| |
| |||||||
Log-Analyse und Auswertung: Weißer Bildschirm nach BenutserkontenanmeldungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.05.2013, 22:32
| #1 |
 |  Weißer Bildschirm nach Benutserkontenanmeldung Hallo, hab ein Problem mit dem Pc meines kleinen Bruders. Nach dem Anmelden des Benutzerkontos erscheint nur noch ein weißer Desktop der keine interaktionen mit Windows mehr erlaubt. Die Tastenkombie strg+alt+enf ruft das Menu zwar auf doch funktioniert das starten des Taskmanager nicht. Beim Herunterfahren sieht man den Desktop kurz und Interaktionen sind möglich. Doch bei unterbrechen des herunterfahrens erscheint der weiße Desktop wieder. Desweiteren funktioniert nur der abgesicherte Modus mit Eingabeauforderung. Das Betriebsystem sollte ein Win7 64bit Home Premium sein bin mir aber nicht ganz sicher. Im Anhang sind wie im FAQ gefordert Logfiles von GMER und OTL. Die Extra.txt fehlt. OTL hat nach den im FAQ gelisteten Schritten keine Extra.txt erstellt. Hoffe jemand kann mir helfen. Schonmal vielen dank im Voraus. |
|
01.05.2013, 22:44
| #2 |
| /// Malwareteam / Visitor  | Weißer Bildschirm nach Benutserkontenanmeldung Hallo ich bin smeenk und ich werde versuchen dir mit deinem Problem zu helfen
__________________ Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
|
|
02.05.2013, 14:27
| #3 |
| | Weißer Bildschirm nach Benutserkontenanmeldung Danke für die schnelle antwort.
__________________Leider konnte ich Abend nicht mehr an den Pc. Hab heute nach der Arbeit versucht den Systemscan mit ZOEK durchzuführen. Leider funktioniert dies nicht im "Abgesicherten Modus mit Eingabeaufforderung". Kann momentan nur im "Abgesicherten Modus mit Eingabeaufforderung" auf windows zugreifen. Tut mir leid falls ich in meinen Text oben einen anderen Eindruck vermittelt haben. Geändert von Archiv_Index (02.05.2013 um 14:42 Uhr) |
|
02.05.2013, 14:44
| #4 |
| /// Malwareteam / Visitor | Weißer Bildschirm nach Benutserkontenanmeldung Gibt es Fehlermeldungen? Wir konnen es mit OTL versuchen  Schritt 1
Code:
ATTFilter :OTL
O20 - HKCU Winlogon: Shell - (C:\Users\Bastian\AppData\Roaming\skype.dat) - C:\Users\Bastian\AppData\Roaming\skype.dat ()
:Files
C:\Users\Bastian\AppData\Roaming\skype.dat
C:\Users\Bastian\AppData\Roaming\skype.ini
:commands
[emptytemp]
Schritt 2 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
|
|
02.05.2013, 15:58
| #5 |
| | Weißer Bildschirm nach Benutserkontenanmeldung Hi, Hab die Schritte abgearbeitet. Der weiße Desktop ist verschwunden. Interaktionen mit windows wieder möglich. Hier der Fixlog von OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Bastian\AppData\Roaming\skype.dat deleted successfully.
C:\Users\Bastian\AppData\Roaming\skype.dat moved successfully.
========== FILES ==========
File\Folder C:\Users\Bastian\AppData\Roaming\skype.dat not found.
C:\Users\Bastian\AppData\Roaming\skype.ini moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Bastian
->Temp folder emptied: 1594457911 bytes
->Temporary Internet Files folder emptied: 380642538 bytes
->Java cache emptied: 27805 bytes
->FireFox cache emptied: 103238644 bytes
->Google Chrome cache emptied: 62023942 bytes
->Opera cache emptied: 341102214 bytes
->Flash cache emptied: 100221711 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7386958786 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85291 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 9.507,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05022013_155608
Files\Folders moved on Reboot...
C:\Users\Bastian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.05.2013 16:13:38 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bastian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 57,50% Memory free 7,98 Gb Paging File | 6,11 Gb Available in Paging File | 76,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 689,04 Gb Total Space | 16,10 Gb Free Space | 2,34% Space Free | Partition Type: NTFS Drive D: | 689,57 Gb Total Space | 64,14 Gb Free Space | 9,30% Space Free | Partition Type: NTFS Drive F: | 7,83 Gb Total Space | 7,82 Gb Free Space | 99,90% Space Free | Partition Type: FAT32 Computer Name: BASTIAN-PC | User Name: Bastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.26 21:36:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bastian\Desktop\OTL.exe PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Bastian\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.07 00:31:33 | 002,443,800 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2012.10.01 17:53:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.09.23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.09.19 16:27:56 | 001,100,680 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.09.19 16:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2012.08.08 13:56:46 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.26 13:45:32 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2012.05.09 15:24:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 15:24:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.03.21 15:07:14 | 000,692,888 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\BrowserCompanion\tcbhn.exe PRC - [2011.12.16 08:55:44 | 000,187,696 | ---- | M] (Blabbers Communications LTD) -- C:\Program Files (x86)\BrowserCompanion\BCHelper.exe PRC - [2011.11.14 00:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2011.11.14 00:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2011.11.14 00:27:06 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2011.11.13 23:55:18 | 011,839,488 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe PRC - [2011.11.13 22:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.07.29 22:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe PRC - [2011.07.20 13:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe PRC - [2011.05.16 11:22:26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe PRC - [2011.03.30 16:44:58 | 001,324,008 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.11.20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010.11.04 15:18:35 | 000,779,728 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2010.09.02 22:18:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe PRC - [2010.08.04 14:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe PRC - [2010.05.23 07:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe PRC - [2009.12.18 19:30:04 | 000,093,568 | ---- | M] (North Star com.) -- C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe PRC - [2009.10.13 11:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.10.13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.09.29 16:59:58 | 002,275,360 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe PRC - [2009.06.15 11:22:00 | 000,537,120 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Software Suite SE\SEDevDetect.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 08:31:05 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll MOD - [2013.02.14 08:30:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 15:33:23 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 15:33:10 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 15:33:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 15:33:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 15:33:01 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.12.07 00:31:33 | 002,443,800 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2012.12.07 00:30:35 | 002,158,104 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2012.03.21 15:07:14 | 000,692,888 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\BrowserCompanion\tcbhn.exe MOD - [2011.08.07 13:54:44 | 000,362,029 | ---- | M] () -- C:\Program Files (x86)\BrowserCompanion\sqlite3.dll MOD - [2011.03.30 16:45:12 | 000,016,360 | ---- | M] () -- C:\Program Files (x86)\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll MOD - [2011.03.30 16:45:06 | 000,236,520 | ---- | M] () -- C:\Program Files (x86)\Iminent\IMBooster\Iminent.Windows.dll MOD - [2011.03.30 16:45:06 | 000,218,600 | ---- | M] () -- C:\Program Files (x86)\Iminent\IMBooster\Iminent.Workflow.dll MOD - [2011.03.30 16:45:02 | 000,041,960 | ---- | M] () -- C:\Program Files (x86)\Iminent\IMBooster\Iminent.Business.TinyUrl.dll MOD - [2011.03.30 16:45:00 | 000,337,896 | ---- | M] () -- C:\Program Files (x86)\Iminent\IMBooster\Iminent.Booster.UI.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.08.04 14:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe MOD - [2010.08.04 11:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyHook.dll MOD - [2008.06.05 08:01:00 | 000,344,064 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Software Suite SE\sqlite3.dll ========== Services (SafeList) ========== SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.25 15:53:16 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.07 00:31:33 | 002,443,800 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2012.10.01 17:53:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.09.23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.19 16:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.06.26 15:35:20 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2012.05.11 18:13:59 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Bastian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2012.05.09 15:24:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 15:24:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.05 12:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.11.14 00:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.11.14 00:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.11.13 23:55:18 | 011,839,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd) SRV - [2011.11.13 22:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011.08.24 18:33:35 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.08.01 18:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011.07.20 13:37:54 | 000,206,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe -- (PCSUService) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.09.02 22:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService) SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.23 07:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe -- (NIS) SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.10.13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.07 15:40:14 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2013.04.07 15:40:13 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.11.02 16:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.11.01 22:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012.05.09 15:24:32 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.09 15:24:32 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.14 00:28:16 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.11.14 00:26:30 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.11.13 22:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.11.13 22:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.15 23:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.11 09:13:04 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.08.29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.08.08 15:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.05.25 09:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.22 02:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.10.13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.06.16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzztC0FyDzyzyyB0FtByEtN0D0TzutBtDtCtBtDyCtCyD&cr=145751888 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files (x86)\Free_Lunch_Design\prxtbFre0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\..