Qvo6 Virus, Desk365 Meldung und OTL.exe hängt sich auf, keine Files möglich

Die-Dora · 04.07.2013, 19:23

Hallo zusammen,

ich brauche dringend jemanden, der mir behilflich sein kann. Ich könnte

.

Ich habe mir vor 2 Tagen über google das Picasa Webalbum heruntergeladen und seither habe ich Probleme. Ich glaube ich habe da noch mehr heruntergeladen.

Ich habe schon mit Hilfe von Youtube-Anweisungen den Virus Qvo6 versucht wegzubekommen. Leider klappt das nicht. Dann kommt noch was von Desk365. Je mehr ich versuche, desto mehr geht kaputt. Je mehr ich runterlade, desto mehr mülle ich den PC voll. Keine Ahnung!! Ich kenne mich leider überhaupt nicht aus!

Ich habe ebenso versucht nach Eurer Anweisung zu arbeiten. Aber allein das OTL.exe hängt sich bei mir unter dem Punkt Scanning Firefox settings total auf. Ich bekomme keinen Text nix.

Habe runtergefahren, wieder nix.

Falls jemand geduldig ist und mir helfen könnte, wäre ich wirklich furchtbar dankbar.
Eine Bitte hätte ich noch. Ich verstehe Eure Fachbegriffe leider nicht. File verstehe ich ja noch, aber alles andere müsste mir bitte wie für einen Computeranfänger erklärt werden

Lieben Dank
Die-Dora

M-K-D-B · 04.07.2013, 19:25

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.

M-K-D-B · 04.07.2013, 19:25

Servus,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Die-Dora · 04.07.2013, 20:00

Hallo Matthias,

ich gaube des hat jetzt endlich geklappt. Schau mal:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Cristian (administrator) on 04-07-2013 20:40:26
Running from C:\Users\Cristian\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(337 Technology Limited.) C:\Program Files\Desk 365\deskSvc.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Windows\system32\schtasks.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Sun Microsystems, Inc.) C:\Windows\system32\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(337 Technology Limited.) C:\Program Files\Desk 365\desk365.exe
(Evoluent) C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\system32\PSIService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Hewlett-Packard Company) C:\hp\kbd\kbd.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Sun Microsystems, Inc.) C:\Windows\system32\jucheck.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(WebCake LLC) C:\Users\Cristian\AppData\Roaming\WebCake\WebCakeDesktop.exe
(WebCake LLC) C:\Program Files\WebCake\WebCakeDesktop.Updater.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [71176 2007-05-24] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13539872 2008-05-22] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-05-22] (NVIDIA Corporation)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1848648 2009-07-07] (CANON INC.)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1505144 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe [44168 2007-04-03] (soft thinks)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-20] (Google Inc.)
HKCU\...\Run: [Desk 365] "C:\Program Files\Desk 365\desk365.exe" /autorun [916048 2013-07-03] (337 Technology Limited.)
HKCU\...\Run: [WebCake Desktop] "C:\Users\Cristian\AppData\Roaming\WebCake\WebCakeDesktop.exe" [47896 2013-06-21] (WebCake LLC)
HKCU\...\Policies\system: [DisableCMD] 0
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\Explorer: [NoDesktop] 0
MountPoints2: {f129cc84-3584-11e0-9ff7-001e8c058d2b} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL hxxp://www.garmin.com/agent
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk
ShortcutTarget: Evoluent Mouse Manager.lnk -> C:\Windows\Installer\{AD6E0AE0-DADF-480E-82AE-4CDA6035D341}\_BBBCF44DDE3DA1E118ADB6.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files\Common Files\wruninstall.exe (No File)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files\Common Files\wruninstall.exe (No File)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk
ShortcutTarget: Socialbox.lnk -> C:\Program Files\Socialbox\Socialbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yhs.delta-search.com/?babsrc=HP_ss&mntrId=00F7001E8C058D2B&affID=119556&tt=040713_ifrmful&tsp=4933
URLSearchHook: (No Name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} -  No File
URLSearchHook: (No Name) - {32361cec-8645-4eea-a02e-406794b05835} -  No File
URLSearchHook: Ashampoo DE Toolbar - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.)
HKLM SearchScopes: DefaultScope {61B65EA7-2BB2-4054-8203-C4232A5ABC4F} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=126614527_331763_00F70A37&ts=3670068
SearchScopes: HKLM - {73D7DD15-498F-4560-B21C-95CE9C3C6EB3} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie7chrome
SearchScopes: HKLM - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9E243EF5-069C-4A26-B385-13F804DF9D7D} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031784
SearchScopes: HKLM - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
HKCU SearchScopes: DefaultScope {4199249C-AE3F-46FA-AF6D-D3FF35D29B32} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.yhs.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=00F7001E8C058D2B&affID=119556&tt=040713_ifrmful&tsp=4933
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {4199249C-AE3F-46FA-AF6D-D3FF35D29B32} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {73D7DD15-498F-4560-B21C-95CE9C3C6EB3} URL = 
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {9E243EF5-069C-4A26-B385-13F804DF9D7D} URL = 
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = 
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Plus-HD-2.3 - {11111111-1111-1111-1111-110311341126} - C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)
BHO: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll (WebCake LLC)
BHO: LyricsContainer - {463B0ED4-8AFA-404B-90E7-4063A0708050} - C:\Program Files\LyricsContainer\116.dll (RYD Software)
BHO: Ashampoo DE Toolbar - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.)
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKLM - Ashampoo DE Toolbar - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} -  No File
Toolbar: HKCU -No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU -Ashampoo DE Toolbar - {5786D022-540E-4699-B350-B4BE0AE94B79} - C:\Program Files\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {16BC6A51-9F62-49E3-9F96-C842EF2FFE3E} hxxp://www.eytronserver.com/CAB/WebPlayer.cab
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} hxxp://o.aolcdn.com/pictures/ap/Resources/v2.14/cab/aolpPlugins.10.6.0.8.cab
DPF: {29DFBD41-3B7D-4368-9021-894C5A30E054} hxxp://www.eytronserver.com/CAB/RemoteWeb.cab
DPF: {54CFC975-F9FB-45EB-8D18-D2D04FBC4299} hxxp://www.eytronserver.com/CAB/RemoteWeb2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} hxxp://upload.lokalisten.de/iup/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default
FF user.js: detected! => C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\user.js
FF NewTab: hxxp://www.yhs.delta-search.com/?babsrc=NT_ss&mntrId=00F7001E8C058D2B&affID=119556&tt=040713_ifrmful&tsp=4933
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www.yhs.delta-search.com/?babsrc=HP_ss&mntrId=00F7001E8C058D2B&affID=119556&tt=040713_ifrmful&tsp=4933
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=2&CUI=SB_CUI&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @innoplus.de/ino3DViewer - C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Cristian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Cristian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\searchplugins\SearchquWebSearch.xml
FF SearchPlugin: C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
FF Extension: No Name - C:\Users\Cristian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: LyricsContainer - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\116
FF Extension: No Name - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: Delta Toolbar - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\ffxtlbr@delta.com
FF Extension: YouTube mp3 - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\info@youtube-mp3.org
FF Extension: WebCake - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\plugin@getwebcake.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: SFT-Germany_ Community Toolbar - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{32361cec-8645-4eea-a02e-406794b05835}
FF Extension: Webroot - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
FF Extension: No Name - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [Lyrics@LyricsContainer.co] C:\Program Files\LyricsContainer\116.xpi
FF Extension: No Name - C:\Program Files\LyricsContainer\116.xpi

Chrome: 
=======
CHR Extension: (LyricsContainer) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh\1.116
CHR Extension: (YouTube) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (WebCake) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3
CHR Extension: (Plus-HD-2.3) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0
CHR Extension: (Gmail) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 desksvc; C:\Program Files\Desk 365\deskSvc.exe [424016 2013-07-03] (337 Technology Limited.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-05-24] (Hewlett-Packard)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 WebCake Desktop Updater; C:\Users\Cristian\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-06-21] (WebCake LLC)
S2 eSafeSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AVMWAN; C:\Windows\System32\DRIVERS\avmwan.sys [29968 2001-11-08] (AVM Berlin)
R3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [22712 2010-06-23] (Evoluent)
R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [20024 2010-06-23] ()
S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [488656 2001-11-08] (AVM Berlin)
S3 LFXACT; C:\Windows\System32\Drivers\LFXACT.sys [20672 2007-01-09] (OEM)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2008-01-22] (Acronis)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S3 WlanUIG; C:\Windows\System32\DRIVERS\2862w.sys [346944 2004-04-06] (SMC Networks, Inc.)
S3 XMLDIUSB; C:\Windows\System32\Drivers\XMLDIUSB.sys [31879 2007-01-09] (OEM)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U0 SR; 
U2 srservice; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\FRST
2013-07-04 20:38 - 2013-07-04 20:38 - 01373373 ____A (Farbar) C:\Users\Cristian\Desktop\FRST(1).exe
2013-07-04 20:34 - 2013-07-04 20:35 - 01373373 ____A (Farbar) C:\Users\Cristian\Desktop\FRST.exe
2013-07-04 20:09 - 2013-07-04 20:10 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\WebCake
2013-07-04 20:09 - 2013-07-04 20:09 - 00000390 ____A C:\Windows\Tasks\LyricsContainer Update.job
2013-07-04 20:09 - 2013-07-04 20:09 - 00000000 ____D C:\Program Files\WebCake
2013-07-04 20:09 - 2013-07-04 20:09 - 00000000 ____D C:\Program Files\LyricsContainer
2013-07-04 20:06 - 2013-07-04 20:06 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\Delta
2013-07-04 20:06 - 2013-07-04 20:06 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\BabSolution
2013-07-04 20:06 - 2013-07-04 20:06 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-04 20:06 - 2013-07-04 20:06 - 00000000 ____D C:\Program Files\Delta
2013-07-04 20:05 - 2013-07-04 20:05 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\Babylon
2013-07-04 20:05 - 2013-07-04 20:05 - 00000000 ____D C:\ProgramData\Babylon
2013-07-04 20:01 - 2013-07-04 20:01 - 00247992 ____A C:\Users\Cristian\Desktop\Avira Antivirus Download.exe
2013-07-04 18:32 - 2013-07-04 18:32 - 00602112 ____A (OldTimer Tools) C:\Users\Cristian\Desktop\OTL.exe
2013-07-04 18:31 - 2013-07-04 18:32 - 00000478 ____A C:\Users\Cristian\Desktop\defogger_disable.log
2013-07-04 18:31 - 2013-07-04 18:31 - 00000000 ____A C:\Users\Cristian\defogger_reenable
2013-07-04 18:30 - 2013-07-04 18:30 - 00000862 ____A C:\Users\Cristian\Desktop\Defogger.exe - Verknüpfung.lnk
2013-07-04 18:29 - 2013-07-04 18:29 - 00050477 ____A C:\Users\Cristian\Desktop\Defogger.exe
2013-07-04 18:27 - 2013-07-04 18:27 - 00793536 ____A C:\Users\Cristian\Downloads\ZipOpenerSetup.exe
2013-07-04 18:27 - 2013-07-04 18:27 - 00016678 ____A C:\Users\Cristian\Desktop\Zip Opener.htm
2013-07-04 18:27 - 2013-07-04 18:27 - 00000000 ____D C:\Users\Cristian\Desktop\Zip Opener_files
2013-07-04 12:39 - 2013-07-04 12:39 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-04 12:38 - 2013-07-04 17:41 - 00000000 ____D C:\Windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-07-04 12:37 - 2013-07-04 12:37 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-03 17:37 - 2013-07-03 17:37 - 00000000 ____D C:\Users\Cristian\Desktop\117___07
2013-07-03 11:56 - 2013-07-04 19:26 - 00001188 ____A C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-07-03 11:56 - 2013-07-04 19:23 - 00001092 ____A C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-07-03 11:56 - 2013-07-03 11:56 - 00116224 ____A (Webroot) C:\Windows\System32\Drivers\BGqjhauF.sys
2013-07-03 11:55 - 2013-07-04 19:23 - 00001192 ____A C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-07-03 11:55 - 2013-07-03 11:59 - 00000000 ____D C:\ProgramData\eSafe
2013-07-03 11:55 - 2013-07-03 11:56 - 00000000 ____D C:\Users\Cristian\AppData\Local\lptmp2088492804
2013-07-03 11:55 - 2013-07-03 11:54 - 00773712 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
2013-07-03 11:55 - 2013-07-03 11:54 - 00420944 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll
2013-07-03 11:54 - 2013-07-04 19:23 - 00001886 ____A C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2013-07-03 11:54 - 2013-07-04 19:23 - 00001812 ____A C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-03 11:54 - 2013-07-04 08:50 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\Desk 365
2013-07-03 11:54 - 2013-07-03 11:55 - 00000000 ____D C:\Program Files\Desk 365
2013-07-03 11:53 - 2013-07-04 17:43 - 00000000 ____D C:\ProgramData\WRData
2013-07-03 11:53 - 2013-07-04 08:37 - 00000000 ____D C:\Program Files\Plus-HD-2.3
2013-07-03 11:53 - 2013-07-03 11:53 - 14965064 ____A (Google Inc.) C:\Users\Cristian\Downloads\picasa39_inst [1].exe
2013-07-03 11:53 - 2013-07-03 11:53 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\eIntaller
2013-07-03 11:53 - 2013-07-03 11:53 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\0F0W0T1V0D0L0M
2013-07-03 11:53 - 2013-07-03 11:53 - 00000000 ____D C:\Program Files\Webroot
2013-07-03 10:53 - 2013-07-03 10:53 - 00001666 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-07-03 10:52 - 2013-07-03 10:53 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-03 10:52 - 2013-07-03 10:53 - 00000000 ____D C:\Program Files\iTunes
2013-07-03 10:52 - 2013-07-03 10:52 - 00000000 ____D C:\Program Files\iPod
2013-07-03 10:39 - 2013-07-03 10:40 - 00000000 ____D C:\Program Files\QuickTime
2013-07-03 10:39 - 2013-07-03 10:39 - 00001728 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-07-03 09:00 - 2013-07-04 20:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-12 21:17 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 21:17 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 21:17 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 21:16 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 21:16 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 21:16 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 21:16 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 21:16 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 21:16 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 21:16 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 21:16 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 21:16 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 21:16 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 21:16 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 21:16 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 21:16 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 05:35 - 2013-05-08 05:40 - 00914792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 05:35 - 2013-05-08 03:58 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-06-12 05:35 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 05:35 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 05:35 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 05:35 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 05:35 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 05:35 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 05:35 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 05:35 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 05:35 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 05:34 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-04 18:42 - 2013-06-04 20:30 - 00000000 ____D C:\Users\Cristian\Desktop\VerkaufAutoBMW

