.funmoods.instlRef", "nv1"); Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true); Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2210:33:48"); Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Deleted : user_pref("extensions.funmoods.newTab", true); Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...] Deleted : user_pref("extensions.funmoods.prdct", "funmoods"); Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods"); Deleted : user_pref("extensions.funmoods.sg", "none"); Deleted : user_pref("extensions.funmoods.smplGrp", "none"); Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search"); Deleted : user_pref("extensions.funmoods.tlbrId", "base"); Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...] Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2210:33:48"); Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Deleted : user_pref("extensions.funmoods_i.newTab", true); Deleted : user_pref("extensions.funmoods_i.smplGrp", "none"); Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2210:33:48"); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.speedbit.com/?aff=svd_[...] Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&barid={FE85AB08-8[...] -\\ Google Chrome v20.0.1132.57 File : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT252900[...] Deleted : "description": "SweetIm for Facebook", Deleted : "name": "SweetIM for Facebook", Deleted : "description": "Receive automatic search suggestions while you type into any web sear[...] File : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "update_url": "hxxp://update.funmoods.com/speeddial/update.xml?bu=st", Deleted : "baseUrl":"hxxp://start.funmoods.com/results.php?" Deleted : "homepage": "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48", Deleted : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48"[...] Deleted : "icon_url": "hxxp://search.conduit.com/fav.ico", Deleted : "keyword": "search.conduit.com", Deleted : "name": "Conduit", Deleted : "search_url": "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...] Deleted : "suggest_url": "hxxp://search.conduit.com/" Deleted : "update_url": "hxxp://update.funmoods.com/speeddial/update.xml?bu=st", Deleted : "baseUrl":"hxxp://start.funmoods.com/results.php?" Deleted : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...] Deleted : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...] Deleted : "path": "plugins/ConduitChromeApiPlugin.dll", Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT252900[...] Deleted : "description": "SweetIm for Facebook", Deleted : "name": "SweetIM for Facebook", Deleted : "description": "Receive automatic search suggestions while you type into any web sear[...] Deleted : "homepage": "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48", Deleted : "path": "C:\\Users\\Thomas\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll", Deleted : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48" ] ************************* AdwCleaner[R1].txt - [70657 octets] - [30/07/2012 20:36:12] AdwCleaner[S1].txt - [69582 octets] - [30/07/2012 21:52:35] ########## EOF - C:\AdwCleaner[S1].txt - [69711 octets] ########## |
|
30.07.2012, 21:18
| #10 |
| /// Helfer-Team | bProtector for Windows VirusBitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. |
|
30.07.2012, 21:25
| #11 |
| | bProtector for Windows Virus Die Funde hab ich schon gelöscht aber erst nach dem ich den log gepostet hab machs aber nochmal |
|
30.07.2012, 22:41
| #12 |
| /// Helfer-Team | bProtector for Windows Virus Gut melde dich mit einem neuen Log. |
|
31.07.2012, 00:38
| #13 |
| | bProtector for Windows Virus Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.10 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Thomas :: TRIPLECORE [Administrator] 30.07.2012 22:24:31 mbam-log-2012-07-30 (22-24-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 580879 Laufzeit: 3 Stunde(n), 13 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
31.07.2012, 08:50
| #14 |
| /// Helfer-Team | bProtector for Windows Virus Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
31.07.2012, 10:57
| #15 |
| | bProtector for Windows Virus Hm ich habs mir jetzt 5 mal Gedownloadet immer von verschiedenen Seiten, aber wenn ich installiere dan wähle ich die Sprache aus und auf einmal steht für den Betrieb auf Windows Vista oder Windows Server 2008 ist das Service Pack 2 erforderlich. Kann es aber nirgens finden. |
|
| Themen zu bProtector for Windows Virus |
| anti, anti maleware, bedingt, beenden, benötige, beste, compu, deinstalliere, deinstallieren, dringend, erkenne, erkennen, fallout, inhalt, kopiert, löschen, malewarebytes, musik, neu, nichts, ordner, prozess, unbedingt, virus, windows, zugriff |
Linear-Darstellung