\SearchScopes\{0D0FEE97-5A2B-93A4-6138-0E472D652BF8}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzztC0FyDzyzyyB0FtByEtN0D0TzutBtDtCtBtDyCtCyD&cr=145751888 IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.iminent.com/?appId=7c425fb9-7ef7-4518-ac64-16eb6f515f1a&ref=homepage IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=117116&tt=111212_new_5012_5&babsrc=HP_ss&mntrId=6e077f2400000000000000040ec3238f IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://search.conduit.com?SearchSo [Binary data over 200 bytes] IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://search.conduit.com?SearchSo [Binary data over 200 bytes] IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=7c425fb9-7ef7-4518-ac64-16eb6f515f1a&ref=homepage IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files (x86)\Free_Lunch_Design\prxtbFre0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\URLSearchHook: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{0D0FEE97-5A2B-93A4-6138-0E472D652BF8}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=6e077f2400000000000000040ec3238f IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=117116&tt=111212_new_5012_5&babsrc=SP_ss&mntrId=6e077f2400000000000000040ec3238f IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw={searchTerms}&tbid=60441 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{280B0013-6C6F-46AC-B26C-4DB01CD76EE9}: "URL" = [String data over 1000 bytes] IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://blekkosearch.mystart.com.anonymize-me.de/?anonymto=687474703A2F2F626C656B6B6F7365617263682E6D7973746172742E636F6D2F544F4F4C4241524E414D4553504143452F3F736F757263653D3836616462633532267462703D72626F7826746F6F6C62617269643D626C656B6B6F74625F736F6326753D323031323034323637443737343645423937433031324633363641353243413826713D7B7365617263685465726D737D&st={searchTerms}&clid=b65f5af2-b718-4efe-9e70-0a51bac69774&pid=winsoftware&k=1 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{433C7C34-EC03-4F8A-8AF4-3F9287E28DAE}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=b65f5af2-b718-4efe-9e70-0a51bac69774&pid=winsoftware&mode=bounce&k=1 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=b65f5af2-b718-4efe-9e70-0a51bac69774&pid=winsoftware&k=1 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{66F8C690-48F9-4C9E-8FD7-9AF58534C4BB}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=b65f5af2-b718-4efe-9e70-0a51bac69774&pid=winsoftware&mode=bounce&k=1 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{84D95936-777D-4C14-89A9-BFC2C0F9F081}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{97EEAD43-9BF7-4CEC-8711-9FDFDBDD5F40}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=b65f5af2-b718-4efe-9e70-0a51bac69774&pid=winsoftware&mode=bounce&k=1 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{99928578-79CB-47CB-A544-D2C8ED364531}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826696C633D313226747970653D39333738313126703D7B7365617263685465726D737D&st={searchTerms}&clid=b65f5af2-b718-4efe-9e70-0a51bac69774&pid=winsoftware&k=1 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6B696B696E2E636F6D2F7365617263682F3F713D7B7365617263685465726D737D&st={searchTerms}&clid=b65f5af2-b718-4efe-9e70-0a51bac69774&pid=winsoftware&k=1 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6461656D6F6E2D7365617263682E636F6D2F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=b65f5af2-b718-4efe-9e70-0a51bac69774&pid=winsoftware&k=1 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{B6065B44-CA39-4F48-BBF2-2C9D6DB5E6F3}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=b65f5af2-b718-4efe-9e70-0a51bac69774&pid=winsoftware&mode=bounce&k=1 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{BE9FA53D-D907-422A-BF5F-762D099C8674}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=b65f5af2-b718-4efe-9e70-0a51bac69774&pid=winsoftware&mode=bounce&k=1 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E696D696E656E742E636F6D2F3F61707049643D267265663D746F6F6C626F7826713D7B7365617263685465726D737D&st={searchTerms}&clid=b65f5af2-b718-4efe-9e70-0a51bac69774&pid=winsoftware&k=1 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\SearchScopes\{EE7164BB-1915-46B3-85D6-27FF8BF8563C}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=b65f5af2-b718-4efe-9e70-0a51bac69774&pid=winsoftware&mode=bounce&k=1 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..CT2247187.browser.search.defaultthis.engineName: true FF - prefs.js..backup.old.browser.search.defaultenginename: "SearchTheWeb" FF - prefs.js..backup.old.browser.search.selectedEngine: "uTorrentBar_DE Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13" FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb" FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.iminent.com/?appId=7c425fb9-7ef7-4518-ac64-16eb6f515f1a&ref=homepage" FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.127.0 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.0 FF - prefs.js..extensions.enabledAddons: ytd%40mybrowserbar.com:6.3 FF - prefs.js..extensions.enabledAddons: %7B7d9e1adc-7db1-4eaf-b6c7-7e062074e6be%7D:1.0.0.1 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:1.0.10 FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5 FF - prefs.js..extensions.enabledAddons: crossriderapp2258%40crossrider.com:0.91.135 FF - prefs.js..extensions.enabledAddons: crossriderapp498%40crossrider.com:0.91.169 FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: %7B707db484-2428-402d-afb5-d85b387544c7%7D:10.14.65.43 FF - prefs.js..extensions.enabledAddons: %7B7e111a5c-3d11-4f56-9463-5310c3c69025%7D:3.18.0.7 FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:10.14.65.43 FF - prefs.js..extensions.enabledAddons: %7Ba5ae8924-4036-420f-b7f6-a47e4b8f692e%7D:3.18.0.7 FF - prefs.js..extensions.enabledAddons: %7Bc840e246-6b95-475e-9bd7-caa1c7eca9f2%7D:3.18.0.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.127.0 FF - prefs.js..extensions.enabledItems: crossriderapp2258@crossrider.com:0.80.43 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.5.5 FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:5.7 FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:5.7 FF - prefs.js..extensions.enabledItems: {707db484-2428-402d-afb5-d85b387544c7}:10.7.1.62 FF - prefs.js..extensions.enabledItems: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}:1.0.0.1 FF - prefs.js..extensions.enabledItems: {7e111a5c-3d11-4f56-9463-5310c3c69025}:3.12.3.500 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:10.10.2.10 FF - prefs.js..extensions.enabledItems: {a5ae8924-4036-420f-b7f6-a47e4b8f692e}:3.10.0.1 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.14 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bastian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bastian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.10.10 17:18:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.21 19:02:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.12 15:29:32 | 000,000,000 | ---D | M] [2012.05.26 12:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Extensions [2013.03.30 11:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions [2013.03.30 11:18:40 | 000,000,000 | ---D | M] (Mario Forever) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\{707db484-2428-402d-afb5-d85b387544c7} [2012.04.26 16:31:11 | 000,000,000 | ---D | M] (Blekko search bar) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} [2013.03.30 11:18:27 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2013.03.30 11:18:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2013.03.30 11:18:13 | 000,000,000 | ---D | M] (Free Lunch Design TB Community Toolbar) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\{a5ae8924-4036-420f-b7f6-a47e4b8f692e} [2012.05.26 12:24:58 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2012.05.24 12:43:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.03.30 11:18:12 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2011.11.21 19:08:27 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\battlefieldheroespatcher@ea.com [2012.06.15 09:46:19 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com [2013.03.30 11:18:43 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\crossriderapp2258@crossrider.com [2013.03.30 11:18:42 | 000,000,000 | ---D | M] ("RewardsArcade") -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\crossriderapp498@crossrider.com [2012.12.12 15:28:33 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\ffxtlbr@babylon.com [2012.06.17 18:25:38 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\ffxtlbr@funmoods.com [2012.04.08 20:21:29 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\plugin@yontoo.com [2013.03.30 11:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\staged [2013.03.30 11:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\crossriderapp2258@crossrider.com\chrome\content\extensionCode [2013.03.30 11:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\qlqngrde.default\extensions\crossriderapp498@crossrider.com\chrome\content\extensionCode [2013.03.21 19:08:42 | 000,021,485 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\plugin@yontoo.com.xpi [2013.03.21 18:58:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2013.03.30 11:19:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0d54de8e14654d562cb9e39a7bd60068_expire [2013.03.30 11:19:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire [2012.06.13 16:15:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e_expire [2013.03.30 11:19:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire [2013.03.30 11:19:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\26b787477fed5f7b805ee78439427910_expire [2013.03.21 18:58:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire [2012.09.18 18:17:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire [2012.06.13 16:15:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire [2013.03.30 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2013.03.30 11:19:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\530e52021dc20843b1aa62957edeb9f8_expire [2013.03.30 11:19:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5cdf8a7ef2ec84abac286c67587b78d9_expire [2012.06.13 16:15:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5d5c3541c8187f3a48d4f72f4374009c_expire [2012.06.13 16:15:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6a8ef73701ad78f92631ccabc37a9b58_expire [2013.03.30 11:19:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\72891ec935a3d247f2da6562ef29a005_expire [2013.03.30 11:19:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7a29ec8065b26afe2d5fb4ceac90ac12_expire [2012.09.18 