==================== One Month Modified Files and Folders ========

2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\FRST
2013-07-04 20:38 - 2013-07-04 20:38 - 01373373 ____A (Farbar) C:\Users\Cristian\Desktop\FRST(1).exe
2013-07-04 20:35 - 2013-07-04 20:34 - 01373373 ____A (Farbar) C:\Users\Cristian\Desktop\FRST.exe
2013-07-04 20:10 - 2013-07-04 20:09 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\WebCake
2013-07-04 20:09 - 2013-07-04 20:09 - 00000390 ____A C:\Windows\Tasks\LyricsContainer Update.job
2013-07-04 20:09 - 2013-07-04 20:09 - 00000000 ____D C:\Program Files\WebCake
2013-07-04 20:09 - 2013-07-04 20:09 - 00000000 ____D C:\Program Files\LyricsContainer
2013-07-04 20:07 - 2013-07-03 09:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-04 20:06 - 2013-07-04 20:06 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\Delta
2013-07-04 20:06 - 2013-07-04 20:06 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\BabSolution
2013-07-04 20:06 - 2013-07-04 20:06 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-04 20:06 - 2013-07-04 20:06 - 00000000 ____D C:\Program Files\Delta
2013-07-04 20:06 - 2007-11-29 15:41 - 01951461 ____A C:\Windows\WindowsUpdate.log
2013-07-04 20:05 - 2013-07-04 20:05 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\Babylon
2013-07-04 20:05 - 2013-07-04 20:05 - 00000000 ____D C:\ProgramData\Babylon
2013-07-04 20:02 - 2012-09-23 08:17 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 20:01 - 2013-07-04 20:01 - 00247992 ____A C:\Users\Cristian\Desktop\Avira Antivirus Download.exe
2013-07-04 19:53 - 2011-06-27 07:03 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-04 19:50 - 2012-05-30 18:25 - 00001132 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1772254487-8582296-1865665106-1000UA.job
2013-07-04 19:26 - 2013-07-03 11:56 - 00001188 ____A C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-07-04 19:23 - 2013-07-03 11:56 - 00001092 ____A C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-07-04 19:23 - 2013-07-03 11:55 - 00001192 ____A C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-07-04 19:23 - 2013-07-03 11:54 - 00001886 ____A C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2013-07-04 19:23 - 2013-07-03 11:54 - 00001812 ____A C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-04 19:23 - 2012-05-30 21:08 - 00010718 ____A C:\Windows\PFRO.log
2013-07-04 19:23 - 2011-06-27 07:03 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-04 19:23 - 2007-11-20 22:26 - 00000000 ____D C:\Windows\SMINST
2013-07-04 19:23 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 19:23 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 19:23 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 19:15 - 2006-11-02 15:01 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-04 18:32 - 2013-07-04 18:32 - 00602112 ____A (OldTimer Tools) C:\Users\Cristian\Desktop\OTL.exe
2013-07-04 18:32 - 2013-07-04 18:31 - 00000478 ____A C:\Users\Cristian\Desktop\defogger_disable.log
2013-07-04 18:31 - 2013-07-04 18:31 - 00000000 ____A C:\Users\Cristian\defogger_reenable
2013-07-04 18:31 - 2008-01-15 11:21 - 00000000 ____D C:\users\Cristian
2013-07-04 18:30 - 2013-07-04 18:30 - 00000862 ____A C:\Users\Cristian\Desktop\Defogger.exe - Verknüpfung.lnk
2013-07-04 18:29 - 2013-07-04 18:29 - 00050477 ____A C:\Users\Cristian\Desktop\Defogger.exe
2013-07-04 18:27 - 2013-07-04 18:27 - 00793536 ____A C:\Users\Cristian\Downloads\ZipOpenerSetup.exe
2013-07-04 18:27 - 2013-07-04 18:27 - 00016678 ____A C:\Users\Cristian\Desktop\Zip Opener.htm
2013-07-04 18:27 - 2013-07-04 18:27 - 00000000 ____D C:\Users\Cristian\Desktop\Zip Opener_files
2013-07-04 17:51 - 2013-01-13 10:17 - 00002059 ____A C:\Users\Cristian\Desktop\Google Chrome.lnk
2013-07-04 17:44 - 2010-07-26 10:10 - 00000623 ____A C:\Windows\Support.ini
2013-07-04 17:43 - 2013-07-03 11:53 - 00000000 ____D C:\ProgramData\WRData
2013-07-04 17:41 - 2013-07-04 12:38 - 00000000 ____D C:\Windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-07-04 17:38 - 2011-09-21 13:17 - 00000000 ____D C:\Program Files\Common Files\Lexware
2013-07-04 17:36 - 2011-09-21 13:27 - 00000000 ____D C:\ProgramData\Lexware
2013-07-04 17:28 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Help
2013-07-04 17:26 - 2007-11-20 21:52 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-04 17:25 - 2007-11-20 21:56 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-07-04 16:10 - 2010-10-31 09:43 - 00001726 ____A C:\Users\Cristian\Desktop\Mozilla Firefox.lnk
2013-07-04 12:39 - 2013-07-04 12:39 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-04 12:37 - 2013-07-04 12:37 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-04 09:48 - 2008-01-22 12:21 - 00000000 ____D C:\ProgramData\Acronis
2013-07-04 08:50 - 2013-07-03 11:54 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\Desk 365
2013-07-04 08:37 - 2013-07-03 11:53 - 00000000 ____D C:\Program Files\Plus-HD-2.3
2013-07-03 17:37 - 2013-07-03 17:37 - 00000000 ____D C:\Users\Cristian\Desktop\117___07
2013-07-03 11:59 - 2013-07-03 11:55 - 00000000 ____D C:\ProgramData\eSafe
2013-07-03 11:56 - 2013-07-03 11:56 - 00116224 ____A (Webroot) C:\Windows\System32\Drivers\BGqjhauF.sys
2013-07-03 11:56 - 2013-07-03 11:55 - 00000000 ____D C:\Users\Cristian\AppData\Local\lptmp2088492804
2013-07-03 11:55 - 2013-07-03 11:54 - 00000000 ____D C:\Program Files\Desk 365
2013-07-03 11:54 - 2013-07-03 11:55 - 00773712 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
2013-07-03 11:54 - 2013-07-03 11:55 - 00420944 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll
2013-07-03 11:53 - 2013-07-03 11:53 - 14965064 ____A (Google Inc.) C:\Users\Cristian\Downloads\picasa39_inst [1].exe
2013-07-03 11:53 - 2013-07-03 11:53 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\eIntaller
2013-07-03 11:53 - 2013-07-03 11:53 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\0F0W0T1V0D0L0M
2013-07-03 11:53 - 2013-07-03 11:53 - 00000000 ____D C:\Program Files\Webroot
2013-07-03 10:53 - 2013-07-03 10:53 - 00001666 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-07-03 10:53 - 2013-07-03 10:52 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-03 10:53 - 2013-07-03 10:52 - 00000000 ____D C:\Program Files\iTunes
2013-07-03 10:52 - 2013-07-03 10:52 - 00000000 ____D C:\Program Files\iPod
2013-07-03 10:52 - 2011-08-07 16:21 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-03 10:40 - 2013-07-03 10:39 - 00000000 ____D C:\Program Files\QuickTime
2013-07-03 10:39 - 2013-07-03 10:39 - 00001728 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-07-03 10:38 - 2012-05-28 11:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 03:50 - 2012-05-30 18:25 - 00001080 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1772254487-8582296-1865665106-1000Core.job
2013-07-01 11:06 - 2011-08-05 12:44 - 00002631 ____A C:\Users\Cristian\Desktop\Microsoft Office Word 2007.lnk
2013-06-30 07:36 - 2006-11-02 12:33 - 01472526 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-28 20:22 - 2012-12-28 20:51 - 00000000 ____D C:\Program Files\Ashampoo_DE
2013-06-27 03:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-15 15:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-15 14:38 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-12 21:09 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 22:02 - 2012-06-06 09:31 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 22:02 - 2011-05-14 16:13 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-04 20:30 - 2013-06-04 18:42 - 00000000 ____D C:\Users\Cristian\Desktop\VerkaufAutoBMW

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 19:32

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2013
Ran by Cristian at 2013-07-04 20:44:06
Running from C:\Users\Cristian\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 1.0.0)
3D-Viewer-innoplus (Version: 13.01.07)
4500_Help (Version: 1.00.0000)
6300 (Version: 82.0.242.000)
6300_Help (Version: 82.0.242.000)
6300Trb (Version: 82.0.242.000)
7-Zip 4.65
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
AIO_CDB_ProductContext (Version: 82.0.242.000)
AIO_CDB_Software (Version: 82.0.242.000)
AIO_Scan (Version: 82.0.173.000)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ashampoo DE Toolbar (Version: 6.9.1.523)
Bonjour (Version: 3.0.0.10)
BPD_HPSU (Version: 1.00.0000)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BrowserDefender
BufferChm (Version: 100.0.170.000)
Canon iP3600 series Benutzerregistrierung
Canon iP3600 series Printer Driver
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CDBurnerXP (Version: 4.5.0.3685)
Copy (Version: 82.0.188.000)
CustomerResearchQFolder (Version: 1.00.0000)
dakota.ag (Version: 5.0.0.0)
Delta Chrome Toolbar
Delta toolbar   (Version: 1.8.21.5)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DHTML Editing Component (Version: 6.02.0001)
DivX Content Uploader (Version: 1.2.1)
DivX Web Player (Version: 1.4.0)
DocMgr (Version: 100.0.201.000)
DocProc (Version: 10.0.0.0)
eSafe Security Control 1.0.0.2522 (Version: 1.0.0.2522)
Evoluent Mouse Manager (Version: 4.0.0)
Fax (Version: 100.0.187.000)
FormatFactory 2.70 (Version: 2.70)
Free YouTube Download version 3.0.13.815
Google Chrome (HKCU Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.145)
GPBaseService (Version: 100.0.187.000)
GPBaseService2 (Version: 130.0.371.000)
HP Active Support Library (Version: 2.0.12.1)
HP Active Support Library 32 bit components (Version: 2.1.0)
HP Customer Experience Enhancements (Version: 5.2.0.2296)
HP Customer Feedback (Version: 1.0.0)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Document Manager 1.0 (Version: 1.0)
HP Easy Setup - Frontend (Version: 5.2.0.2304)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Officejet J4500 Series (Version: 1.0)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Smart Web Printing (Version: 3.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.007.003)
HPAsset component for HP Active Support Library (Version: 3.0.2.2)
HPProductAssistant (Version: 130.0.371.000)
iCloud (Version: 2.1.1.3)
iTunes (Version: 11.0.4.4)
J4500 (Version: 50.0.165.000)
Java Auto Updater (Version: 2.0.5.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
Java(TM) SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Lexware Info Service (Version: 2.70.00.0081)
LightScribe  1.8.15.1 (Version: 1.8.15.1)
LyricsContainer
MarketResearch (Version: 100.0.170.000)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliType Pro 7.1 (Version: 7.10.344.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007-Testversion (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual J# 2.0 Redistributable Package - SE
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728)
Microsoft Works (Version: 08.05.0822)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers
Optimierte Multimedia-Tastatur-Lösung
Picasa 3 (Version: 3.8)
Picasa Packages
Plus-HD-2.3 (Version: 1.27.153.5)
ProductContext (Version: 50.0.165.000)
PSSWCORE (Version: 2.01.0000)
Python 2.5 (Version: 2.5.150)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5548)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.572)
RTC Client API v1.2 (Version: 1.2.0000)
Scan (Version: 10.1.0.0)
Sigel Event Label Software
SmartWebPrintingOC (Version: 100.0.189.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 100.0.175.000)
swMSM (Version: 12.0.0.1)
Teledat Konfigurationsprogramm
Toolbox (Version: 100.0.170.000)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 100.0.170.000)
UnloadSupport (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01 (Version: 90.0.146.000)
Viewpoint Media Player
VLC media player 1.1.4 (Version: 1.1.4)
WebCake 3.00 (Version: 3.00)
WebReg (Version: 100.0.170.000)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