18:17:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire [2012.06.13 16:15:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\93aa59562815aa22d93923c7215ac7f1_expire [2013.03.30 11:18:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire [2013.03.30 11:18:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire [2013.03.30 11:19:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b575d9a954d961d8cdfa6596f2c115a9_expire [2012.09.18 18:17:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b98ec85a6f6b5dca57a81c971a2ec1f5_expire [2012.06.13 16:15:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bd75b259da6df295d57bcf03a94e1ba6_expire [2013.03.30 11:18:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire [2012.08.04 15:56:40 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire [2012.09.18 18:17:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire [2013.03.30 11:19:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire [2013.03.30 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2013.03.30 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2013.03.30 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2013.03.30 11:19:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2012.12.12 15:28:34 | 000,002,443 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\searchplugins\babylon1.xml [2013.03.17 21:44:17 | 000,000,921 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\searchplugins\conduit.xml [2012.05.26 12:25:01 | 000,001,266 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\searchplugins\kikin-search.xml [2012.06.17 18:25:45 | 000,002,301 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\searchplugins\Search.xml [2012.12.18 16:37:45 | 000,002,230 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\searchplugins\SearchTheWeb.xml [2012.05.11 18:14:09 | 000,002,189 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\searchplugins\{0520EBEB-8AEC-420C-8BEC-EFE27FDB9A90}.xml [2012.05.11 18:14:09 | 000,001,871 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\searchplugins\{3A5A5CD1-3348-4ECF-B7CA-4BCE66728139}.xml [2012.05.11 18:14:09 | 000,002,078 | ---- | M] () -- C:\Users\Bastian\AppData\Roaming\mozilla\firefox\profiles\qlqngrde.default\searchplugins\{9C47B854-565C-433A-92B2-B96E23A1D9B7}.xml [2013.03.21 19:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.26 14:06:19 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF [2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.12 15:28:09 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.11 18:14:09 | 000,002,452 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://search.babylon.com/?affID=117116&tt=111212_new_5012_5&babsrc=HP_ss&mntrId=6e077f2400000000000000040ec3238f CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.babylon.com/?affID=117116&tt=111212_new_5012_5&babsrc=HP_ss&mntrId=6e077f2400000000000000040ec3238f CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\7.0.19_0\ CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\ CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjacnemeogppppmlcoafbiacilcpngh\1.1.0.0_0\ CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.23.171_0\crossrider CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.23.171_0\ CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\ CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\2.1.4_0\ CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.19.11_0\ CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkbfdhlbdkjohbhnhabfecpmcdlcmff\1.23.14_0\ CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.23.137_0\crossrider CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.23.137_0\ CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\ CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd\2.3.19.11_0\ CHR - Extension: No name found = C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (RewardsArcade) - {11111111-1111-1111-1111-110011041198} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (215 Apps) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.4.9\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files (x86)\Free_Lunch_Design\prxtbFre0.dll (Conduit Ltd.) O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File not found O2 - BHO: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.) O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll File not found O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent) O2 - BHO: (Free Lunch Design TB Toolbar) - {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files (x86)\Free_Lunch_Design\prxtbFre0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll File not found O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) O3 - HKLM\..\Toolbar: (Free Lunch Design TB Toolbar) - {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files (x86)\Free_Lunch_Design\prxtbFre0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\Toolbar\WebBrowser: (Mario Forever Toolbar) - {707DB484-2428-402D-AFB5-D85B387544C7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\Toolbar\WebBrowser: (Free Lunch Design TB Toolbar) - {A5AE8924-4036-420F-B7F6-A47E4B8F692E} - C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Bastian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Packard Bell\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security)) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe (Iminent) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Packard Bell\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3151336371-207809542-2099419153-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001..\Run: [Akamai NetSession Interface] C:\Users\Bastian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001..\Run: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe" File not found O4 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001..\Run: [Software Suite SE] C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe (Acer Incorporated) O4 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" File not found O4 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3151336371-207809542-2099419153-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3151336371-207809542-2099419153-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe () O4 - Startup: C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Bastian\AppData\Roaming\BrowserCompanion\tcbhn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\PROGRA~2\Crawler\SSaver\CSSaver.exe (Crawler.com) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86B83900-A268-41D0-9BE9-296DB214CC2E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A56170CD-A544-4A37-978F-8609EB8AF065}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O20 - AppInit_DLLs: (c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3151336371-207809542-2099419153-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.01 06:19:52 | 000,548,376 | ---- | M] () - F:\Autoruns.zip -- [ FAT32 ] O32 - AutoRun File - [2013.05.01 06:25:14 | 000,000,000 | ---D | M] - F:\Autoruns -- [ FAT32 ] O33 - MountPoints2\{a19de150-f34e-11e0-b065-1078d2701bd6}\Shell - "" = AutoRun O33 - MountPoints2\{a19de150-f34e-11e0-b065-1078d2701bd6}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.02 15:56:08 | 000,000,000 | ---D | C] -- C:\_OTL [2013.05.02 15:54:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bastian\Desktop\OTL.exe [2013.04.18 11:39:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.04.18 11:39:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.04.07 16:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages [2013.04.05 21:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Domination [2013.04.05 15:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paradox Interactive [2013.04.05 15:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive [9 C:\Users\Bastian\Documents\*.tmp files -> C:\Users\Bastian\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.02 16:18:03 | 001,538,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.02 16:18:03 | 000,667,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.02 16:18:03 | 000,628,074 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.02 16:18:03 | 000,136,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.02 16:18:03 | 000,111,980 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.02 16:17:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.02 16:17:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.02 16:14:10 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3151336371-207809542-2099419153-1001UA.job [2013.05.02 16:11:44 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2013.05.02 16:08:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.02 16:08:03 | 3214,233,600 | -HS- | M] () -- C:\hiberfil.sys [2013.05.01 09:47:26 | 000,000,168 | ---- | M] () -- C:\Users\Bastian\defogger_reenable [2013.04.26 21:36:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bastian\Desktop\OTL.exe [2013.04.20 13:13:03 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3151336371-207809542-2099419153-1001Core.job [2013.04.11 19:14:45 | 000,002,388 | ---- | M] () -- C:\Users\Bastian\Desktop\Google Chrome.lnk [2013.04.11 13:31:31 | 000,338,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.07 15:40:14 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2013.04.07 15:40:13 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2013.04.05 22:04:08 | 000,002,058 | ---- | M] () -- C:\Users\Bastian\Desktop\Domination.lnk [2013.04.05 22:01:02 | 000,000,092 | ---- | M] () -- C:\Users\Bastian\.lobby [2013.04.04 15:51:40 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.04.04 15:51:40 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.04.04 15:51:25 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [9 C:\Users\Bastian\Documents\*.tmp files -> C:\Users\Bastian\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.01 09:47:26 | 000,000,168 | ---- | C] () -- C:\Users\Bastian\defogger_reenable [2013.04.07 15:40:14 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2013.04.07 15:40:13 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2013.04.05 22:04:08 | 000,002,058 | ---- | C] () -- C:\Users\Bastian\Desktop\Domination.lnk [2013.04.05 22:01:02 | 000,000,092 | ---- | C] () -- C:\Users\Bastian\.lobby [2013.03.14 18:39:48 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2013.02.25 16:09:34 | 000,114,176 | ---- | C] () -- C:\Users\Bastian\AppData\Roaming\BabMaint.exe [2012.12.26 10:10:15 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2012.10.10 20:58:04 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2012.08.12 13:13:53 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2012.08.12 13:13:53 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2012.08.04 15:22:31 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.07.08 08:55:21 | 000,000,095 | ---- | C] () -- C:\Users\Bastian\AppData\Local\fusioncache.dat [2012.06.15 09:46:11 | 000,302,425 | ---- | C] () -- C:\Users\Bastian\AppData\Local\funmoods-speeddial.crx [2012.06.15 09:46:10 | 000,031,470 | ---- | C] () -- C:\Users\Bastian\AppData\Local\funmoods.crx [2012.05.22 19:53:23 | 000,000,007 | ---- | C] () -- C:\Users\Bastian\user.clk [2012.04.29 14:21:28 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.04.29 14:21:28 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.04.29 14:21:28 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.04.29 14:19:38 | 000,040,974 | ---- | C] () -- C:\Windows\DIIUnin.dat [2012.04.21 13:53:57 | 000,007,697 | ---- | C] () -- C:\Users\Bastian\AppData\Roaming\.freeciv-client-rc-2.3 [2012.04.19 12:20:59 | 000,000,218 | ---- | C] () -- C:\Users\Bastian\AppData\Local\recently-used.xbel [2012.02.20 23:00:49 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\duninstall.exe [2012.02.10 20:03:38 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2011.11.23 16:35:53 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.23 16:35:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.27 14:00:57 | 001,564,396 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.31 18:02:57 | 000,030,439 | ---- | C] () -- C:\Windows\scunin.