==================== Restore Points  =========================

29-06-2013 19:00:39 Windows-Sicherung
30-06-2013 07:18:31 Windows Update
30-06-2013 19:00:33 Windows-Sicherung
01-07-2013 19:00:29 Windows-Sicherung
02-07-2013 19:00:20 Windows-Sicherung
03-07-2013 08:43:51 Gerätetreiber-Paketinstallation: Apple, Inc. USB-Controller
03-07-2013 19:00:47 Windows-Sicherung
04-07-2013 10:38:33 Installed SpyHunter
04-07-2013 15:18:11 Acronis*True*Image*Home wird entfernt
04-07-2013 15:21:08 Entfernt DesignPro 5
04-07-2013 15:24:45 Removed Corel MediaOne.
04-07-2013 15:27:52 Removed Lexware online banking.
04-07-2013 15:29:41 Removed Lexware Elster.
04-07-2013 15:31:10 Removed Lexware financial office 2011.
04-07-2013 15:40:10 Removed SpyHunter
04-07-2013 15:43:39 Removed Olympus DSS Player Standard
04-07-2013 17:59:11 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000736 ____N C:\Windows\system32\Drivers\etc\hosts
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {056002EE-5D78-4EAF-8E92-1AC797CF39A6} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Cristian => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {146CC7F1-4B47-4F95-A5B8-2EC0C2D6EE07} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-11-05] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1CCCACAC-968E-4826-9EC9-2079DD5C3858} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {1E8D16DD-92D2-4462-B46E-C748629CDA3B} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe [2013-07-03] (337 Technology Limited.)
Task: {205AE3E8-DB28-4703-A3B3-F0DA74E7EBBF} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-05-17] ()
Task: {2C0B4CE0-7836-4049-A6B5-D9E791DD6B06} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24] (Hewlett-Packard)
Task: {32991C2A-FBD7-4857-8359-B3FB7B0ED571} - System32\Tasks\LyricsContainer Update => C:\Program Files\LyricsContainer\LrcsCtrUpdr.exe [2013-06-22] (RYD Software)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4EA57F14-4E2C-469B-AEAA-AC0535614E8E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {54AF85B6-47C6-445D-A63B-DA0B89A0373D} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {55586F91-E230-431E-A2CC-44F80F04ACA1} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {60041D4D-223A-42ED-8361-736675E7333D} - System32\Tasks\User_Feed_Synchronization-{FF3E668A-BDC1-4B4C-B3FA-097D129D8B4F} => C:\Windows\system32\msfeedssync.exe [2011-08-05] (Microsoft Corporation)
Task: {621536AC-9241-4203-B4F4-002AB26F46CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1772254487-8582296-1865665106-1000UA => C:\Users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-20] (Google Inc.)
Task: {680F6B28-6106-40F4-900F-2A6FB5527EFC} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2006-11-02] (Microsoft Corporation)
Task: {6F52023A-8583-4A2F-8897-8D0DDA752944} - System32\Tasks\Plus-HD-2.3-updater => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-updater.exe [2013-07-03] (Plus HD)
Task: {70F9EB48-5BF9-456F-9B2E-C2E4243D4818} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {71B70DA7-B205-4D15-AF69-8603BF16CBA0} - System32\Tasks\EPUpdater => C:\Users\Cristian\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {7715F03D-398E-4875-B39D-12C8D5AEE73F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {7B7A5420-7034-43BA-A57B-FC1A6FF8AB58} - System32\Tasks\Plus-HD-2.3-enabler => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [2013-07-03] (Plus HD)
Task: {85BDE8BD-0C9C-4672-B693-EE931B666872} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-27] (Google Inc.)
Task: {98DD3500-6AF6-483F-937F-F076B631E27A} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
Task: {A2E415A9-3608-4E3E-A566-BB1F440BD94B} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-07-03] (Plus HD)
Task: {A3056F46-39FA-464C-8CE5-76CA9BB28BFF} - System32\Tasks\Plus-HD-2.3-chromeinstaller => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [2013-07-03] (Plus HD)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {A69D295A-45A8-4042-A605-5E423F9CFE19} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {B046B8D3-B880-44CE-B7D2-351DCA2AD8B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1772254487-8582296-1865665106-1000Core => C:\Users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-20] (Google Inc.)
Task: {BCE50F3A-5158-4353-ACA6-2739922780E4} - System32\Tasks\JavaUpdateCristian => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
Task: {C40DBFAA-A3F5-478F-8A3E-AEB7C81BD79A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {D5E75031-DD6F-4FDF-9EEC-4C5553072652} - System32\Tasks\JavaUpdateAdmin => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F918DF09-76C1-4BA6-A67F-A5A0E4FCB875} - System32\Tasks\Plus-HD-2.3-firefoxinstaller => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe [2013-07-03] (Plus HD)
Task: {FC26B1A7-902B-49E8-A903-BAAC992A7E3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1772254487-8582296-1865665106-1000Core.job => C:\Users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1772254487-8582296-1865665106-1000UA.job => C:\Users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LyricsContainer Update.job => C:\Program Files\LyricsContainer\LrcsCtrUpdr.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-enabler.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-updater.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-updater.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2013 08:11:05 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\CRISTIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\VL92FDKU.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/04/2013 08:11:05 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\CRISTIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\VL92FDKU.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/04/2013 08:11:04 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\CRISTIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\VL92FDKU.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/04/2013 08:11:04 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\CRISTIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\VL92FDKU.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/04/2013 08:11:04 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\CRISTIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\VL92FDKU.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/04/2013 08:11:04 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\CRISTIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\VL92FDKU.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/04/2013 08:11:04 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\CRISTIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\VL92FDKU.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/04/2013 08:11:04 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\CRISTIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\VL92FDKU.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/04/2013 08:11:04 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\CRISTIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\VL92FDKU.DEFAULT\CACHE\5> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/04/2013 08:11:04 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\CRISTIAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\VL92FDKU.DEFAULT\CACHE\5> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (07/04/2013 07:26:04 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (07/04/2013 07:26:04 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/04/2013 07:24:53 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (07/04/2013 07:24:53 PM) (Source: Service Control Manager) (User: )
Description: eSafe Service%%2

Error: (07/04/2013 08:50:34 AM) (Source: Service Control Manager) (User: )
Description: 1Neustart des DienstsWRSVC%%1056

Error: (07/04/2013 08:50:24 AM) (Source: Service Control Manager) (User: )
Description: WRSVC1100001Neustart des Diensts

Error: (07/04/2013 07:07:46 AM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (07/04/2013 07:07:44 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/04/2013 07:07:17 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (07/04/2013 07:07:17 AM) (Source: Service Control Manager) (User: )
Description: eSafe Service%%2


Microsoft Office Sessions:
=========================
Error: (06/29/2013 09:01:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 522231 seconds with 4980 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-07-04 20:43:21.249
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-04 20:43:20.570
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-04 20:43:19.881
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-04 20:43:19.190
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-04 19:00:14.597
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-04 19:00:13.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-04 19:00:13.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-04 19:00:12.834
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-04 19:00:12.273
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-04 19:00:11.727
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 79%
Total physical RAM: 1917.82 MB
Available physical RAM: 397.68 MB
Total Pagefile: 4082.08 MB
Available Pagefile: 2410.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.44 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:141.75 GB) (Free:48.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:7.3 GB) (Free:0.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:3.69 GB) (Free:3.34 GB) FAT32
Drive k: (IOMEGA) (Fixed) (Total:465.65 GB) (Free:190.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 3A59D7F5)
Partition 1: (Active) - (Size=466 GB) - (Type=0B)

========================================================
Disk: 4 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

M-K-D-B · 05.07.2013, 16:50

Servus,

Du hast jede Menge Adware auf dem Rechner. Könnte etwas dauern, aber wir bringen das wieder in Ordnung.

Bitte alles genau so ausführen:

AdwCleaner bitte zweimal direkt hintereinander genau so ausführen und beide Logdateien davon posten!

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus. Es wird nur eine FRST.txt erzeugt. Poste mir diese.

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von AdwCleaner,
die Logdatei von JRT,
die Logdatei von FRST.

Die-Dora · 05.07.2013, 22:14

Hi Matthias,

Danke für Deine Rückmeldung:

Schritt 1 habe ich glaube ich hinbekommen, schau mal:

Code:

ATTFilter

# AdwCleaner v2.304 - Datei am 05/07/2013 um 22:36:09 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Cristian - HOMEPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Cristian\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : BrowserDefendert
Gestoppt & Gelöscht : desksvc
Gestoppt & Gelöscht : eSafeSvc
Gestoppt & Gelöscht : PCSUService
Gestoppt & Gelöscht : WebCake Desktop Updater

***** [Dateien / Ordner] *****

Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\Cristian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Datei Desinfiziert : C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Desinfiziert : C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Datei Desinfiziert : C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Windows\system32\conduitEngine.tmp
Datei Gelöscht : C:\Windows\Tasks\LyricsContainer Update.job
Gelöscht mit Neustart : C:\Program Files\Desk 365
Gelöscht mit Neustart : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Delta
Ordner Gelöscht : C:\Program Files\LyricsContainer
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\Program Files\WebCake
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Ordner Gelöscht : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Ordner Gelöscht : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Ordner Gelöscht : C:\Users\Cristian\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Cristian\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Cristian\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Cristian\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Cristian\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Cristian\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Cristian\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Cristian\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Cristian\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Cristian\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\Cristian\AppData\Roaming\Desk 365
Ordner Gelöscht : C:\Users\Cristian\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Cristian\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Conduit
Ordner Gelöscht : C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\ConduitCommon
Ordner Gelöscht : C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\Users\Cristian\AppData\Roaming\WebCake

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\...\StartMenuInternet\Google Chrome [(Default)] = "C:\Users\Cristian\AppData\Local\Google\Chrome\Application\chrome.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=126614527_331763_00F70A37&ts=1372845214
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\5b688deb46def46
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BF67F764-95B6-4360-BB57-B2E5AA6C814B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\eSafeSecControl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Lyrics@LyricsContainer.co
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 101 MediaBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\softonic-de3 Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311341126}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\5b688deb46def46
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\Bandoo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311341126}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342226}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2481020
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3031784
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344344426}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341126}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341126}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lyrics@LyricsContainer.co
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKU\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Desk 365]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\prefs.js