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.04.26 19:44:11 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\.freeciv [2013.04.19 11:32:58 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\.minecraft [2012.07.20 13:45:41 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\.terasology [2012.04.19 12:27:39 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Ambient Design [2011.09.23 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\AnvSoft [2012.04.21 19:33:25 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Armagetron [2012.01.19 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Artweaver [2012.04.21 12:12:01 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Awem [2013.01.26 00:00:41 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Azureus [2012.12.12 15:28:54 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\BabSolution [2012.05.26 13:11:07 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Babylon [2012.05.26 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\BabylonToolbar [2012.01.21 19:12:39 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Blender Foundation [2013.05.02 16:11:37 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\BrowserCompanion [2012.09.05 21:03:50 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Canneverbe Limited [2012.11.15 16:59:53 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Carbon [2012.04.06 17:50:00 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Cities3D [2011.08.31 18:16:56 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DAEMON Tools Lite [2012.05.22 19:13:29 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Deluxe Pacman [2012.05.11 18:14:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DesktopIconForAmazon [2012.05.24 13:54:39 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DVDVideoSoft [2012.05.24 12:43:21 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DVDVideoSoftIEHelpers [2013.03.15 15:16:08 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\File Scout [2012.03.04 16:21:08 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Firefly Studios [2012.12.03 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Free Download Manager [2012.05.07 16:37:38 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\fretsonfire [2013.04.13 18:25:31 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\ICQ [2012.01.21 19:20:07 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\inkscape [2012.07.16 14:22:58 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\IrfanView [2012.05.26 12:24:58 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\kikin [2013.03.14 18:39:19 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Leadertech [2012.01.21 19:25:35 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Nvu [2012.05.11 18:13:59 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\OCS [2011.08.31 16:52:06 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\OEM [2012.08.13 09:45:13 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\OpenCandy [2011.10.10 19:11:19 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\OpenOffice.org [2011.09.16 20:10:24 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Opera [2012.04.26 17:00:34 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\PC Speed Maximizer [2012.12.14 15:39:34 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\PerformerSoft [2012.07.16 14:16:06 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\PhotoFiltre [2012.07.07 16:29:13 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\PhotoScape [2012.03.04 15:32:27 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\RotMG.Production [2011.09.08 18:16:48 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Sierra [2012.01.10 17:06:49 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Sierra Entertainment [2013.04.07 20:45:50 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\SoftGrid Client [2012.02.19 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Soldat [2012.05.13 07:14:49 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Systweak [2012.02.18 19:21:48 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Teeworlds [2011.09.20 20:46:39 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\The Creative Assembly [2012.08.02 19:46:58 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Toblo [2011.09.27 14:01:24 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\TP [2012.08.28 10:59:33 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\TS3Client [2012.06.02 14:34:25 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\ts3overlay [2012.05.24 13:18:37 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\TuneUp Software [2012.04.19 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\TuxPaint [2011.09.23 14:38:05 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Uniblue [2012.01.02 14:59:21 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Unity [2013.05.02 16:21:59 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\uTorrent [2011.12.24 18:07:42 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\WildTangent [2012.08.26 16:21:45 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\ZombieDriver ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013.04.13 23:05:08 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?Í) -- C:\Windows\SysNative\ﳰÍ [2013.04.13 23:05:08 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?Í) -- C:\Windows\SysNative\ﳰÍ [2013.04.11 20:47:33 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?ª) -- C:\Windows\SysNative\ﳰª [2013.04.11 20:47:32 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?ª) -- C:\Windows\SysNative\ﳰª [2013.03.04 20:05:33 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?©) -- C:\Windows\SysNative\ﳰ© [2013.03.04 20:05:33 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?©) -- C:\Windows\SysNative\ﳰ© [2013.02.27 21:54:45 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?³) -- C:\Windows\SysNative\ﳰ³ [2013.02.27 21:54:45 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?³) -- C:\Windows\SysNative\ﳰ³ [2013.02.14 21:33:53 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?´) -- C:\Windows\SysNative\ﳰ´ [2013.02.14 21:33:52 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?´) -- C:\Windows\SysNative\ﳰ´ [2013.02.08 23:40:21 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?±) -- C:\Windows\SysNative\ﳰ± [2013.02.08 23:40:20 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?±) -- C:\Windows\SysNative\ﳰ± [2013.02.05 22:29:00 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?Á) -- C:\Windows\SysNative\ﳰÁ [2013.02.05 22:29:00 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?Á) -- C:\Windows\SysNative\ﳰÁ [2013.02.02 01:53:20 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?*) -- C:\Windows\SysNative\ﳰ* [2013.02.02 01:53:20 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?*) -- C:\Windows\SysNative\ﳰ* [2013.01.21 23:17:27 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?¼) -- C:\Windows\SysNative\ﳰ¼ [2013.01.21 23:17:27 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?¼) -- C:\Windows\SysNative\ﳰ¼ [2013.01.04 22:40:28 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?®) -- C:\Windows\SysNative\ﳰ® [2013.01.04 22:40:27 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?®) -- C:\Windows\SysNative\ﳰ® [2012.11.18 11:35:31 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?½) -- C:\Windows\SysNative\ﳰ½ [2012.11.18 11:35:31 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?½) -- C:\Windows\SysNative\ﳰ½ [2012.09.05 22:05:07 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?À) -- C:\Windows\SysNative\ﳰÀ [2012.09.05 22:05:06 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?À) -- C:\Windows\SysNative\ﳰÀ [2012.08.26 14:09:58 | 000,002,032 | ---- | M] ()(C:\Windows\SysNative\??????????????????????????????????????????????‹?????????.???3g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g????Dg?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g????Dg?g?g?g?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f.lnk) -- C:\Windows\SysNative\㩃啜敳獲䉜獡楴湡䑜獥瑫灯䡜뛃扲捵敨屲桃楲瑳灯敨慐汯湩*牅条湯㐠孜慐汯湩Ⱪ䌠牨獩潴桰牥⁝㐱‹牅条湯㐠ⴠ䐠獡䔠扲.档灭3g�g�g�g�g�g�g�gퟸg힘g휸g훘g홸g햸g㣈g하g㝈g㛨g�㴰㘨耀Dg㕨g㔈g㒨g㑈g㏨g㎈g㌨g㋈g㉨gよg⿈g⽨g⺨g⼈g⹈gⳈgⷨgⱨg⮨g�㴰⫨耀Dg⨨g⧈g⥨gfffffffffffffffffffffff.lnk [2012.08.26 14:09:58 | 000,002,032 | ---- | C] ()(C:\Windows\SysNative\??????????????????????????????????????????????‹?????????.???3g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g????Dg?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g?g????Dg?g?g?g?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f?f.lnk) -- C:\Windows\SysNative\㩃啜敳獲䉜獡楴湡䑜獥瑫灯䡜뛃扲捵敨屲桃楲瑳灯敨慐汯湩*牅条湯㐠孜慐汯湩Ⱪ䌠牨獩潴桰牥⁝㐱‹牅条湯㐠ⴠ䐠獡䔠扲.档灭3g�g�g�g�g�g�g�gퟸg힘g휸g훘g홸g햸g㣈g하g㝈g㛨g�㴰㘨耀Dg㕨g㔈g㒨g㑈g㏨g㎈g㌨g㋈g㉨gよg⿈g⽨g⺨g⼈g⹈gⳈgⷨgⱨg⮨g�㴰⫨耀Dg⨨g⧈g⥨gfffffffffffffffffffffff.lnk [2012.05.23 18:10:33 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?5) -- C:\Windows\SysNative\ﳰ5 [2012.05.23 18:10:32 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?5) -- C:\Windows\SysNative\ﳰ5 ========== Alternate Data Streams ========== @Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Bastian\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Bastian\Desktop\desktop.ini:gs5sys < End of report > [/CODE] Zur der Frage ob es Fehlermeldungen gab. Wenn man ZOEK im "Abgesicherten Modus mit Eingabeaufforderung" in cmd als Admin über den runas Befehl starten will gibt er folgende Fehlermeldung aus: Runas Fehler 1084: Der Dienst kann nicht im abgesicherten Modus gestartet werden. Wenn man in cmd die explorer.exe startet und dann versucht ZOEK ganz normal über das Kontexmenu als Admin zu starten wird das Program zwar gestartet. Aber wenn man auf "Run Script" klickt erscheint folgende Fehlermeldung: Scriptfehler Zeile 162 Zeichen 6 Fehler Der Dienst kann nicht im abgesicherten Modus gestartet werden. Code 0 |
|
02.05.2013, 17:24
| #6 |
| /// Malwareteam / Visitor | Weißer Bildschirm nach Benutserkontenanmeldung Versuch jetzt nochmal Zoek: Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
|
|
02.05.2013, 18:06
| #7 |
| | Weißer Bildschirm nach Benutserkontenanmeldung Hi, hier das ZOEK-results.log Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by Bastian on 02.05.2013 at 18:39:08,05.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
==== System Restore Info ======================
02.05.2013 18:39:55 Zoek.exe System Restore Point Created Succesfully.