C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2319825..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2319825.AppTrackingLastCheckTime", "Fri Aug 05 2011 10:47:39 GMT+0200");
Gelöscht : user_pref("CT2319825.CTID", "CT2319825");
Gelöscht : user_pref("CT2319825.CurrentServerDate", "5-8-2011");
Gelöscht : user_pref("CT2319825.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2319825.DialogsGetterLastCheckTime", "Thu Apr 14 2011 09:14:04 GMT+0200");
Gelöscht : user_pref("CT2319825.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2319825.EMailNotifierPollDate", "Fri Aug 05 2011 10:47:18 GMT+0200");
Gelöscht : user_pref("CT2319825.FeedPollDate11908299", "Fri Aug 05 2011 10:47:20 GMT+0200");
Gelöscht : user_pref("CT2319825.FirstServerDate", "14-4-2011");
Gelöscht : user_pref("CT2319825.FirstTime", true);
Gelöscht : user_pref("CT2319825.FirstTimeFF3", true);
Gelöscht : user_pref("CT2319825.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2319825.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2319825.Initialize", true);
Gelöscht : user_pref("CT2319825.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2319825.InstalledDate", "Thu Apr 14 2011 09:14:05 GMT+0200");
Gelöscht : user_pref("CT2319825.InvalidateCache", false);
Gelöscht : user_pref("CT2319825.IsGrouping", false);
Gelöscht : user_pref("CT2319825.IsMulticommunity", false);
Gelöscht : user_pref("CT2319825.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2319825.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2319825.LanguagePackLastCheckTime", "Fri Aug 05 2011 10:47:20 GMT+0200");
Gelöscht : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2319825.LastLogin_3.3.3.2", "Fri Aug 05 2011 10:47:20 GMT+0200");
Gelöscht : user_pref("CT2319825.LatestVersion", "3.3.3.2");
Gelöscht : user_pref("CT2319825.Locale", "de");
Gelöscht : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2319825.RadioIsPodcast", false);
Gelöscht : user_pref("CT2319825.RadioLastCheckTime", "Fri Aug 05 2011 10:47:20 GMT+0200");
Gelöscht : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Gelöscht : user_pref("CT2319825.RadioMediaID", "11949532");
Gelöscht : user_pref("CT2319825.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Gelöscht : user_pref("CT2319825.RadioStationName", "1Live");
Gelöscht : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Gelöscht : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2319825.SavedHomepage", "hxxp://www.searchqu.com/");
Gelöscht : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gelöscht : user_pref("CT2319825.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Fri Aug 05 2011 10:47:17 GMT+0200");
Gelöscht : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2319825.ServiceMapLastCheckTime", "Fri Aug 05 2011 10:47:18 GMT+0200");
Gelöscht : user_pref("CT2319825.SettingsLastCheckTime", "Fri Aug 05 2011 10:47:15 GMT+0200");
Gelöscht : user_pref("CT2319825.SettingsLastUpdate", "1312118211");
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Fri Aug 05 2011 10:47:15 GMT+0200");
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Gelöscht : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Gelöscht : user_pref("CT2319825.Uninstall", true);
Gelöscht : user_pref("CT2319825.UserID", "UN88093760438115696");
Gelöscht : user_pref("CT2319825.ValidationData_Toolbar", 0);
Gelöscht : user_pref("CT2319825.WeatherNetwork", "");
Gelöscht : user_pref("CT2319825.WeatherPollDate", "Fri Aug 05 2011 10:47:21 GMT+0200");
Gelöscht : user_pref("CT2319825.WeatherUnit", "C");
Gelöscht : user_pref("CT2319825.alertChannelId", "715912");
Gelöscht : user_pref("CT2319825.backendstorage.id", "36393032383939");
Gelöscht : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Fri Aug 05 2011 10:47:21 GMT+0200");
Gelöscht : user_pref("CT2319825.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2319825.myStuffEnabled", true);
Gelöscht : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2319825.oldAppsList", "128898076802619665,128898076802619666,129309281463312841,1291363[...]
Gelöscht : user_pref("CT2319825.testingCtid", "");
Gelöscht : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Fri Aug 05 2011 10:47:20 GMT+0200");
Gelöscht : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Thu Apr 14 2011 09:14:06 GMT+0200");
Gelöscht : user_pref("CT2431245..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2431245.AppTrackingLastCheckTime", "Fri Aug 05 2011 10:47:20 GMT+0200");
Gelöscht : user_pref("CT2431245.BrowserCompStateIsOpen_129453393920757186", true);
Gelöscht : user_pref("CT2431245.BrowserCompStateIsOpen_129453393921850940", true);
Gelöscht : user_pref("CT2431245.BrowserCompStateIsOpen_129453394044193841", true);
Gelöscht : user_pref("CT2431245.CTID", "CT2431245");
Gelöscht : user_pref("CT2431245.CurrentServerDate", "5-8-2011");
Gelöscht : user_pref("CT2431245.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2431245.DialogsGetterLastCheckTime", "Fri Aug 05 2011 10:47:11 GMT+0200");
Gelöscht : user_pref("CT2431245.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2431245.EMailNotifierPollDate", "Fri Aug 05 2011 10:47:07 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedLastCount129009402595187825", 1191);
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014180506963", "Fri Aug 05 2011 10:47:08 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014269327586", "Fri Aug 05 2011 10:47:07 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014329599698", "Fri Aug 05 2011 10:47:07 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014537505092", "Fri Aug 05 2011 10:47:07 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014970726540", "Fri Aug 05 2011 10:47:08 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015410831318", "Fri Aug 05 2011 10:47:09 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015483395460", "Fri Aug 05 2011 10:47:08 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015636754705", "Fri Aug 05 2011 10:47:08 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015768347545", "Fri Aug 05 2011 10:47:08 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015855543602", "Fri Aug 05 2011 10:47:07 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016030710453", "Fri Aug 05 2011 10:47:07 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016114705611", "Fri Aug 05 2011 10:47:09 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016129205152", "Fri Aug 05 2011 10:47:09 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016143724791", "Fri Aug 05 2011 10:47:09 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016271239162", "Fri Aug 05 2011 10:47:09 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016568520719", "Fri Aug 05 2011 10:47:08 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016726993788", "Fri Aug 05 2011 10:47:07 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017109031809", "Fri Aug 05 2011 10:47:08 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017132743740", "Fri Aug 05 2011 10:47:08 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017299547668", "Fri Aug 05 2011 10:47:09 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017302327846", "Fri Aug 05 2011 10:47:08 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017344111490", "Fri Aug 05 2011 10:47:08 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017478360748", "Fri Aug 05 2011 10:47:09 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017732797593", "Fri Aug 05 2011 10:47:07 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017821686064", "Fri Aug 05 2011 10:47:09 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634018090228721", "Fri Aug 05 2011 10:47:08 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Gelöscht : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Gelöscht : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Gelöscht : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Gelöscht : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Gelöscht : user_pref("CT2431245.FeedTTL7470634017109031809", 30);
Gelöscht : user_pref("CT2431245.FeedTTL7470634017299547668", 2);
Gelöscht : user_pref("CT2431245.FirstServerDate", "22-11-2010");
Gelöscht : user_pref("CT2431245.FirstTime", true);
Gelöscht : user_pref("CT2431245.FirstTimeFF3", true);
Gelöscht : user_pref("CT2431245.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2431245.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2431245.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2431245.Initialize", true);
Gelöscht : user_pref("CT2431245.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2431245.InstallationId", "integrated_CT2431245 .exe");
Gelöscht : user_pref("CT2431245.InstallationType", "ConduitIntegration");
Gelöscht : user_pref("CT2431245.InstalledDate", "Sun Nov 21 2010 22:29:49 GMT+0100");
Gelöscht : user_pref("CT2431245.InvalidateCache", false);
Gelöscht : user_pref("CT2431245.IsGrouping", false);
Gelöscht : user_pref("CT2431245.IsMulticommunity", false);
Gelöscht : user_pref("CT2431245.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2431245.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2431245.LanguagePackLastCheckTime", "Fri Aug 05 2011 10:47:09 GMT+0200");
Gelöscht : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2431245.LastLogin_3.2.1.3", "Thu Mar 17 2011 03:09:45 GMT+0100");
Gelöscht : user_pref("CT2431245.LastLogin_3.3.2.1", "Fri Mar 25 2011 19:01:10 GMT+0100");
Gelöscht : user_pref("CT2431245.LastLogin_3.3.3.2", "Thu Apr 14 2011 12:48:32 GMT+0200");
Gelöscht : user_pref("CT2431245.LastLogin_3.6.0.10", "Fri Aug 05 2011 10:47:09 GMT+0200");
Gelöscht : user_pref("CT2431245.LatestVersion", "3.5.0.12");
Gelöscht : user_pref("CT2431245.Locale", "de-de");
Gelöscht : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2431245.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2431245.RadioIsPodcast", false);
Gelöscht : user_pref("CT2431245.RadioLastCheckTime", "Fri Aug 05 2011 10:47:07 GMT+0200");
Gelöscht : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Gelöscht : user_pref("CT2431245.RadioMediaID", "20503672");
Gelöscht : user_pref("CT2431245.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Gelöscht : user_pref("CT2431245.RadioShrinked", "shrinked");
Gelöscht : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Gelöscht : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Gelöscht : user_pref("CT2431245.SHRINK_TOOLBAR", 0);
Gelöscht : user_pref("CT2431245.SavedHomepage", "hxxp://www.bild.de");
Gelöscht : user_pref("CT2431245.SearchEngineBeforeUnload", "Winload Customized Web Search");
Gelöscht : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Gelöscht : user_pref("CT2431245.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Fri Aug 05 2011 10:47:09 GMT+0200");
Gelöscht : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2431245.SearchProtectorEnabled", true);
Gelöscht : user_pref("CT2431245.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2431245.ServiceMapLastCheckTime", "Fri Aug 05 2011 10:47:06 GMT+0200");
Gelöscht : user_pref("CT2431245.SettingsLastCheckTime", "Fri Aug 05 2011 10:47:05 GMT+0200");
Gelöscht : user_pref("CT2431245.SettingsLastUpdate", "1312401541");
Gelöscht : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Fri Aug 05 2011 10:47:05 GMT+0200");
Gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257");
Gelöscht : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2431245");
Gelöscht : user_pref("CT2431245.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2431245.Uninstall", true);
Gelöscht : user_pref("CT2431245.UserID", "UN10590211858846854");
Gelöscht : user_pref("CT2431245.ValidationData_Toolbar", 0);
Gelöscht : user_pref("CT2431245.WeatherNetwork", "");
Gelöscht : user_pref("CT2431245.WeatherPollDate", "Fri Aug 05 2011 10:47:08 GMT+0200");
Gelöscht : user_pref("CT2431245.WeatherUnit", "C");
Gelöscht : user_pref("CT2431245.alertChannelId", "825452");
Gelöscht : user_pref("CT2431245.backendstorage._fb_dailyactivity", "31333032343937383239313735");
Gelöscht : user_pref("CT2431245.backendstorage._fb_lifetimesent", "54525545");
Gelöscht : user_pref("CT2431245.backendstorage.facebook_ctid_connect_send", "73656E646564");
Gelöscht : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Gelöscht : user_pref("CT2431245.backendstorage.li_dailyactivity", "31333031353436393031323239");
Gelöscht : user_pref("CT2431245.backendstorage.li_lifetimesent", "54525545");
Gelöscht : user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2431245.globalFirstTimeInfoLastCheckTime", "Fri Aug 05 2011 10:47:12 GMT+0200");
Gelöscht : user_pref("CT2431245.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2431245.initDone", true);
Gelöscht : user_pref("CT2431245.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2431245.myStuffEnabled", true);
Gelöscht : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2431245.oldAppsList", "129009402577063104,129009402577844366,111,129460318377631679,129[...]
Gelöscht : user_pref("CT2431245.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2431245.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2431245.testingCtid", "");
Gelöscht : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Fri Aug 05 2011 10:47:09 GMT+0200");
Gelöscht : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Fri Aug 05 2011 10:47:12 GMT+0200");
Gelöscht : user_pref("CT2431245.usagesFlag", 2);
Gelöscht : user_pref("CT2481020_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("CT3031784..clientLogIsEnabled", true);
Gelöscht : user_pref("CT3031784..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT3031784..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT3031784.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT3031784.AppTrackingLastCheckTime", "Sun Aug 07 2011 16:08:35 GMT+0200");
Gelöscht : user_pref("CT3031784.BrowserCompStateIsOpen_6426794018470041167", true);
Gelöscht : user_pref("CT3031784.CTID", "CT3031784");
Gelöscht : user_pref("CT3031784.CurrentServerDate", "7-8-2011");
Gelöscht : user_pref("CT3031784.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT3031784.DialogsGetterLastCheckTime", "Sun Aug 07 2011 16:08:22 GMT+0200");
Gelöscht : user_pref("CT3031784.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT3031784.EMailNotifierPollDate", "Sun Aug 07 2011 16:08:21 GMT+0200");
Gelöscht : user_pref("CT3031784.FirstServerDate", "7-8-2011");
Gelöscht : user_pref("CT3031784.FirstTime", true);
Gelöscht : user_pref("CT3031784.FirstTimeFF3", true);
Gelöscht : user_pref("CT3031784.FixPageNotFoundErrors", false);
Gelöscht : user_pref("CT3031784.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT3031784.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT3031784.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT3031784.Initialize", true);
Gelöscht : user_pref("CT3031784.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT3031784.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT3031784.InstallationId", "CT3031784_softonic-Germany_.exe");
Gelöscht : user_pref("CT3031784.InstallationType", "ConduitIntegration");
Gelöscht : user_pref("CT3031784.InstalledDate", "Sun Aug 07 2011 16:08:21 GMT+0200");
Gelöscht : user_pref("CT3031784.InvalidateCache", false);
Gelöscht : user_pref("CT3031784.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT3031784.IsGrouping", false);
Gelöscht : user_pref("CT3031784.IsInitSetupIni", true);
Gelöscht : user_pref("CT3031784.IsMulticommunity", false);
Gelöscht : user_pref("CT3031784.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT3031784.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT3031784.LanguagePackLastCheckTime", "Sun Aug 07 2011 16:08:23 GMT+0200");
Gelöscht : user_pref("CT3031784.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT3031784.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT3031784.LastLogin_3.6.0.10", "Sun Aug 07 2011 16:08:22 GMT+0200");
Gelöscht : user_pref("CT3031784.LatestVersion", "3.5.1.1");
Gelöscht : user_pref("CT3031784.Locale", "de");
Gelöscht : user_pref("CT3031784.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT3031784.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT3031784.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT3031784.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT3031784.OriginalFirstVersion", "3.6.0.10");
Gelöscht : user_pref("CT3031784.RadioIsPodcast", false);
Gelöscht : user_pref("CT3031784.RadioLastCheckTime", "Sun Aug 07 2011 16:08:23 GMT+0200");
Gelöscht : user_pref("CT3031784.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT3031784.RadioLastUpdateServer", "3");
Gelöscht : user_pref("CT3031784.RadioMediaID", "9962");
Gelöscht : user_pref("CT3031784.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT3031784.RadioMenuSelectedID", "EBRadioMenu_CT30317849962");
Gelöscht : user_pref("CT3031784.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT3031784.RadioStationName", "California%20Rock");
Gelöscht : user_pref("CT3031784.RadioStationURL", "hxxp://feedlive.net/california.asx");
Gelöscht : user_pref("CT3031784.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT3031784.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT303[...]
Gelöscht : user_pref("CT3031784.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT3031784.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT3031784.SearchInNewTabLastCheckTime", "Sun Aug 07 2011 16:08:22 GMT+0200");
Gelöscht : user_pref("CT3031784.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT3031784.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT3031784.ServiceMapLastCheckTime", "Sun Aug 07 2011 16:08:20 GMT+0200");
Gelöscht : user_pref("CT3031784.SettingsLastCheckTime", "Sun Aug 07 2011 16:08:20 GMT+0200");
Gelöscht : user_pref("CT3031784.SettingsLastUpdate", "1312705915");
Gelöscht : user_pref("CT3031784.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT3031784.ThirdPartyComponentsLastCheck", "Sun Aug 07 2011 16:08:20 GMT+0200");
Gelöscht : user_pref("CT3031784.ThirdPartyComponentsLastUpdate", "1255344657");
Gelöscht : user_pref("CT3031784.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT3031784.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3031784");
Gelöscht : user_pref("CT3031784.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT3031784.UserID", "UN26157544312393613");
Gelöscht : user_pref("CT3031784.alertChannelId", "1423363");
Gelöscht : user_pref("CT3031784.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT3031784.globalFirstTimeInfoLastCheckTime", "Sun Aug 07 2011 16:08:22 GMT+0200");
Gelöscht : user_pref("CT3031784.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT3031784.initDone", true);
Gelöscht : user_pref("CT3031784.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT3031784.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT3031784.myStuffEnabled", true);
Gelöscht : user_pref("CT3031784.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT3031784.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT3031784.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT3031784.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT3031784.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT3031784.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT3031784.testingCtid", "");
Gelöscht : user_pref("CT3031784.toolbarAppMetaDataLastCheckTime", "Sun Aug 07 2011 16:08:22 GMT+0200");
Gelöscht : user_pref("CT3031784.toolbarContextMenuLastCheckTime", "Sun Aug 07 2011 16:08:23 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=825452&fid=821260", "\"0\""[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1423363/1419018/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3031784", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.5.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3031784",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63438026930213[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2431245&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3031784&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/maxi.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play_mini[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/Newtab/Softonic/CT2431245.xml", "\"07ba0[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "CT2319825");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "winload");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Cristian\\AppData\\Roaming\\Mozilla[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2319825");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "winload");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2431245,CT2319825,CT3031784");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245,CT2319825,CT3031784");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT3031784");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Mar 17 2011 06:30:45 GMT+01[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Aug 04 2011 11:59:35 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Aug 05 2011 10:21:42 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "aa798c31-c970-482c-b6ee-01f08e8c669a");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Aug 05 2011 10:47:19 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "cde99780-fbc9-4ccb-b40a-9be1861ef897");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3031784");
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Aug 07 2011 16:08:2[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Aug 07 2011 16:08:32 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Aug 07 2011 16:08:20 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "ca941fd6-2697-46b1-82d4-babef3be295c");
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2481020&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "Ashampoo DE Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020[...]
Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.searchqu.com/web?src=ffb&appid=119&sy[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2481020");
Gelöscht : user_pref("browser.search.defaultenginename", "qvo6");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Ashampoo DE Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "qvo6");
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.bbDpng", "5");
Gelöscht : user_pref("extensions.delta.cntry", "DE");
Gelöscht : user_pref("extensions.delta.dfltLng", "de");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.hdrMd5", "757CD85991835C0F87932504B70BD662");
Gelöscht : user_pref("extensions.delta.id", "00f70a37000000000000001e8c058d2b");
Gelöscht : user_pref("extensions.delta.instlDay", "15890");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.21.520:06:58");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.sg", "azb");
Gelöscht : user_pref("extensions.delta.smplGrp", "azb");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.520:06:58");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119556&tt=040713_ifrmful&tsp=4933");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Gelöscht : user_pref("extensions.enabledAddons", "info%40youtube-mp3.org:1.0.4,%7BACAA314B-EEBA-48e4-AD47-84E31[...]
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("plugin.blocklisted.npviewpoint", true);
Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2481020&SearchSource=13[...]
Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gelöscht : user_pref("smartbar.originalHomepage", "hxxp://www.bild.de");
Gelöscht : user_pref("smartbar.originalSearchAddressUrl", "hxxp://www.searchqu.com/web?src=ffb&appid=119&system[...]
Gelöscht : user_pref("smartbar.originalSearchEngine", "Google");

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [63947 octets] - [05/07/2013 22:36:10]

########## EOF - C:\AdwCleaner[S1].txt - [64008 octets] ##########

Code:

ATTFilter

# AdwCleaner v2.304 - Datei am 05/07/2013 um 22:43:11 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Cristian - HOMEPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Cristian\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\searchplugins\Babylon.xml
Ordner Gelöscht : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Ordner Gelöscht : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Ordner Gelöscht : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [64078 octets] - [05/07/2013 22:36:10]
AdwCleaner[S2].txt - [1999 octets] - [05/07/2013 22:43:11]

########## EOF - C:\AdwCleaner[S2].txt - [2059 octets] ##########

Bei Schritt 2, komme ich leider nicht weiter! Ich habe das Programm heruntergeladen. Ich habe aber keine Ahnung, durch was mein PC kontrolliert/geschützt wird? Ich habe unter Programme gesucht, aber ich habe keine Ahnung. Der PC wurde damals von einem "Profi" fit gemacht, er hatte auch einen Virenschutz drauf getan, aber ich weiss nicht wo oder was.

Irgendwo blockiert etwas Schritt 2, wo soll ich suchen?

Danke für Deine Engels Geduld!!

und bitte net auslachen

LG Die-Dora

PS: Als ich auf der Suche nach dem Virenprogramm war habe ich 3 Sachen gelöscht.

Microsoft Security Essentials
PC Beschleunigen (öffnen sich aber trotzdem automatisch und ständig)
Snapdo (sobald ich Mozilla aufmache ist jetzt Snapdo drauf, obwohl es als Programm gelöscht ist.

M-K-D-B · 05.07.2013, 22:53

Servus,

Schritt 1
Führe zuerst bitte nochmal AdwCleaner aus (-> Löschen) und poste die Logdatei.

Schritt 2
Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.

Starte die sc-cleaner.exe mit einem Doppelclick.
Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
Eine Logdatei wird sich öffnen (sc-cleaner.txt).
Poste den Inhalt mit deiner nächsten Antwort.

Schritt 3
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus. Es wird nur eine FRST.txt erzeugt. Poste mir diese.

Schritt 4
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*BrowserDefender*
*desksvc*
*eSafeSvc*
*PCSUService*
*WebCake*
*AskSearch*
*bProtector*
*conduit*
*Babylon*
*LyricsContainer*
*Desk 365*
*Viewpoint*
*Ilivid*
*PriceGong*
*searchqu*
*delta Toolbar*
*Crossrider*
*DataMngr*
*Bandoo*
*Softonic*
*qvo6*
*CommunityToolbar*
*Plus-HD*

:folderfind
*BrowserDefender*
*desksvc*
*eSafeSvc*
*PCSUService*
*WebCake*
*AskSearch*
*bProtector*
*conduit*
*Babylon*
*LyricsContainer*
*Desk 365*
*Viewpoint*
*Ilivid*
*PriceGong*
*searchqu*
*delta Toolbar*
*Crossrider*
*DataMngr*
*Bandoo*
*Softonic*
*qvo6*
*CommunityToolbar*
*Plus-HD*

:regfind
BrowserDefender
desksvc
eSafeSvc
PCSUService
WebCake
AskSearch
bProtector
conduit
Babylon
LyricsContainer
Desk 365
Viewpoint
Ilivid
PriceGong
searchqu
delta
Crossrider
DataMngr
Bandoo
Softonic
qvo6
CommunityToolbar
Plus-HD

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von SC-Cleaner,
die Logdatei von FRST,
die Logdatei von SystemLook.

Die-Dora · 06.07.2013, 07:02

Guten Morgen Matthias,

erstmal die Antworten bis Schritt 4:

Code:

ATTFilter

# AdwCleaner v2.304 - Datei am 06/07/2013 um 07:17:25 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Cristian - HOMEPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Cristian\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\prefs.js

Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.29] : icon_url = "hxxp://search.conduit.com/fav.ico",
Gelöscht [l.32] : keyword = "qvo6",
Gelöscht [l.36] : search_url = "hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=126614527_[...]
Gelöscht [l.2254] : homepage = "hxxp://www.yhs.delta-search.com/?babsrc=HP_ss&mntrId=00F7001E8C058D2B&affID=119556&t[...]
Gelöscht [l.2682] : urls_to_restore_on_startup = [ "hxxp://www.yhs.delta-search.com/?babsrc=HP_ss&mntrId=00F7001E[...]

*************************

AdwCleaner[S1].txt - [64078 octets] - [05/07/2013 22:36:10]
AdwCleaner[S2].txt - [2128 octets] - [05/07/2013 22:43:11]
AdwCleaner[S3].txt - [1571 octets] - [06/07/2013 07:17:25]

########## EOF - C:\AdwCleaner[S3].txt - [1631 octets] ##########

Code:

ATTFilter

Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows Vista (TM) Home Premium Service Pack 2
Program started at: 07/06/2013 07:22:12 AM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Cristian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Cristian\Desktop


0 bad shortcuts found.

Program finished at: 07/06/2013 07:22:15 AM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Cristian (administrator) on 06-07-2013 07:24:09
Running from C:\Users\Cristian\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Evoluent) C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\system32\PSIService.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\system32\schtasks.exe
(Sun Microsystems, Inc.) C:\Windows\system32\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\hp\kbd\kbd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [71176 2007-05-24] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13539872 2008-05-22] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-05-22] (NVIDIA Corporation)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1848648 2009-07-07] (CANON INC.)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1505144 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe [44168 2007-04-03] (soft thinks)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Users\Cristian\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-20] (Google Inc.)
HKCU\...\Policies\system: [DisableCMD] 0
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\Explorer: [NoDesktop] 0
MountPoints2: {f129cc84-3584-11e0-9ff7-001e8c058d2b} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL hxxp://www.garmin.com/agent
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk
ShortcutTarget: Evoluent Mouse Manager.lnk -> C:\Windows\Installer\{AD6E0AE0-DADF-480E-82AE-4CDA6035D341}\_BBBCF44DDE3DA1E118ADB6.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files\Common Files\wruninstall.exe (No File)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files\Common Files\wruninstall.exe (No File)
Startup: C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk
ShortcutTarget: Socialbox.lnk -> C:\Program Files\Socialbox\Socialbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=hp&installDate=04/07/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=ds&q={searchTerms}&installDate=04/07/2013
BHO: No Name - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} -  No File
Toolbar: HKCU -No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {16BC6A51-9F62-49E3-9F96-C842EF2FFE3E} hxxp://www.eytronserver.com/CAB/WebPlayer.cab
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} hxxp://o.aolcdn.com/pictures/ap/Resources/v2.14/cab/aolpPlugins.10.6.0.8.cab
DPF: {29DFBD41-3B7D-4368-9021-894C5A30E054} hxxp://www.eytronserver.com/CAB/RemoteWeb.cab
DPF: {54CFC975-F9FB-45EB-8D18-D2D04FBC4299} hxxp://www.eytronserver.com/CAB/RemoteWeb2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} hxxp://upload.lokalisten.de/iup/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default
FF NewTab: hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=nt&installDate=04/07/2013&q=
FF Homepage: hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=hp&installDate=04/07/2013
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=ds&installDate=04/07/2013&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @innoplus.de/ino3DViewer - C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Cristian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Cristian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Cristian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: LyricsContainer - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\116
FF Extension: No Name - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: YouTube mp3 - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\info@youtube-mp3.org
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Webroot - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
FF Extension: No Name - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{d6aa6825-ff9d-4b33-9140-5dab33fa53d4}
FF Extension: No Name - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [Lyrics@LyricsContainer.co] C:\Program Files\LyricsContainer\116.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (qvo6) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (qvo6) -       "suggest_url": ""
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Cristian\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Cristian\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Cristian\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (DivX\u00AE Content Upload Plugin) - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (InoViewer Plugin) - C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Plus-HD-2.3) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0
CHR Extension: (Gmail) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-05-24] (Hewlett-Packard)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

==================== Drivers (Whitelisted) ====================

R3 AVMWAN; C:\Windows\System32\DRIVERS\avmwan.sys [29968 2001-11-08] (AVM Berlin)
R3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [22712 2010-06-23] (Evoluent)
R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [20024 2010-06-23] ()
S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [488656 2001-11-08] (AVM Berlin)
S3 LFXACT; C:\Windows\System32\Drivers\LFXACT.sys [20672 2007-01-09] (OEM)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2008-01-22] (Acronis)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S3 WlanUIG; C:\Windows\System32\DRIVERS\2862w.sys [346944 2004-04-06] (SMC Networks, Inc.)
S3 XMLDIUSB; C:\Windows\System32\Drivers\XMLDIUSB.sys [31879 2007-01-09] (OEM)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U0 SR; 
U2 srservice; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-06 07:22 - 2013-07-06 07:22 - 00001832 ____A C:\Users\Cristian\Desktop\sc-cleaner.txt
2013-07-06 07:17 - 2013-07-06 07:17 - 00001700 ____A C:\Users\Cristian\Desktop\AdwCleaner[S3].txt
2013-07-06 07:16 - 2013-07-06 07:16 - 00406144 ____A (Bleeping Computer, LLC) C:\Users\Cristian\Desktop\sc-cleaner.exe
2013-07-06 07:14 - 2013-07-06 07:15 - 00139264 ____A C:\Users\Cristian\Desktop\SystemLook.exe
2013-07-06 07:12 - 2013-07-06 07:12 - 00016999 ____A C:\Users\Cristian\Desktop\Ub+l61tG.htm
2013-07-06 07:11 - 2013-07-06 07:11 - 00016999 ____A C:\Users\Cristian\Desktop\nv4E1sFb.htm
2013-07-06 06:57 - 2013-07-06 06:57 - 00000000 ____D C:\Users\Cristian\Desktop\Sternstraße
2013-07-06 06:56 - 2013-07-06 06:56 - 00000000 ____D C:\Users\Cristian\Desktop\Scheidl
2013-07-06 06:51 - 2013-07-06 06:56 - 00000000 ____D C:\Users\Cristian\Desktop\LEA
2013-07-05 22:52 - 2013-07-05 22:53 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Cristian\Desktop\JRT.exe.part
2013-07-05 22:52 - 2013-07-05 22:52 - 00000000 ____A C:\Users\Cristian\Desktop\JRT.exe
2013-07-05 22:46 - 2013-07-05 22:46 - 00002128 ____A C:\Users\Cristian\Desktop\AdwCleaner[S2].txt
2013-07-05 22:43 - 2013-07-05 22:43 - 00002128 ____A C:\AdwCleaner[S2].txt
2013-07-05 22:36 - 2013-07-05 22:37 - 00064078 ____A C:\AdwCleaner[S1].txt
2013-07-05 22:34 - 2013-07-05 22:35 - 00650027 ____A C:\Users\Cristian\Desktop\adwcleaner.exe
2013-07-05 22:34 - 2013-07-05 22:34 - 00650027 ____A C:\Users\Cristian\Downloads\adwcleaner.exe
2013-07-04 21:41 - 2013-07-04 21:41 - 00002311 ____A C:\Users\Cristian\Desktop\Search.lnk
2013-07-04 20:44 - 2013-07-04 20:46 - 00027315 ____A C:\Users\Cristian\Desktop\Addition.txt
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\FRST
2013-07-04 20:38 - 2013-07-04 20:38 - 01373373 ____A (Farbar) C:\Users\Cristian\Desktop\FRST(1).exe
2013-07-04 20:34 - 2013-07-04 20:35 - 01373373 ____A (Farbar) C:\Users\Cristian\Desktop\FRST.exe
2013-07-04 18:32 - 2013-07-04 18:32 - 00602112 ____A (OldTimer Tools) C:\Users\Cristian\Desktop\OTL.exe
2013-07-04 18:31 - 2013-07-04 18:32 - 00000478 ____A C:\Users\Cristian\Desktop\defogger_disable.log
2013-07-04 18:31 - 2013-07-04 18:31 - 00000000 ____A C:\Users\Cristian\defogger_reenable
2013-07-04 18:30 - 2013-07-04 18:30 - 00000862 ____A C:\Users\Cristian\Desktop\Defogger.exe - Verknüpfung.lnk
2013-07-04 18:29 - 2013-07-04 18:29 - 00050477 ____A C:\Users\Cristian\Desktop\Defogger.exe
2013-07-04 18:27 - 2013-07-04 18:27 - 00793536 ____A C:\Users\Cristian\Downloads\ZipOpenerSetup.exe
2013-07-04 18:27 - 2013-07-04 18:27 - 00016678 ____A C:\Users\Cristian\Desktop\Zip Opener.htm
2013-07-04 18:27 - 2013-07-04 18:27 - 00000000 ____D C:\Users\Cristian\Desktop\Zip Opener_files
2013-07-04 12:39 - 2013-07-04 12:39 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-04 12:38 - 2013-07-04 17:41 - 00000000 ____D C:\Windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-07-04 12:37 - 2013-07-04 12:37 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-03 17:37 - 2013-07-03 17:37 - 00000000 ____D C:\Users\Cristian\Desktop\117___07
2013-07-03 11:56 - 2013-07-06 07:21 - 00001188 ____A C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-07-03 11:56 - 2013-07-06 07:19 - 00001092 ____A C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-07-03 11:56 - 2013-07-03 11:56 - 00116224 ____A (Webroot) C:\Windows\System32\Drivers\BGqjhauF.sys
2013-07-03 11:55 - 2013-07-06 07:19 - 00001192 ____A C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-07-03 11:55 - 2013-07-03 11:56 - 00000000 ____D C:\Users\Cristian\AppData\Local\lptmp2088492804
2013-07-03 11:54 - 2013-07-06 07:21 - 00001886 ____A C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2013-07-03 11:54 - 2013-07-06 07:19 - 00001812 ____A C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-03 11:53 - 2013-07-04 17:43 - 00000000 ____D C:\ProgramData\WRData
2013-07-03 11:53 - 2013-07-04 08:37 - 00000000 ____D C:\Program Files\Plus-HD-2.3
2013-07-03 11:53 - 2013-07-03 11:53 - 14965064 ____A (Google Inc.) C:\Users\Cristian\Downloads\picasa39_inst [1].exe
2013-07-03 11:53 - 2013-07-03 11:53 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\0F0W0T1V0D0L0M
2013-07-03 11:53 - 2013-07-03 11:53 - 00000000 ____D C:\Program Files\Webroot
2013-07-03 10:53 - 2013-07-03 10:53 - 00001666 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-07-03 10:52 - 2013-07-03 10:53 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-03 10:52 - 2013-07-03 10:53 - 00000000 ____D C:\Program Files\iTunes
2013-07-03 10:52 - 2013-07-03 10:52 - 00000000 ____D C:\Program Files\iPod
2013-07-03 10:39 - 2013-07-03 10:40 - 00000000 ____D C:\Program Files\QuickTime
2013-07-03 10:39 - 2013-07-03 10:39 - 00001728 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-07-03 09:00 - 2013-07-04 20:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-12 21:17 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 21:17 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 21:17 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 21:16 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 21:16 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 21:16 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 21:16 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 21:16 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 21:16 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 21:16 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 21:16 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 21:16 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 21:16 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 21:16 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 21:16 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 21:16 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 05:35 - 2013-05-08 05:40 - 00914792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 05:35 - 2013-05-08 03:58 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-06-12 05:35 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 05:35 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 05:35 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 05:35 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 05:35 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 05:35 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 05:35 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 05:35 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 05:35 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 05:34 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-07-06 07:22 - 2013-07-06 07:22 - 00001832 ____A C:\Users\Cristian\Desktop\sc-cleaner.txt
2013-07-06 07:21 - 2013-07-03 11:56 - 00001188 ____A C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-07-06 07:21 - 2013-07-03 11:54 - 00001886 ____A C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2013-07-06 07:19 - 2013-07-03 11:56 - 00001092 ____A C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-07-06 07:19 - 2013-07-03 11:55 - 00001192 ____A C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-07-06 07:19 - 2013-07-03 11:54 - 00001812 ____A C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-06 07:19 - 2011-06-27 07:03 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-06 07:19 - 2007-11-20 22:26 - 00000000 ____D C:\Windows\SMINST
2013-07-06 07:19 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-06 07:19 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-06 07:19 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-06 07:17 - 2013-07-06 07:17 - 00001700 ____A C:\Users\Cristian\Desktop\AdwCleaner[S3].txt
2013-07-06 07:17 - 2007-11-29 15:41 - 02031618 ____A C:\Windows\WindowsUpdate.log
2013-07-06 07:17 - 2006-11-02 15:01 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-06 07:16 - 2013-07-06 07:16 - 00406144 ____A (Bleeping Computer, LLC) C:\Users\Cristian\Desktop\sc-cleaner.exe
2013-07-06 07:15 - 2013-07-06 07:14 - 00139264 ____A C:\Users\Cristian\Desktop\SystemLook.exe
2013-07-06 07:12 - 2013-07-06 07:12 - 00016999 ____A C:\Users\Cristian\Desktop\Ub+l61tG.htm
2013-07-06 07:11 - 2013-07-06 07:11 - 00016999 ____A C:\Users\Cristian\Desktop\nv4E1sFb.htm
2013-07-06 07:02 - 2012-09-23 08:17 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-06 06:57 - 2013-07-06 06:57 - 00000000 ____D C:\Users\Cristian\Desktop\Sternstraße
2013-07-06 06:57 - 2011-08-28 10:34 - 00000000 ____D C:\Users\Cristian\Desktop\MAUSKLICK24
2013-07-06 06:56 - 2013-07-06 06:56 - 00000000 ____D C:\Users\Cristian\Desktop\Scheidl
2013-07-06 06:56 - 2013-07-06 06:51 - 00000000 ____D C:\Users\Cristian\Desktop\LEA
2013-07-06 06:56 - 2008-06-16 14:19 - 00000000 ____D C:\Users\Cristian\Desktop\Zur Backstub`n
2013-07-06 06:55 - 2010-05-06 10:09 - 00000000 ___RD C:\Users\Cristian\Desktop\Privat
2013-07-06 06:53 - 2011-06-27 07:03 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-06 06:53 - 2009-01-08 09:59 - 00000000 ___RD C:\Users\Cristian\Desktop\ess7
2013-07-06 06:50 - 2012-05-30 18:25 - 00001132 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1772254487-8582296-1865665106-1000UA.job
2013-07-06 06:45 - 2012-05-30 21:08 - 00011294 ____A C:\Windows\PFRO.log
2013-07-05 23:00 - 2011-02-10 13:38 - 00001912 ____A C:\Windows\epplauncher.mif
2013-07-05 22:53 - 2013-07-05 22:52 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Cristian\Desktop\JRT.exe.part
2013-07-05 22:52 - 2013-07-05 22:52 - 00000000 ____A C:\Users\Cristian\Desktop\JRT.exe
2013-07-05 22:46 - 2013-07-05 22:46 - 00002128 ____A C:\Users\Cristian\Desktop\AdwCleaner[S2].txt
2013-07-05 22:43 - 2013-07-05 22:43 - 00002128 ____A C:\AdwCleaner[S2].txt
2013-07-05 22:40 - 2011-08-05 12:44 - 00002631 ____A C:\Users\Cristian\Desktop\Microsoft Office Word 2007.lnk
2013-07-05 22:37 - 2013-07-05 22:36 - 00064078 ____A C:\AdwCleaner[S1].txt
2013-07-05 22:36 - 2011-08-20 20:54 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-05 22:35 - 2013-07-05 22:34 - 00650027 ____A C:\Users\Cristian\Desktop\adwcleaner.exe
2013-07-05 22:34 - 2013-07-05 22:34 - 00650027 ____A C:\Users\Cristian\Downloads\adwcleaner.exe
2013-07-04 21:41 - 2013-07-04 21:41 - 00002311 ____A C:\Users\Cristian\Desktop\Search.lnk
2013-07-04 20:46 - 2013-07-04 20:44 - 00027315 ____A C:\Users\Cristian\Desktop\Addition.txt
2013-07-04 20:40 - 2013-07-04 20:40 - 00000000 ____D C:\FRST
2013-07-04 20:38 - 2013-07-04 20:38 - 01373373 ____A (Farbar) C:\Users\Cristian\Desktop\FRST(1).exe
2013-07-04 20:35 - 2013-07-04 20:34 - 01373373 ____A (Farbar) C:\Users\Cristian\Desktop\FRST.exe
2013-07-04 20:07 - 2013-07-03 09:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-04 18:32 - 2013-07-04 18:32 - 00602112 ____A (OldTimer Tools) C:\Users\Cristian\Desktop\OTL.exe
2013-07-04 18:32 - 2013-07-04 18:31 - 00000478 ____A C:\Users\Cristian\Desktop\defogger_disable.log
2013-07-04 18:31 - 2013-07-04 18:31 - 00000000 ____A C:\Users\Cristian\defogger_reenable
2013-07-04 18:31 - 2008-01-15 11:21 - 00000000 ____D C:\users\Cristian
2013-07-04 18:30 - 2013-07-04 18:30 - 00000862 ____A C:\Users\Cristian\Desktop\Defogger.exe - Verknüpfung.lnk
2013-07-04 18:29 - 2013-07-04 18:29 - 00050477 ____A C:\Users\Cristian\Desktop\Defogger.exe
2013-07-04 18:27 - 2013-07-04 18:27 - 00793536 ____A C:\Users\Cristian\Downloads\ZipOpenerSetup.exe
2013-07-04 18:27 - 2013-07-04 18:27 - 00016678 ____A C:\Users\Cristian\Desktop\Zip Opener.htm
2013-07-04 18:27 - 2013-07-04 18:27 - 00000000 ____D C:\Users\Cristian\Desktop\Zip Opener_files
2013-07-04 17:51 - 2013-01-13 10:17 - 00002059 ____A C:\Users\Cristian\Desktop\Google Chrome.lnk
2013-07-04 17:44 - 2010-07-26 10:10 - 00000623 ____A C:\Windows\Support.ini
2013-07-04 17:43 - 2013-07-03 11:53 - 00000000 ____D C:\ProgramData\WRData
2013-07-04 17:41 - 2013-07-04 12:38 - 00000000 ____D C:\Windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-07-04 17:38 - 2011-09-21 13:17 - 00000000 ____D C:\Program Files\Common Files\Lexware
2013-07-04 17:36 - 2011-09-21 13:27 - 00000000 ____D C:\ProgramData\Lexware
2013-07-04 17:28 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Help
2013-07-04 17:26 - 2007-11-20 21:52 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-04 17:25 - 2007-11-20 21:56 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-07-04 16:10 - 2010-10-31 09:43 - 00001726 ____A C:\Users\Cristian\Desktop\Mozilla Firefox.lnk
2013-07-04 12:39 - 2013-07-04 12:39 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-04 12:37 - 2013-07-04 12:37 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-04 09:48 - 2008-01-22 12:21 - 00000000 ____D C:\ProgramData\Acronis
2013-07-04 08:37 - 2013-07-03 11:53 - 00000000 ____D C:\Program Files\Plus-HD-2.3
2013-07-03 17:37 - 2013-07-03 17:37 - 00000000 ____D C:\Users\Cristian\Desktop\117___07
2013-07-03 11:56 - 2013-07-03 11:56 - 00116224 ____A (Webroot) C:\Windows\System32\Drivers\BGqjhauF.sys
2013-07-03 11:56 - 2013-07-03 11:55 - 00000000 ____D C:\Users\Cristian\AppData\Local\lptmp2088492804
2013-07-03 11:53 - 2013-07-03 11:53 - 14965064 ____A (Google Inc.) C:\Users\Cristian\Downloads\picasa39_inst [1].exe
2013-07-03 11:53 - 2013-07-03 11:53 - 00000000 ____D C:\Users\Cristian\AppData\Roaming\0F0W0T1V0D0L0M
2013-07-03 11:53 - 2013-07-03 11:53 - 00000000 ____D C:\Program Files\Webroot
2013-07-03 10:53 - 2013-07-03 10:53 - 00001666 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-07-03 10:53 - 2013-07-03 10:52 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-03 10:53 - 2013-07-03 10:52 - 00000000 ____D C:\Program Files\iTunes
2013-07-03 10:52 - 2013-07-03 10:52 - 00000000 ____D C:\Program Files\iPod
2013-07-03 10:52 - 2011-08-07 16:21 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-03 10:40 - 2013-07-03 10:39 - 00000000 ____D C:\Program Files\QuickTime
2013-07-03 10:39 - 2013-07-03 10:39 - 00001728 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-07-03 10:38 - 2012-05-28 11:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 03:50 - 2012-05-30 18:25 - 00001080 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1772254487-8582296-1865665106-1000Core.job
2013-06-30 07:36 - 2006-11-02 12:33 - 01472526 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-27 03:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-15 15:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-15 14:38 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-12 21:09 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 22:02 - 2012-06-06 09:31 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 22:02 - 2011-05-14 16:13 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-06 06:53