==== Creating Sample__1843.zip ======================
Copied file C:\Users\Bastian\AppData\Roaming\BabMaint.exe to sample
sample\BabMaint.exe renamed to CC1A55091FD96BCB624AD791CD15D179
C:\Users\Public\Desktop\sample__1843.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0D0FEE97-5A2B-93A4-6138-0E472D652BF8} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{280B0013-6C6F-46AC-B26C-4DB01CD76EE9} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{433C7C34-EC03-4F8A-8AF4-3F9287E28DAE} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{66F8C690-48F9-4C9E-8FD7-9AF58534C4BB} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{84D95936-777D-4C14-89A9-BFC2C0F9F081} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{97EEAD43-9BF7-4CEC-8711-9FDFDBDD5F40} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{99928578-79CB-47CB-A544-D2C8ED364531} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B6065B44-CA39-4F48-BBF2-2C9D6DB5E6F3} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BE9FA53D-D907-422A-BF5F-762D099C8674} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EE7164BB-1915-46B3-85D6-27FF8BF8563C} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrowserProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCSUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCSUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\application updater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\application updater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICQ Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ICQ Service deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default
---- Lines BabylonToolbar removed from prefs.js ----
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=117116&tt=111212_new_5012_5");
user_pref("extensions.BabylonToolbar.bbDpng", "21");
user_pref("extensions.BabylonToolbar.cntry", "DE");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.dpkLst", "");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.hdrMd5", "A469709B20FA10B97AF39F4BB8863EA8");
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.id", "6e077f2400000000000000040ec3238f");
user_pref("extensions.BabylonToolbar.instlDay", "15686");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.4.914:28:34");
user_pref("extensions.BabylonToolbar.newTab", false);
user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"68\",\"lastVrsn\":\"68\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.rvrt", "false");
user_pref("extensions.BabylonToolbar.sg", "azb");
user_pref("extensions.BabylonToolbar.smplGrp", "azb");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=6e077f2400000000000000040ec3238f&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.4.914:28:34");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117116&tt=111212_new_5012_5");
user_pref("extensions.BabylonToolbar_i.excTlbr", false);
user_pref("extensions.BabylonToolbar_i.hardId", "6e077f2400000000000000040ec3238f");
user_pref("extensions.BabylonToolbar_i.id", "6e077f2400000000000000040ec3238f");
user_pref("extensions.BabylonToolbar_i.instlDay", "15486");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=NT_ss&mntrId=6e077f2400000000000000040ec3238f");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.914:28:34");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
---- Lines BabylonToolbar modified from prefs.js ----
---- Lines BabylonToolbar removed from user.js ----
user_pref("extensions.BabylonToolbar_i.id", "6e077f2400000000000000040ec3238f");
user_pref("extensions.BabylonToolbar_i.hardId", "6e077f2400000000000000040ec3238f");
user_pref("extensions.BabylonToolbar_i.instlDay", "15486");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=6e077f2400000000000000040ec3238f&q=");
user_pref("extensions.BabylonToolbar.id", "6e077f2400000000000000040ec3238f");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.instlDay", "15686");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.914:28:34");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar_i.excTlbr", false);
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117116&tt=111212_new_5012_5");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.rvrt", "false");
user_pref("extensions.BabylonToolbar_i.newTab", false);
---- Lines funmoods removed from prefs.js ----
---- Lines funmoods modified from prefs.js ----
---- Lines funmoods removed from user.js ----
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzztC0FyDzyzyyB0FtByEtN0D0TzutBtDtCtBtDyCtCyD&cr=145751888");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzztC0FyDzyzyyB0FtByEtN0D0TzutBtDtCtBtDyCtCyD&cr=145751888");
user_pref("extensions.funmoods.tlbrSrchUrl", "");
user_pref("extensions.funmoods.id", "6e077f2400000000000000040ec3238f");
user_pref("extensions.funmoods.instlDay", "15506");
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.229:46:7");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.aflt", "fmtgl");
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.instlRef", "fmtgl");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
---- Lines CT2269050 removed from prefs.js ----
---- Lines CT2269050 modified from prefs.js ----
---- Lines CT2269050 removed from user.js ----
---- Lines CT2247187 removed from prefs.js ----
---- Lines CT2247187 modified from prefs.js ----
---- Lines CT2247187 removed from user.js ----
---- Lines CT2670199 removed from prefs.js ----
---- Lines CT2670199 modified from prefs.js ----
---- Lines CT2670199 removed from user.js ----
---- Lines CT2736476 removed from prefs.js ----
---- Lines CT2736476 modified from prefs.js ----
---- Lines CT2736476 removed from user.js ----
---- Lines CT2851647 removed from prefs.js ----
---- Lines CT2851647 modified from prefs.js ----
---- Lines CT2851647 removed from user.js ----
---- Lines conduit removed from prefs.js ----
---- Lines conduit modified from prefs.js ----
---- Lines conduit removed from user.js ----
---- Lines mystart removed from prefs.js ----
---- Lines mystart modified from prefs.js ----
---- Lines mystart removed from user.js ----
---- Lines iminent removed from prefs.js ----
---- Lines iminent modified from prefs.js ----
---- Lines iminent removed from user.js ----
---- Lines Web Search removed from prefs.js ----
---- Lines Web Search modified from prefs.js ----
---- Lines Web Search removed from user.js ----
---- Lines Customized removed from prefs.js ----
---- Lines Customized modified from prefs.js ----
---- Lines Customized removed from user.js ----
---- Lines y2layers removed from prefs.js ----
---- Lines y2layers modified from prefs.js ----
---- Lines y2layers removed from user.js ----
user_pref("extentions.y2layers.installId", "2fc16415-9193-46da-9255-495342965c4f");
user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,");
---- Lines yontoo removed from prefs.js ----
---- Lines yontoo modified from prefs.js ----
---- Lines yontoo removed from user.js ----
---- Lines F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB removed from prefs.js ----
---- Lines F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB modified from prefs.js ----
---- Lines F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB removed from user.js ----
---- Lines CommunityToolbar removed from prefs.js ----
---- Lines CommunityToolbar modified from prefs.js ----
---- Lines CommunityToolbar removed from user.js ----
---- Lines crossrider removed from prefs.js ----
---- Lines crossrider modified from prefs.js ----
---- Lines crossrider removed from user.js ----
---- Lines blabbers removed from prefs.js ----
---- Lines blabbers modified from prefs.js ----
---- Lines blabbers removed from user.js ----
---- Lines mybrowserbar removed from prefs.js ----
---- Lines mybrowserbar modified from prefs.js ----
---- Lines mybrowserbar removed from user.js ----
---- Lines smartbar removed from prefs.js ----
---- Lines smartbar modified from prefs.js ----
---- Lines smartbar removed from user.js ----
---- FireFox user.js and prefs.js backups ----
user__1845_.backup
prefs__1845_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
==== Batch Command(s) Run By Tool======================
C:\Windows\System32\roboot64.exe deleted successfully
==== Deleting Files \ Folders ======================
"C:\Windows\SysNative\roboot64.exe" not found
"C:\user.js" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\searchplugins\conduit.xml" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\plugin@yontoo.com.xpi" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\wtxpcom@mybrowserbar.com" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\ytd@mybrowserbar.com" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" not deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml" deleted
"C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk" deleted
"C:\Users\Bastian\AppData\Local\funmoods-speeddial.crx" deleted
"C:\Users\Bastian\AppData\Local\funmoods.crx" deleted
"C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data" deleted
"C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted
"C:\user.js" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\searchplugins\babylon1.xml" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\searchplugins\kikin-search.xml" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\searchplugins\Search.xml" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\searchplugins\SearchTheWeb.xml" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\bProtector_extensions.rdf" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\bprotector_extensions.sqlite" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\bprotector_prefs.js" deleted
"C:\Users\Public\Desktop\eBay.lnk" deleted
"C:\Users\Bastian\AppData\Roaming\BabMaint.exe" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\plugin@yontoo.com.xpi" deleted
"C:\Program Files (x86)\BrowserCompanion\BCHelper.exe" deleted
"C:\Program Files (x86)\BrowserCompanion\sqlite3.dll" deleted
"C:\Users\Bastian\AppData\Roaming\BrowserCompanion\tcbhn.exe" deleted
"C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe" deleted
"C:\Program Files (x86)\Iminent\IMBooster\Iminent.Booster.UI.dll" deleted
"C:\Program Files (x86)\Iminent\IMBooster\Iminent.Business.dll" deleted
"C:\Program Files (x86)\Iminent\IMBooster\Iminent.Business.TinyUrl.dll" deleted
"C:\Program Files (x86)\Iminent\IMBooster\Iminent.Windows.dll" deleted
"C:\Program Files (x86)\Iminent\IMBooster\Iminent.Workflow.dll" deleted
"C:\Program Files (x86)\Iminent\IMBooster\de\IMBooster.resources.dll" deleted
"C:\Program Files (x86)\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll" deleted
"C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth153.dll" deleted
"C:\Users\Bastian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe" deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-12.0.dll" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-13.0.dll" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-14.0.1.dll" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-15.0.dll" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-16.0.dll" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-17.0.dll" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-18.0.dll" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not deleted
"C:\Windows\syswow64\appdata" deleted
"C:\Program Files (x86)\Application Updater" deleted
"C:\Program Files (x86)\Softonic_Deutsch" deleted
"C:\Program Files (x86)\JDownloader" deleted
"C:\Program Files (x86)\Iminent" deleted
"C:\Program Files (x86)\IMinent Toolbar" deleted
"C:\Program Files (x86)\DAEMON Tools Toolbar" deleted
"C:\Program Files (x86)\ICQ6Toolbar" deleted
"C:\Program Files (x86)\I Want This" deleted
"C:\Program Files (x86)\BabylonToolbar" deleted
"C:\Program Files (x86)\DVDVideoSoftTB" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted
"C:\Program Files (x86)\uTorrentBar_DE" deleted
"C:\Program Files (x86)\RewardsArcade" deleted
"C:\Program Files (x86)\BrowserCompanion" deleted
"C:\Program Files (x86)\YTD Toolbar" deleted
"C:\Program Files (x86)\Yontoo" deleted
"C:\Program Files (x86)\File Scout" deleted
"C:\Program Files (x86)\Ask.com" deleted
"C:\Program Files (x86)\Funmoods" deleted
"C:\Program Files (x86)\Conduit" deleted
"C:\Program Files (x86)\Common Files\Spigot" not deleted
"C:\Users\Bastian\AppData\Roaming\OCS" not deleted
"C:\Users\Bastian\AppData\Roaming\DesktopIconForAmazon" deleted
"C:\Users\Bastian\AppData\Roaming\BrowserCompanion" deleted
"C:\Users\Bastian\AppData\Roaming\BabSolution" deleted
"C:\Users\Bastian\AppData\Roaming\Babylon" deleted
"C:\Users\Bastian\AppData\Roaming\BabylonToolbar" deleted
"C:\Users\Bastian\AppData\Roaming\File Scout" deleted
"C:\Users\Bastian\AppData\Roaming\Systweak" deleted
"C:\Users\Bastian\AppData\Roaming\PerformerSoft" deleted
"C:\Users\Bastian\AppData\Roaming\OpenCandy" deleted
"C:\ProgramData\BrowserProtect" not deleted
"C:\ProgramData\blekko toolbars" deleted
"C:\ProgramData\IBUpdaterService" deleted
"C:\ProgramData\IMinent" deleted
"C:\ProgramData\Tarma Installer" deleted
"C:\ProgramData\ICQ\ICQToolbar" deleted
"C:\ProgramData\Babylon" deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent" deleted
"C:\Users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect" deleted
"C:\Users\Bastian\AppData\Local\CRE" deleted
"C:\Users\Bastian\AppData\Local\OpenCandy" deleted
"C:\Users\Bastian\AppData\Local\RewardsArcade" deleted
"C:\Users\Bastian\AppData\Local\I Want This" deleted
"C:\Users\Bastian\AppData\Local\Conduit" deleted
"C:\Users\Bastian\AppData\LocalLow\AskToolbar" deleted
"C:\Users\Bastian\AppData\LocalLow\BabylonToolbar" deleted
"C:\Users\Bastian\AppData\LocalLow\Funmoods" deleted
"C:\Users\Bastian\AppData\LocalLow\uTorrentBar_DE" deleted
"C:\Users\Bastian\AppData\LocalLow\PriceGong" deleted
"C:\Users\Bastian\AppData\LocalLow\bbrs_002.tb" deleted
"C:\Users\Bastian\AppData\LocalLow\Conduit" deleted
"C:\Users\Bastian\AppData\LocalLow\Search Settings" deleted
"C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc" deleted
"C:\Windows\SysWow64\searchplugins" deleted
"C:\Windows\SysWow64\Extensions" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\ffxtlbr@babylon.com" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\blekkotb_soc" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\staged" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\CT2247187" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\CT2269050" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\CT2670199" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\CT2736476" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\CT2851647" deleted
"C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\ffxtlbr@funmoods.com" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\CT2269050" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\CT2247187" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\CT2670199" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\CT2736476" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\CT2851647" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\conduitCommon" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\plugin@yontoo.com" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB}" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\crossriderapp2258@crossrider.com" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\crossriderapp498@crossrider.com" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\smartbar" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\ffxtlbr@funmoods.com" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\crossriderapp2258@crossrider.com" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\crossriderapp498@crossrider.com" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\bbrs_002@blabbers.com" deleted
"C:\Program Files (x86)\Iminent\IMBooster" deleted
"C:\Program Files (x86)\Iminent\IMBooster\de" deleted
"C:\Program Files (x86)\Common Files\Spigot\Search Settings" not deleted
"C:\Users\Bastian\AppData\Roaming\OCS\SM" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components" not deleted
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content" not deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Bastian\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-04-10 14:25:40 B8965FB53551B5455630A4B804D0791F 1655656 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
2013-04-10 13:27:15 8F6322049018354F45F05A2FD2D4E5E0 223752 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys
2013-04-07 13:40:14 FC0E8778C000291CAF60EB88C011E931 314016 ----a-w- C:\Windows\Sysnative\drivers\atksgt.sys
2013-04-07 13:40:13 156AB2E56DC3CA0B582E3362E07CDED7 43680 ----a-w- C:\Windows\Sysnative\drivers\lirsgt.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-04-05 19:59:18 -------- d-----w- C:\Program Files\Domination
======= C:\Program Files (x86) =====
2013-04-05 13:49:12 -------- d-----w- C:\Program Files (x86)\Paradox Interactive
======= C: =====
====== C:\Users\Bastian\AppData\Roaming ======
====== C:\Users\Bastian ======
2013-05-01 07:47:26 D28291D3F8CFD0BDA58BE1B77C4FE556 168 ----a-w- C:\Users\Bastian\defogger_reenable
2013-04-07 14:30:01 -------- d-----w- C:\ProgramData\Tages
2013-04-05 20:01:02 CE6E6D0CBEF725648DCED051D466B389 92 ----a-w- C:\Users\Bastian\.lobby
2013-04-05 13:49:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
====== C: exe-files ==
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Software Suite SE"="C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe /run"
"DriverScanner"="C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe delay 20000 "
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"Akamai NetSession Interface"="C:\Users\Bastian\AppData\Local\Akamai\netsession_win.exe"
"Google Update"="C:\Users\Bastian\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"PC Speed Maximizer"="C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe"
"SPMTray"="C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
"uTorrent"="C:\Program Files (x86)\uTorrent\uTorrent.exe /MINIMIZED"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"ScrSav"="C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"Hotkey Utility"="C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe"
"OOTag"="C:\Program Files (x86)\Packard Bell\OOBEOffer\OOTag.exe"
"AVMWlanClient"="C:\Program Files (x86)\avmwlanstick\wlangui.exe"
"Microsoft Default Manager"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
"IMBooster"="C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup"
"vmware-tray"="C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Anti-phishing Domain Advisor"="C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
"Browser companion helper"="C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej"
"SearchSettings"="C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Software Suite SE"="C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe /run"
"DriverScanner"="C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe delay 20000 "
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"Akamai NetSession Interface"="C:\Users\Bastian\AppData\Local\Akamai\netsession_win.exe"
"Google Update"="C:\Users\Bastian\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"PC Speed Maximizer"="C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe"
"SPMTray"="C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
"uTorrent"="C:\Program Files (x86)\uTorrent\uTorrent.exe /MINIMIZED"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"OOTag"="C:\Program Files (x86)\Packard Bell\OOBEOffer\ootag.exe"
"Ocs_SM"="C:\Users\Bastian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe"
"IntelliType Pro"="C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
"IntelliPoint"="C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQ"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\ICQ7.6\\ICQ.exe\" silent loginmode=4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSpeedUp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCSpeedUp"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\PC Beschleunigen\\PCSpeedUp.lnk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SearchSettings"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Spigot\\Search Settings\\SearchSettings.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"
==== Startup Folders ======================
2011-10-15 14:06:19 2106 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2010-11-04 13:05:58 1107 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Photo Frame.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\DriverScanner.job --a------ C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [16.05.2011 11:22]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3151336371-207809542-2099419153-1001Core.job --a------ C:\Users\Bastian\AppData\Local\Google\Update\GoogleUpdate.exe [23.03.2012 19:58]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3151336371-207809542-2099419153-1001UA.job --a------ C:\Users\Bastian\AppData\Local\Google\Update\GoogleUpdate.exe [23.03.2012 19:58]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default
- Undetermined - C:\Program Files (x86)\YTD Toolbar\FF
- Free Download Manager plugin - %ProfilePath%\extensions\fdm_ffext@freedownloadmanager.org
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
- Mario Forever - %ProfilePath%\extensions\{707db484-2428-402d-afb5-d85b387544c7}
- Blekko search bar - %ProfilePath%\extensions\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}
- Freeware.de Community Toolbar - %ProfilePath%\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
- DVDVideoSoftTB - %ProfilePath%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
- Free Lunch Design TB Community Toolbar - %ProfilePath%\extensions\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}