==================== End Of Log ============================

--- --- ---

Zu Schritt 4. PROBLEM

Ich habe das Programm runtergeladen.
Mit Doppelklick öffnete es sich auch. Da steht aber nix mit Look, sondern Scanning.

Ich habe Scanning geklickt und der PC hat auch gearbeitet, bis dann folgende Meldung/Fenster auftauchte:

"Microsoft Visual C++Runtime Library" = ohne Inhalt.

Ich habe ca. 30 Minuten gewartet, es hat sich aber nichts getan. Ich habe das Programm geschlossen und wollte es neu runterladen, bzw. starten, dann bekam ich natürlich diese Meldung:

"Ihre Einstellungsdatei ist beschädigt oder ungültig. Google Chrome kann Ihre Einstellungen nicht wiederherstellen".

In der erstellen Datei mit dem Scann, war folgender Inhalt drinnen bis zum Beenden meinerseits....War ich zu ungeduldig? Hätte ich noch warten müssen?

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 07:29 on 06/07/2013 by Cristian
Administrator - Elevation successful

========== filefind ==========

Searching for "*BrowserDefender*"
No files found.

Searching for "*desksvc*"
No files found.

Searching for "*eSafeSvc*"
No files found.

Searching for "*PCSUService*"
C:\Windows\Prefetch\PCSUSERVICE.EXE-21533848.pf	--a---- 34714 bytes	[21:01 05/07/2013]	[21:01 05/07/2013] 61E1BEDEB37A6107DEE901C0E7C9FF6E

Searching for "*WebCake*"
C:\Users\Cristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RI6HB2DJ\WebCakesetup[1].exe	--a---- 1212288 bytes	[18:09 04/07/2013]	[18:09 04/07/2013] FE6B34DA2D16E6C6D10B6C126B137C15

Searching for "*AskSearch*"
No files found.

Searching for "*bProtector*"
No files found.