- kikin plugin - %ProfilePath%\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
- uTorrentBar_DE Community Toolbar - %ProfilePath%\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default
47299371607DC2FB234444EEACB1639E - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash
E0FF893763BA82BAABB869A351F0C455 - C:\Users\Bastian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update
A63259925ADB2A1181C712513EBFB8ED - C:\Users\Bastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
8C2FF125A0E6ED15727BEF5C96C792FC - C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll - EA Battlefield Heroes Updater
==== Deleting Files \ Folders ======================
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bodddioamolcibagionmmobehnbhiakf - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx[]
cjpglkicenollcignonpgiafdgfeehoj - C:\Users\Bastian\AppData\Local\funmoods-speeddial.crx[]
clbfjfbnelcflpgpklppgplejolacbej - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx[]
cpjacnemeogppppmlcoafbiacilcpngh - C:\Program Files (x86)\shopping-preise.de\shopping-preise-hrome.crx[14.02.2012 18:20]
dcmagccbogebndpoodhhhafmofelpffh - C:\Users\Bastian\AppData\Local\RewardsArcade\Chrome\RewardsArcade.crx[]
dhkplhfnhceodhffomolpfigojocbpcb - C:\Users\Bastian\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx[]
fdloijijlkoblmigdofommgnheckmaki - C:\Users\Bastian\AppData\Local\funmoods.crx[]
leocdeigfnkaojcapikdjcdbedcjmffc - C:\Users\Bastian\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx[]
lpkbfdhlbdkjohbhnhabfecpmcdlcmff - C:\Users\Bastian\AppData\Roaming\kikin\kikin_installer_1.23.14_counterstrike2d_win.crx[08.05.2012 15:53]
mpfapcdfbbledbojijcbcclmlieaoogk - C:\Users\Bastian\AppData\Local\I Want This\Chrome\I Want This.crx[]
niapdbllcanepiiimjjndipklodoedlc - C:\Users\Bastian\AppData\Local\Temp\YontooLayers.crx[]
nlafpokblfobdnjhhggocaanijghemnd - C:\Users\Bastian\AppData\Local\CRE\nlafpokblfobdnjhhggocaanijghemnd.crx[]
pgafcinpmmpklohkojmllohdhomoefph - C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx[06.12.2012 23:05]
plmlpkfpkijnlijgalnjaacllnjmoamo - C:\Users\Bastian\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
cjpglkicenollcignonpgiafdgfeehoj - C:\Users\Bastian\AppData\Local\funmoods-speeddial.crx[]
fdloijijlkoblmigdofommgnheckmaki - C:\Users\Bastian\AppData\Local\funmoods.crx[]
leocdeigfnkaojcapikdjcdbedcjmffc - C:\Users\Bastian\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx[]
nlafpokblfobdnjhhggocaanijghemnd - C:\Users\Bastian\AppData\Local\CRE\nlafpokblfobdnjhhggocaanijghemnd.crx[]
Browser Companion Helper - Bastian - Default\Extensions\bodddioamolcibagionmmobehnbhiakf
New Tab - Bastian - Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Browser Companion Helper - Bastian - Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Shopping-Preise.de - Bastian - Default\Extensions\cpjacnemeogppppmlcoafbiacilcpngh
RewardsArcade - Bastian - Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh
Babylon Toolbar - Bastian - Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Funmoods - Bastian - Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
uTorrentBar_DE - Bastian - Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
kikin plugin - Bastian - Default\Extensions\lpkbfdhlbdkjohbhnhabfecpmcdlcmff
I Want This - Bastian - Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Freeware.de - Bastian - Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd
BrowserProtect - Bastian - Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
==== Chrome Fix ======================
C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf deleted successfully
C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully
C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh deleted successfully
C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully
C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki deleted successfully
C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc deleted successfully
C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk deleted successfully
C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.iminent.com/?appId=7c425fb9-7ef7-4518-ac64-16eb6f515f1a&ref=homepage"
"Backup.Old.Start Page"="hxxp://search.iminent.com/?appId=7c425fb9-7ef7-4518-ac64-16eb6f515f1a&ref=homepage"
"Default_Page_URL"="hxxp://dsl-start.computerbild.de/"
"ICQ Search"="hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://start.funmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzztC0FyDzyzyyB0FtByEtN0D0TzutBtDtCtBtDyCtCyD&cr=145751888"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://start.funmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzztC0FyDzyzyyB0FtByEtN0D0TzutBtDtCtBtDyCtCyD&cr=145751888"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
"Backup.Old.Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Search the web (Babylon) Url="hxxp://search.babylon.com/?q={searchTerms}&affID=117116&tt=111212_new_5012_5&babsrc=SP_ss&mntrId=6e077f2400000000000000040ec3238f"
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Crawler Suche Url="hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw={searchTerms}&tbid=60441"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041198} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041198} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041198} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041198} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041198} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041198} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110011041198} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041198} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nlafpokblfobdnjhhggocaanijghemnd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nlafpokblfobdnjhhggocaanijghemnd deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Bastian\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-12.0.dll" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-13.0.dll" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-14.0.1.dll" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-15.0.dll" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-16.0.dll" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-17.0.dll" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-18.0.dll" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not found
"C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not found
"C:\Program Files (x86)\Common Files\Spigot" not found
"C:\Users\Bastian\AppData\Roaming\OCS" not found
"C:\ProgramData\BrowserProtect" not found
|
|
02.05.2013, 19:24
| #8 |
| /// Malwareteam / Visitor | Weißer Bildschirm nach Benutserkontenanmeldung
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
02.05.2013, 20:02
| #9 |
| | Weißer Bildschirm nach Benutserkontenanmeldung Hi, hier das ZOEK-results.log Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by Bastian on 02.05.2013 at 20:43:44,45.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
==== Older Logs ======================
C:\zoek-results02.05.2013-1902.log 85151 bytes
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Speed Maximizer"=-
"SPMTray"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
"IMBooster"=-
"Anti-phishing Domain Advisor"=-
"Browser companion helper"=-
"SearchSettings"=-
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings]
==== Deleting Files \ Folders ======================
"C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.dll" deleted
"C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" deleted
"C:\Program Files (x86)\Freeware.de" deleted
"C:\ProgramData\Anti-phishing Domain Advisor" not deleted
"C:\Program Files (x86)\PC Speed Maximizer" deleted
"C:\Program Files (x86)\Free_Lunch_Design" deleted
"C:\Program Files (x86)\Mario_Forever" deleted
"C:\Program Files (x86)\shopping-preise.de" deleted
"C:\Users\Bastian\AppData\Roaming\kikin" deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default
- Undetermined - C:\Program Files (x86)\YTD Toolbar\FF
- Free Download Manager plugin - %ProfilePath%\extensions\fdm_ffext@freedownloadmanager.org
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
- Mario Forever - %ProfilePath%\extensions\{707db484-2428-402d-afb5-d85b387544c7}
- Freeware.de Community Toolbar - %ProfilePath%\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
- Free Lunch Design TB Community Toolbar - %ProfilePath%\extensions\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}
- kikin plugin - %ProfilePath%\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
- uTorrentBar_DE Community Toolbar - %ProfilePath%\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default
47299371607DC2FB234444EEACB1639E - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash
E0FF893763BA82BAABB869A351F0C455 - C:\Users\Bastian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update
A63259925ADB2A1181C712513EBFB8ED - C:\Users\Bastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
8C2FF125A0E6ED15727BEF5C96C792FC - C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll - EA Battlefield Heroes Updater
==== Deleting Files \ Folders ======================
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}" deleted
"C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cpjacnemeogppppmlcoafbiacilcpngh - C:\Program Files (x86)\shopping-preise.de\shopping-preise-hrome.crx[]
lpkbfdhlbdkjohbhnhabfecpmcdlcmff - C:\Users\Bastian\AppData\Roaming\kikin\kikin_installer_1.23.14_counterstrike2d_win.crx[]
pgafcinpmmpklohkojmllohdhomoefph - C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx[]
Shopping-Preise.de - Bastian - Default\Extensions\cpjacnemeogppppmlcoafbiacilcpngh
kikin plugin - Bastian - Default\Extensions\lpkbfdhlbdkjohbhnhabfecpmcdlcmff
BrowserProtect - Bastian - Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
==== Chrome Fix ======================
C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph deleted successfully
C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjacnemeogppppmlcoafbiacilcpngh deleted successfully
C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkbfdhlbdkjohbhnhabfecpmcdlcmff deleted successfully
==== Reset Google Chrome ======================
C:\users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{707db484-2428-402d-afb5-d85b387544c7} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{707db484-2428-402d-afb5-d85b387544c7} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041198} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{707db484-2428-402d-afb5-d85b387544c7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{707db484-2428-402d-afb5-d85b387544c7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{707db484-2428-402d-afb5-d85b387544c7} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{707db484-2428-402d-afb5-d85b387544c7} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully
HKEY_USERS\S-1-5-21-3151336371-207809542-2099419153-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{707db484-2428-402d-afb5-d85b387544c7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cpjacnemeogppppmlcoafbiacilcpngh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lpkbfdhlbdkjohbhnhabfecpmcdlcmff deleted successfully
After Reboot
==== Deleting Files / Folders ======================
"C:\ProgramData\Anti-phishing Domain Advisor" not found
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 02/05/2013 um 20:51:41 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Bastian - BASTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Bastian\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : SearchAnonymizer
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Ordner Gelöscht : C:\Program Files (x86)\Crawler
Ordner Gelöscht : C:\Program Files (x86)\Free_Lunch_Design_TB
Ordner Gelöscht : C:\Program Files (x86)\kikin
Ordner Gelöscht : C:\Program Files (x86)\Mario Forever
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Lunch Design
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mario Forever
Ordner Gelöscht : C:\Users\Bastian\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Ordner Gelöscht : C:\Users\Bastian\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Bastian\AppData\LocalLow\Free_Lunch_Design
Ordner Gelöscht : C:\Users\Bastian\AppData\LocalLow\Free_Lunch_Design_TB
Ordner Gelöscht : C:\Users\Bastian\AppData\LocalLow\Freeware.de
Ordner Gelöscht : C:\Users\Bastian\AppData\LocalLow\Mario_Forever
Ordner Gelöscht : C:\Users\Bastian\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Free_Lunch_Design
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Free_Lunch_Design_TB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Freeware.de
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\I Want This
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Mario_Forever
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RewardsArcade
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Softonic_Deutsch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\CToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Funmoods
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5AE8924-4036-420F-B7F6-A47E4B8F692E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{767FF41E-4C17-4F99-B79E-CADC2E4ABA54}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{89FFC103-B743-4C56-BA91-63FA69F73384}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5AE8924-4036-420F-B7F6-A47E4B8F692E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B83F74A4-7F2B-4352-8E1B-FBBD508566E4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\5d53dedeb36aee45
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{13C8734A-1AD2-4500-9F65-10D99AD80F54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.MMServer.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0000498.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0000498.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0000498.FBApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0000498.FBApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0000498.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0000498.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CShared.TB4Client
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CShared.TB4Script
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CShared.TB4Server
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CShared.TB4Server2
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\f
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentMMServer.ACPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentMMServer.ACPlayer.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.Web2IMBHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.Web2IMBHandler.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1708250
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2247187
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2670199
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{425F621C-217C-40AD-B22F-4EFCFF452800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\CToolbar
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Default Tab
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\Software\Free_Lunch_Design
Schlüssel Gelöscht : HKLM\Software\Free_Lunch_Design_TB
Schlüssel Gelöscht : HKLM\Software\Freeware.de
Schlüssel Gelöscht : HKLM\Software\Funmoods
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\Mario_Forever
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{767FF41E-4C17-4F99-B79E-CADC2E4ABA54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89FFC103-B743-4C56-BA91-63FA69F73384}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B83F74A4-7F2B-4352-8E1B-FBBD508566E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Softonic_Deutsch
Schlüssel Gelöscht : HKLM\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5d53dedeb36aee45
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01BB6254-5E89-4C53-BEF1-4D1656B09B86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{767FF41E-4C17-4F99-B79E-CADC2E4ABA54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{89FFC103-B743-4C56-BA91-63FA69F73384}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8E948448-E97B-4864-8177-546200709672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{913FAA37-8CDB-4144-9047-E2A950CD967E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5AE8924-4036-420F-B7F6-A47E4B8F692E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A93B530D-2B18-48C7-9F3C-281679403372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B83F74A4-7F2B-4352-8E1B-FBBD508566E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{913FAA37-8CDB-4144-9047-E2A950CD967E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21F90BD0-4A99-4160-BB90-00AC329B7E5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{260D87E8-5536-44A7-AEA7-54798994E0BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4179F8AB-70B1-432E-B6B8-DC85291DCC19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{422AA76C-A0A3-42EC-98D5-E4E41D46B66C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{539915F8-1A96-4889-B800-4CB8C920DF7A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{648FC396-63E1-47AE-828B-C948471EA1FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DCEE1C9-E92D-413A-8883-F518F641B630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82813941-8DAD-4544-B2C5-F78B394E771C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89D32E4B-43AA-433A-8A8E-F2BA424D7900}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE0BE07B-4FD4-4EFA-990D-44C29956E221}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1CDBCE6-AD59-4FB5-A0A8-59964CFD0B39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC31825D-28E7-4233-9338-9CB6DC2688EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5AE8924-4036-420F-B7F6-A47E4B8F692E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free_Lunch_Design Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free_Lunch_Design_TB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mario_Forever Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{913FAA37-8CDB-4144-9047-E2A950CD967E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A5AE8924-4036-420F-B7F6-A47E4B8F692E}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A5AE8924-4036-420F-B7F6-A47E4B8F692E}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{707DB484-2428-402D-AFB5-D85B387544C7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A5AE8924-4036-420F-B7F6-A47E4B8F692E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A5AE8924-4036-420F-B7F6-A47E4B8F692E}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Secondary Start Pages] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
hxxp://packardbell.msn.com --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Secondary_Page_URL] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
hxxp://packardbell.msn.com --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\prefs.js
C:\Users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\qlqngrde.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
-\\ Opera v12.2.1578.0
Datei : C:\Users\Bastian\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [46011 octets] - [02/05/2013 20:51:41]
########## EOF - C:\AdwCleaner[S1].txt - [46072 octets] ##########
|
|
02.05.2013, 22:21
| #10 |
| /// Malwareteam / Visitor | Weißer Bildschirm nach Benutserkontenanmeldung Es sieht schon wieder ziemlich sauber aus Wir machen weiter: Schritt 1 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Der Scan kann sehr lange (einige Stunden) dauern!  |
|
03.05.2013, 17:48
| #11 |
| | Weißer Bildschirm nach Benutserkontenanmeldung Hi hier das Ergebnis des ESET Scans: Code:
ATTFilter C:\_OTL\MovedFiles\05022013_155608\C_Users\Bastian\AppData\Roaming\skype.dat a variant of Win32/Kryptik.AZHK trojan
|
|
03.05.2013, 18:01
| #12 |
| /// Malwareteam / Visitor | Weißer Bildschirm nach Benutserkontenanmeldung Nur ein Backup von OTL, da brauchen wir nicht beunruhigt zu sein Downloade Dir bitte  SecurityCheck und:
|
|
03.05.2013, 18:22
| #13 |
| | Weißer Bildschirm nach Benutserkontenanmeldung Hi hier das Scanergebnis: Code:
ATTFilter Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Norton Internet Security Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.60.1.1000 TuneUp Utilities 2012 TuneUp Utilities Language Pack (de-DE) Java(TM) 6 Update 22 Java(TM) 6 Update 31 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader XI Mozilla Firefox 19.0.2 Firefox out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
03.05.2013, 18:43
| #14 |
| /// Malwareteam / Visitor | Weißer Bildschirm nach Benutserkontenanmeldung Mach mal diese Check: https://www.mozilla.org/de/plugincheck/ Drücke bei veraltete Versionen auf "Aktualisieren" und installiere der neueste Version. Wiederhole nachher den SecurityCheck Scan und poste mir den Resultat |
|
03.05.2013, 21:19
| #15 |
| | Weißer Bildschirm nach Benutserkontenanmeldung Hi hier der scan nach der Aktualisierung: Code:
ATTFilter Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Norton Internet Security Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.60.1.1000 TuneUp Utilities 2012 TuneUp Utilities Language Pack (de-DE) Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.7.700.169 Adobe Reader XI Mozilla Firefox (20.0.1) Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Geändert von Archiv_Index (03.05.2013 um 21:29 Uhr) |
|
| Themen zu Weißer Bildschirm nach Benutserkontenanmeldung |
| anhang, anmelden, anmeldung, betriebsystem, bildschirm, desktop, funktioniert, gmer, herunterfahren, home, kleine, kleinen, logfiles, melde, melden, meldung, modus, problem, problem mit dem pc, starte, starten, strg, taskmanager, weißer, weißer desktop, win7, win7 64bit, windows |
Textbox.
Linear-Darstellung