Searching for "*conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll	--a---- 1207392 bytes	[10:43 06/12/2012]	[10:43 06/12/2012] C963B2DECF0872C4A79D4E5E97062E8C
C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage	--a---- 4096 bytes	[06:19 29/12/2012]	[06:19 29/12/2012] F205C2274BA90EE4314155C05ABC9136
C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal	--a---- 3608 bytes	[06:19 29/12/2012]	[06:19 29/12/2012] F0B37CEE0CBFB3C4C9C4D8ADCB734EEA
C:\Users\Cristian\AppData\Local\Temp\ct2481020\conduit.xml	--a---- 785 bytes	[06:29 18/07/2012]	[06:29 18/07/2012] 6ACD8B6E740CB1E9A9FA43F2087592C6
C:\Users\Cristian\AppData\Local\Temp\is-L0M1D.tmp\ConduitInstaller.exe	--a---- 73080 bytes	[18:50 28/12/2012]	[11:50 08/11/2011] 9A5E999C90861CE9B7906DBF429D4238
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_633966731959262500_png.png	--a---- 1335 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 917FD36A2E6DEFFCA6339462F81C1B30
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_633970732492425000_png.png	--a---- 1078 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] B41171505BD1BC89138426FC8EB91C73
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_633984811074527500_png.png	--a---- 1335 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] F893CDE619A9D7DD25DA3F4E52EA8998
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_634256002890131250_png.png	--a---- 2591 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] BE7D92DED3BC6A091CA84309AD628DEE
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_634310403700275000_png.png	--a---- 912 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 1C2DC023B9C5DB6DA29047B674166412
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_634496244859912508_png.png	--a---- 1144 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 07EF2D257D888864B4CFACBBEB64FD77
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_634502363884793758_png.png	--a---- 1218 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 16D5B12839200342F6E46F51675F1268
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732-1353559765_gif.gif	--a---- 1019 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 519DD4D8227A61C7537CCB89B6A7DC10
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732-1371430531_gif.gif	--a---- 1021 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] CDB342E0DC50058BCE9170BCD13770F4
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732-603321484_gif.gif	--a---- 1021 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 203AB661D607849C84172760C1CEC688
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732-83628484_gif.gif	--a---- 1021 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] A7177B1FDC33EA6EA2475B5C0F0A2F51
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f7323119843110_gif.gif	--a---- 680 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 132727FB7F752E73497FA108308F5DBA
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633211996783250000_gif.gif	--a---- 1021 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 86288566AF77450282A92939BA9799A4
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618305367718750_gif.gif	--a---- 1019 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 7CF459BD36DB789109B3A66C14CE6C31
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618321828031250_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618321994750000_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322073968750_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322156625000_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322201156250_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322277093750_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322314281250_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322351468750_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322390062500_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322430218750_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322466937500_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322522250000_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322751937500_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322788343750_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322830218750_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322876312500_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618322922250000_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618323090531250_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618323154906250_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618323191000000_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618323223500000_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618323859750000_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618323896468750_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618323974281250_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618324008187500_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618324092406250_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618324135687500_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618324222875000_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618324261468750_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618324299593750_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618324333187500_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618324430531250_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618324468812500_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633618324542406250_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856690344906250_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856690451625000_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856690548656250_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856690642406250_gif.gif	--a---- 424 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856703982250000_gif.gif	--a---- 210 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 8C9A8E2C4E228B3733784B5F4BF4EE8C
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856704070062500_gif.gif	--a---- 333 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 6D43256166F65E31E3A34A4069AEC96B
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856704292250000_gif.gif	--a---- 580 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 7750086738CC6649E6C4E88F3F7AD8CB
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856704384281250_gif.gif	--a---- 592 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] A2E3A6027AC338052B01396701325938
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856705803137500_gif.gif	--a---- 120 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 1794DE3846374867AC6861BB9B53D582
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856705882668750_gif.gif	--a---- 99 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] C20811460651131E00503B41E62D414D
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856705967825000_gif.gif	--a---- 348 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 058D478A98484AA58222229586AF6A03
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856706046575000_gif.gif	--a---- 328 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 3FE7B9E32206885FB6BF0784EDAFBB6D
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856706255481250_gif.gif	--a---- 339 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] B9EB6CCFCC6CD8CF9633D93A97EA5311
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856706342512500_gif.gif	--a---- 339 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 96CEFED6E89E52A4BBBC19EC75474B4B
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856706453293750_gif.gif	--a---- 587 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] FBB873E8454E652FFAE8034DFFFC35BE
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856706545950000_gif.gif	--a---- 356 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] C3B019C12BADD613EBD6CF703EE9897A
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856706652356250_gif.gif	--a---- 354 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 4698E88AA6FEBCABE53B2C37BA141200
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856706818606250_gif.gif	--a---- 212 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] A96F39D92326BCC1429AD320B0C78D89
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856707376575000_gif.gif	--a---- 577 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 98C6D12CDBCE30931F0395761D6F8385
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856707473762500_gif.gif	--a---- 344 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] B9D294173EDC2C284FCF25BBC5C05AA4
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856707556262500_gif.gif	--a---- 580 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 5EF80879C38531AD65DE17AF23146932
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856707640325000_gif.gif	--a---- 362 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] D7ED2937D65F5C726977D0E4BA462179
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856707708293750_gif.gif	--a---- 222 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] B61DB2C08D86360A01C3D6C14541EC6C
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856707775950000_gif.gif	--a---- 359 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 813B48096E41E66AA0190160825F017A
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856707855637500_gif.gif	--a---- 344 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 96809529679A4D6D094C094C1D73E374
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856707963606250_gif.gif	--a---- 899 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] E842C8CD53264423BB5A94E9E95F5653
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856925099931250_gif.gif	--a---- 537 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] B1CCAB130A72E58842C18E813F82750B
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856925193837500_gif.gif	--a---- 537 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] B1CCAB130A72E58842C18E813F82750B
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856925275243750_gif.gif	--a---- 537 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] B1CCAB130A72E58842C18E813F82750B
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856925353212500_gif.gif	--a---- 537 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] B1CCAB130A72E58842C18E813F82750B
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856925421806250_gif.gif	--a---- 537 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] B1CCAB130A72E58842C18E813F82750B
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856925523525000_gif.gif	--a---- 548 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] AFDB9E89C2FF8327A828AA5990DC1928
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856925606650000_gif.gif	--a---- 601 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 08EBD7297F1238002ACDF7C560EC1F0B
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856925710400000_gif.gif	--a---- 361 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] A8235D6DE7861AAEBE306623076ADCAD
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856925832743750_gif.gif	--a---- 149 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] A0C5217201B6E35C3B28FEE70D0839CD
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856925909306250_gif.gif	--a---- 327 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] EA5FFF0A1F62F3D336BF0C41744CA71F
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856925992587500_gif.gif	--a---- 214 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] B89FFCA4F3F37701ED08F565153FCE5B
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633856926086181250_gif.gif	--a---- 334 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 5FCE22A762A32E518214680B7BC4D737
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_ab2cf831-6be3-4f16-b8a8-18125c28f732633927629878062500_png.png	--a---- 176 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 2E25C6846DAE2F8C68CB4DAE6C1AD458
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_Menu-Bsilkset_key_gif-Silk_2-633985695273432500_gif.gif	--a---- 369 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 2255E6A5B447FC0130B662C9067C8CD3
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_Menu-silkset_chart_bar_gif-Silk_1-634067671407027500_gif.gif	--a---- 395 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 60ADCDC0EEFF6D69F09B25E968EB0D5B
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_Rss-rss01x16blue_gif-rss16Images-633988161463742500_gif.gif	--a---- 427 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] DE38BD848E7E916050B57C8FF00C9D80
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_Rss-rss01x16blue_gif-rss16Images-633988162125930000_gif.gif	--a---- 427 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] DE38BD848E7E916050B57C8FF00C9D80
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_Rss-rss01x16green_gif-rss16Images-633988159593125000_gif.gif	--a---- 428 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] FC707EC713D600572DE988236BDD3A84
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_Rss-rss01x16green_gif-rss16Images-633988160488906250_gif.gif	--a---- 428 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] FC707EC713D600572DE988236BDD3A84
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_Rss-rss01x16grey_gif-rss16Images-633988160722031250_gif.gif	--a---- 434 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 0BADAB39E32A083649569D477A58E5EC
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_Rss-rss01x16_gif-rss16Images-633988153360618750_gif.gif	--a---- 433 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 310391CF3C98762DE1251AC2FED42D16
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_20_248_CT2481020_Images_Rss_xml-1-rssIcons-634048721131562500_gif.gif	--a---- 427 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] DE38BD848E7E916050B57C8FF00C9D80
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png	--a---- 821 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 99D5F75C338F2A877CBF891E0F18746E
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png	--a---- 729 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png	--a---- 531 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] A847C5F6CE2C700048749892DD2E0619
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png	--a---- 669 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png	--a---- 263 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png	--a---- 734 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 943ADFD9E0DF1507F7BC419802BF4303
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png	--a---- 562 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png	--a---- 493 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 275C9DA2D536F18F528C80E050C3D705
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png	--a---- 706 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png	--a---- 674 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 650731EEF807C292E699779B12CBE552
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png	--a---- 607 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 9B4D914888BCFFCBAE6757A0E450551C
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif	--a---- 419 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_eula_png.png	--a---- 513 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] F43944209A64CCD0C9B5A92743F0F787
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_ArcticQuest_gif.gif	--a---- 1077 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] FE6E5A8B0A9444786AE508147C93B8A4
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_AtlantisQuest_gif.gif	--a---- 619 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] CED90C973D01D3D581A1F658B263E41E
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Backgammon_gif.gif	--a---- 1031 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 3784449EBC06BA246D3EEF9019D401EC
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_BistroStars_gif.gif	--a---- 610 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 816E1F5B333A1B2064999214296D2BD5
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Checkers_gif.gif	--a---- 969 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 47F42E2411A7E9D76B8F66BB40604FA2
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Chess_gif.gif	--a---- 985 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 63125AFB782F81FAECCA4B28F86B72AB
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Clash_N_Slash_gif.gif	--a---- 586 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 5CEA9F1083981E0F3D35223F0D5610E8
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Connect4_gif.gif	--a---- 1022 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] BE7DB18620AA6DB7973AB1654FC09FC4
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Darts_gif.gif	--a---- 1005 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 320F9664B0B5F3C216CC26AF50DD46DE
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_FinalFortress_gif.gif	--a---- 589 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] C0098518021F9B797FE38A50C94D4587
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_FlowerQuest_gif.gif	--a---- 1081 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 2AAE23CCCAEFA8D1A1830DA6E24E841C
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Go_gif.gif	--a---- 997 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 48455300FF81F80324231AD962C9241A
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_HiddenExpedition_gif.gif	--a---- 1046 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 414F9D82D26CE56585D367CE3B75E786
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_MahjonggArtifacts2_gif.gif	--a---- 1088 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 46F10BACB1357BD0D3474A33854D838C
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Marbles_gif.gif	--a---- 1000 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 7854D45C7EAA4977D51A1BC5CE2C4CFC
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Match4_gif.gif	--a---- 1026 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] DDFA780E11491440D96FB557CD43BBAB
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Poker_gif.gif	--a---- 992 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] F50F12BA2C6203FF5D4EBA4275BEE11C
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Pool_gif.gif	--a---- 1024 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] FD7B80B70EDB98954F9F11B94C32C7E2
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_PuzzleWarArt_gif.gif	--a---- 1027 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] AF6FFF4BB362A895BFFB630EDE04226D
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_PuzzleWarFood_gif.gif	--a---- 1013 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 2F04B84B2E8F5B34D4D4B53AE7DE18FE
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_PuzzleWarWorldTravel_gif.gif	--a---- 1035 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 59CF82454D2B698CE0E08ECE36BECE05
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Puzzle_Wat_Animals_gif.gif	--a---- 998 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] F4A6659C093A6CF4E2359469EB6A923F
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_PyramidRunner_gif.gif	--a---- 431 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] D1457BB4130E42B6A8734F0D6C36BDBE
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Reversi_gif.gif	--a---- 1009 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 3282C3698B729DD4D6111B1411E6BBF8
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_RiseofAtlantis_gif.gif	--a---- 1090 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 92E82CFE67DD8266F90681ACB82F1576
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_SheepMe_gif.gif	--a---- 1008 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 11E9841A2C2470AE234FB85F7F3385ED
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Simon_gif.gif	--a---- 1023 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] A106006D81ECEBB288CBDDE241705229
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_SnowyBearsAdventures_gif.gif	--a---- 1064 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 1CAB9AED1E3A6D0AEF3A419DD0EEE137
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_SnowyTreasureHunter_gif.gif	--a---- 678 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 3A1CB22D90146FF71C3D2ED9DAC3682F
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Sudoku_gif.gif	--a---- 1000 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 0291D57D31C445545661E08C7D1D6AA5
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_TicTacToe_gif.gif	--a---- 988 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] E86BDAB48EFA93D6273D18E3D0DA79E7
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif	--a---- 403 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif	--a---- 414 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] A9E001CBC00B06B121DFBC80707F5298
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif	--a---- 278 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif	--a---- 405 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 995595D4C685D659E8F03CD0A287EDDF
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif	--a---- 405 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif	--a---- 361 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 464E244E7E2F27FB85E0C3AB69D72104
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif	--a---- 425 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 6427565C7105DC497287866100F260BB
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif	--a---- 381 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] AE7C9F67594A84B096D225601ACB0B2A
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif	--a---- 351 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] C3EBA0237D68F665AF6D663906221092
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif	--a---- 392 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 5E7217A3357550F9749A095631F51015
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif	--a---- 399 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png	--a---- 617 bytes	[19:56 11/01/2013]	[19:56 11/01/2013] 80648ABDB2DEB2D53DBFD77D57A9C886
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif	--a---- 405 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 66018EAE0906C9831A821CAE5D1089BB
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif	--a---- 371 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif	--a---- 322 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 948781E4B6478290050ECA4423B89B1E
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif	--a---- 240 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] AE5A39669C623937C0839E079E1088D5
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___storage_conduit_com_images_skins_skin_nch_gif.gif	--a---- 259 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 95BE4110A60FB521EC26E89ADC6A244B
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif	--a---- 351 bytes	[13:55 06/01/2013]	[13:55 06/01/2013] 703A98E0FBFB8C9B617E732C9E62DB04
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___weather_conduit_com_images_weather_Default_flurries_gif.gif	--a---- 404 bytes	[08:35 13/01/2013]	[08:35 13/01/2013] 5A985D8E2783DA9A33F8B3848A90B8E9
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif	--a---- 212 bytes	[15:32 10/01/2013]	[15:32 10/01/2013] 88CD5B8D6F007347115A8A602E5D158B
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif	--a---- 204 bytes	[19:07 28/12/2012]	[19:07 28/12/2012] 5EBD213E8A460652C883CBF68C152B5B
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=de.xml	--a---- 7158 bytes	[19:07 28/12/2012]	[08:34 13/01/2013] 975C952D94CC90E3174437C36DD068BF
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=de.xml	--a---- 5623 bytes	[19:07 28/12/2012]	[08:34 13/01/2013] AE2FA3846DCCDD15EB1FAE1437F7076F
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=de.xml	--a---- 6691 bytes	[19:07 28/12/2012]	[08:34 13/01/2013] 22C13F28D75B95B054B566E3EFD671B6
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=de.xml	--a---- 5622 bytes	[19:07 28/12/2012]	[08:34 13/01/2013] 09F5087A4EC9CA9AB4A53B669A37E939
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2319825\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_xml.xml	--a---- 5803 bytes	[07:14 14/04/2011]	[07:14 14/04/2011] 6BF50FDA3BC02B1E91036766306A9AB6
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245\feed\http___feeds2_feedburner_com_ConduitLinuxEs_history.xml	--a---- 0 bytes	[21:29 21/11/2010]	[21:29 21/11/2010] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245\feed\http___feeds2_feedburner_com_ConduitLinuxEs_structured.xml	--a---- 13105 bytes	[21:29 21/11/2010]	[08:47 05/08/2011] AF49FC94AFBA64BE92CFE6CECA59B8AC
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245\feed\http___feeds2_feedburner_com_ConduitMacDe_history.xml	--a---- 0 bytes	[21:29 21/11/2010]	[21:29 21/11/2010] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245\feed\http___feeds2_feedburner_com_ConduitMacDe_structured.xml	--a---- 12875 bytes	[21:29 21/11/2010]	[08:47 05/08/2011] EA418F9F51C1D25CC63B20F70B3E39A9
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245\feed\http___feeds2_feedburner_com_ConduitPalmDe_history.xml	--a---- 0 bytes	[21:29 21/11/2010]	[21:29 21/11/2010] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245\feed\http___feeds2_feedburner_com_ConduitPalmDe_structured.xml	--a---- 10483 bytes	[21:29 21/11/2010]	[06:13 17/12/2010] DA200385DD8BCF7C355DDE2C254AA257
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245\feed\http___feeds2_feedburner_com_ConduitPhonesDe _history.xml	--a---- 0 bytes	[21:29 21/11/2010]	[21:29 21/11/2010] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245\feed\http___feeds2_feedburner_com_ConduitPhonesDe _structured.xml	--a---- 13479 bytes	[21:29 21/11/2010]	[08:47 05/08/2011] 210DA500FCB7D49EB3822F69457B7FB6
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245\feed\http___feeds2_feedburner_com_ConduitPocketDe_history.xml	--a---- 0 bytes	[21:29 21/11/2010]	[21:29 21/11/2010] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245\feed\http___feeds2_feedburner_com_ConduitPocketDe_structured.xml	--a---- 13333 bytes	[21:29 21/11/2010]	[08:47 05/08/2011] 547326D7D1EB55EFAB6008A59B32E0FB
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245\feed\http___feeds2_feedburner_com_ConduitWindowsDe_history.xml	--a---- 0 bytes	[21:29 21/11/2010]	[21:29 21/11/2010] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245\feed\http___feeds2_feedburner_com_ConduitWindowsDe_structured.xml	--a---- 13327 bytes	[21:29 21/11/2010]	[08:47 05/08/2011] A90FDC3C8C8C3D35EE2926993C8914AA
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_xml.xml	--a---- 5803 bytes	[21:29 21/11/2010]	[21:29 21/11/2010] 6BF50FDA3BC02B1E91036766306A9AB6
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT3031784\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_display_xml.xml	--a---- 5801 bytes	[14:08 07/08/2011]	[14:08 07/08/2011] CEF21C55A446C3392032D1A40A02D5EE
C:\Users\Cristian\Documents\Downloads\ConduitInstaller.exe	--a---- 203264 bytes	[05:17 14/04/2011]	[05:21 14/04/2011] A382E542067DF30B069EDD96F7E3C9B0

Searching for "*Babylon*"
No files found.

Searching for "*LyricsContainer*"
No files found.

Searching for "*Desk 365*"
C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\SendTo\Desk 365.lnk	--a---- 1653 bytes	[09:55 03/07/2013]	[09:55 03/07/2013] ED1B3CF7CFEA87770ACEA404EB99899B
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser	--a---- 3374 bytes	[09:55 03/07/2013]	[09:55 03/07/2013] FB1221F8589BEDE19A19014CC6B17FF7

Searching for "*Viewpoint*"
No files found.

Searching for "*Ilivid*"
No files found.

Searching for "*PriceGong*"
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll	--a---- 390520 bytes	[10:13 06/10/2011]	[10:13 06/10/2011] 64CCC4B888265C203E80621D3F1742A7
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGong_16.png	--a---- 1101 bytes	[09:22 28/03/2010]	[09:22 28/03/2010] B5ECF14044E4FD55F61A7499D5687118

Searching for "*searchqu*"
No files found.

Searching for "*delta Toolbar*"
No files found.

Searching for "*Crossrider*"
C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\crossriderManifest.json	--a---- 708 bytes	[09:54 03/07/2013]	[09:54 03/07/2013] EF15BF168BFD709891E8AE644AB40163
C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\crossriderAPI.js	--a---- 11136 bytes	[09:54 03/07/2013]	[09:54 03/07/2013] 52A9B60F6516F4D5D0C9191861B025FC
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\crossrider_statusbar.png	--a---- 1361 bytes	[09:54 03/07/2013]	[09:54 03/07/2013] 8B1EB9CB80417EC0022D278A44AB1DC7

Searching for "*DataMngr*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Softonic*"
No files found.

Searching for "*qvo6*"
C:\Users\Cristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0SROITSB\entfernen-qvo6-virus[1].htm	--a---- 32241 bytes	[13:21 04/07/2013]	[13:21 04/07/2013] 99A074583F46340B3C22D03CFE7A4314
C:\Users\Cristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0SROITSB\qvo6-laesst-entfernen-1728504[1].htm	--a---- 192753 bytes	[13:32 04/07/2013]	[13:32 04/07/2013] 646EFA9DF82FF6563AEF9434C13D73F2
C:\Users\Cristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CR5NZOLZ\qvo6-laesst-entfernen-1728504[1].htm	--a---- 192756 bytes	[10:32 04/07/2013]	[10:34 04/07/2013] F154AAD2549792AB8229DB9FD5AA3858
C:\Users\Cristian\AppData\Local\Temp\is1693454730\qvo6.exe	------- 105040 bytes	[15:15 05/06/2013]	[15:15 05/06/2013] B29B9E059D21C71D74DD296D80431DF9

Searching for "*CommunityToolbar*"
No files found.

Searching for "*Plus-HD*"
C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-bho.dll	--a---- 750952 bytes	[09:56 03/07/2013]	[09:56 03/07/2013] E8280F5C495293C011100342B5968A6B
C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-buttonutil.dll	--a---- 395112 bytes	[09:55 03/07/2013]	[09:55 03/07/2013] 7AD9B975BA27FC5B20262D02376CD215
C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-buttonutil.exe	--a---- 339816 bytes	[09:55 03/07/2013]	[09:55 03/07/2013] C0E9754B5A686F5FD8CDA15A382D5CF3
C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-buttonutil64.dll	--a---- 475496 bytes	[09:56 03/07/2013]	[09:56 03/07/2013] 0C52A02926DD98C96733BB0E9FE76F5B
C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-buttonutil64.exe	--a---- 442728 bytes	[09:55 03/07/2013]	[09:55 03/07/2013] 8C617F023446937BCBCE4CF30CA93E38
C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe	--a---- 464232 bytes	[09:53 03/07/2013]	[09:53 03/07/2013] 3ABDC301FD48F6CECEF2ED5D28244866
C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe	--a---- 478568 bytes	[09:54 03/07/2013]	[09:54 03/07/2013] B16164753DF9BDB89712AF0FE33D2B9E
C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe	--a---- 345960 bytes	[09:56 03/07/2013]	[09:56 03/07/2013] E381F9C2D833EA377D26C6DBFC481FDC
C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe	--a---- 725352 bytes	[09:54 03/07/2013]	[09:54 03/07/2013] 4B413C20997BCD0E8B84D4C8E5DD633D
C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-helper.exe	--a---- 316264 bytes	[09:55 03/07/2013]	[09:55 03/07/2013] BD629D07A7353E8530B18E43929E8DF0
C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-updater.exe	--a---- 364392 bytes	[09:56 03/07/2013]	[09:56 03/07/2013] 51F45C468186ECB2E356D2FC81C91CA7
C:\Program Files\Plus-HD-2.3\Plus-HD-2.3.ico	--a---- 9662 bytes	[08:25 29/05/2013]	[08:25 29/05/2013] 739B67DAC0C716F3DA123622BACAB424
C:\Windows\Prefetch\PLUS-HD-2.3-CHROMEINSTALLER.E-4D97C9D0.pf	--a---- 21756 bytes	[09:54 05/07/2013]	[09:54 05/07/2013] 9504725EB9CDE2A64D17A944B28AC2E4
C:\Windows\Prefetch\PLUS-HD-2.3-CODEDOWNLOADER.EX-2FFF13CE.pf	--a---- 22060 bytes	[09:55 05/07/2013]	[09:55 05/07/2013] BF106DA250EAD6C93C569D8670D1BC48
C:\Windows\Prefetch\PLUS-HD-2.3-ENABLER.EXE-7F8C5F91.pf	--a---- 18370 bytes	[09:56 05/07/2013]	[09:56 05/07/2013] 1320CF4266D22802FD786FAB05433297
C:\Windows\Prefetch\PLUS-HD-2.3-FIREFOXINSTALLER.-3BACA359.pf	--a---- 26104 bytes	[09:54 05/07/2013]	[09:54 05/07/2013] 284AFDBAB3F1FD3E7003A8098A6A8C6C
C:\Windows\Prefetch\PLUS-HD-2.3-UPDATER.EXE-8246FC05.pf	--a---- 41114 bytes	[09:56 05/07/2013]	[09:56 05/07/2013] 55F01200831AA163D3252FBFFF5DE07A
C:\Windows\System32\Tasks\Plus-HD-2.3-chromeinstaller	--a---- 4916 bytes	[09:54 03/07/2013]	[09:54 03/07/2013] B463B9189988755F34DFA0F250A91F4A
C:\Windows\System32\Tasks\Plus-HD-2.3-codedownloader	--a---- 4222 bytes	[09:55 03/07/2013]	[09:55 03/07/2013] 1C396FD6B5EC30FC052C9C03AC6336B2
C:\Windows\System32\Tasks\Plus-HD-2.3-enabler	--a---- 4122 bytes	[09:56 03/07/2013]	[09:56 03/07/2013] DBA517EBB56B7D9C6708A725BF601407
C:\Windows\System32\Tasks\Plus-HD-2.3-firefoxinstaller	--a---- 4842 bytes	[09:54 03/07/2013]	[09:54 03/07/2013] F837D84812DCA754197FDB8411E29277
C:\Windows\System32\Tasks\Plus-HD-2.3-updater	--a---- 4218 bytes	[09:56 03/07/2013]	[09:56 03/07/2013] 25E5ED5A4395C0B48D2B4A8BE59F0CD6
C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job	--a---- 1886 bytes	[09:54 03/07/2013]	[05:21 06/07/2013] 913F2D38973F3588CC5E869DB8696454
C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job	--a---- 1192 bytes	[09:55 03/07/2013]	[05:19 06/07/2013] B82F3D538E6BDC091B3A67F350F77FD9
C:\Windows\Tasks\Plus-HD-2.3-enabler.job	--a---- 1092 bytes	[09:56 03/07/2013]	[05:19 06/07/2013] 723342456A499BDCD545564E8B16CB78
C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job	--a---- 1812 bytes	[09:54 03/07/2013]	[05:19 06/07/2013] 1D3F6E26C81245457A55C5A713E70072
C:\Windows\Tasks\Plus-HD-2.3-updater.job	--a---- 1188 bytes	[09:56 03/07/2013]	[05:21 06/07/2013] E10814EEC2D86495CBCCF4F40A38085B

========== folderfind ==========

Searching for "*BrowserDefender*"
No folders found.

Searching for "*desksvc*"
No folders found.

Searching for "*eSafeSvc*"
No folders found.

Searching for "*PCSUService*"
No folders found.

Searching for "*WebCake*"
C:\Users\Cristian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UGCLBU8Z\dealsvc.getwebcake.com	d------	[18:11 04/07/2013]
C:\Users\Cristian\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#dealsvc.getwebcake.com	d------	[18:11 04/07/2013]

Searching for "*AskSearch*"
No folders found.

Searching for "*bProtector*"
No folders found.

Searching for "*conduit*"
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\Repository\conduit_CT2481020_CT2481020	d------	[19:07 28/12/2012]
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE\Repository\conduit_CT2481020_de	d------	[19:07 28/12/2012]

Searching for "*Babylon*"
No folders found.

Searching for "*LyricsContainer*"
No folders found.

Searching for "*Desk 365*"
No folders found.

Searching for "*Viewpoint*"
No folders found.

Searching for "*Ilivid*"
No folders found.

Searching for "*PriceGong*"
No folders found.

Searching for "*searchqu*"
No folders found.

Searching for "*delta Toolbar*"
No folders found.

Searching for "*Crossrider*"
No folders found.

Searching for "*DataMngr*"
C:\Users\Cristian\AppData\LocalLow\DataMngr	d------	[18:18 16/08/2011]

Searching for "*Bandoo*"
No folders found.

Searching for "*Softonic*"
No folders found.

Searching for "*qvo6*"
No folders found.

Searching for "*CommunityToolbar*"
No folders found.

Searching for "*Plus-HD*"
C:\Program Files\Plus-HD-2.3	d------	[09:53 03/07/2013]

========== regfind ==========

Searching for "BrowserDefender"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"

Searching for "desksvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\desksvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\desksvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc]

Searching for "eSafeSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\eSafeSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\eSafeSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc]

Searching for "PCSUService"
No data found.

Searching for "WebCake"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WebCakeUpdaterService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WebCakeUpdaterService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdaterService]

Searching for "AskSearch"
No data found.

Searching for "bProtector"
No data found.

Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6D98C0F-04EA-443B-B80B-5F1C085EB63D}]
"AppPath"="C:\Users\Cristian\AppData\Local\Conduit\CT2481020"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "LyricsContainer"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\LrcsCtrUpdr.exe]
"Path"="C:\Program Files\LyricsContainer\LrcsCtrUpdr.exe"
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"Lyrics@LyricsContainer.co"="C:\Program Files\LyricsContainer\116.xpi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{27B2566E-4FC1-48C3-8686-7B283574E83D}\1.0\0\win32]
@="C:\Program Files\LyricsContainer\116.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{27B2566E-4FC1-48C3-8686-7B283574E83D}\1.0\HELPDIR]
@="C:\Program Files\LyricsContainer"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\IntelliType Pro\AppSpecific\LrcsCtrUpdr.exe]
"Path"="C:\Program Files\LyricsContainer\LrcsCtrUpdr.exe"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Mozilla\Firefox\Extensions]
"Lyrics@LyricsContainer.co"="C:\Program Files\LyricsContainer\116.xpi"

Searching for "Desk 365"

Die-Dora

M-K-D-B · 06.07.2013, 10:20

Servus,

gut gemacht.

So geht es weiter:

Schritt 1
Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=hp&installDate=04/07/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=ds&q={searchTerms}&installDate=04/07/2013
BHO: No Name - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
Toolbar: HKLM - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU -No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} -  No File
Toolbar: HKCU -No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} -  No File
FF NewTab: hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=nt&installDate=04/07/2013&q=
FF Homepage: hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=hp&installDate=04/07/2013
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=ds&installDate=04/07/2013&q=
FF Extension: LyricsContainer - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\116
FF Extension: No Name - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: No Name - C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKCU\...\Firefox\Extensions: [Lyrics@LyricsContainer.co] C:\Program Files\LyricsContainer\116.xpi
CHR DefaultSearchURL: (qvo6) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (qvo6) -       "suggest_url": ""
CHR Extension: (Plus-HD-2.3) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0
C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
C:\Program Files\Enigma Software Group
2013-07-03 11:56 - 2013-07-06 07:21 - 00001188 ____A C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-07-03 11:56 - 2013-07-06 07:19 - 00001092 ____A C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-07-03 11:55 - 2013-07-06 07:19 - 00001192 ____A C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-07-03 11:55 - 2013-07-03 11:56 - 00000000 ____D C:\Users\Cristian\AppData\Local\lptmp2088492804
2013-07-03 11:54 - 2013-07-06 07:21 - 00001886 ____A C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2013-07-03 11:54 - 2013-07-06 07:19 - 00001812 ____A C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-03 11:53 - 2013-07-04 17:43 - 00000000 ____D C:\ProgramData\WRData
2013-07-03 11:53 - 2013-07-04 08:37 - 00000000 ____D C:\Program Files\Plus-HD-2.3
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2319825
C:\Users\Cristian\Documents\Downloads\ConduitInstaller.exe
C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\SendTo\Desk 365.lnk
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
C:\Windows\System32\Tasks\Plus-HD-2.3-chromeinstaller
C:\Windows\System32\Tasks\Plus-HD-2.3-codedownloader
C:\Windows\System32\Tasks\Plus-HD-2.3-enabler
C:\Windows\System32\Tasks\Plus-HD-2.3-firefoxinstaller
C:\Windows\System32\Tasks\Plus-HD-2.3-updater
C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
C:\Windows\Tasks\Plus-HD-2.3-enabler.job
C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
C:\Windows\Tasks\Plus-HD-2.3-updater.job
C:\Users\Cristian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UGCLBU8Z\dealsvc.getwebcake.com
C:\Users\Cristian\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#dealsvc.getwebcake.com
C:\Users\Cristian\AppData\LocalLow\DataMngr
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc"
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdaterService"
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6D98C0F-04EA-443B-B80B-5F1C085EB63D}"
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\LrcsCtrUpdr.exe"
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{27B2566E-4FC1-48C3-8686-7B283574E83D}"
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{27B2566E-4FC1-48C3-8686-7B283574E83D}"
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:regfind
Desk 365
Viewpoint
Ilivid
PriceGong
searchqu
delta
Crossrider
DataMngr
Bandoo
Softonic
qvo6
CommunityToolbar
Plus-HD

Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List
Klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von FRST,
die Logdatei von SystemLook,
die beiden Logdateien von OTL.

Die-Dora · 06.07.2013, 21:51

Hallo Matthias,

wäre ja gelacht, wenn einfach mal alles nach Deiner Anweisung klappen könnte.

Schritt Nr. 3 geht nicht. PC hängt sich auf unter dem Punkt: Scanning FireFox settings...

Ich habe es 2x versucht. Bei dem Punkt geht nichts mehr und zeigt mir an: (keine Rückmeldung).

Ich poste jetzt die ersten beiden Sachen, vielleicht kannst damit was anfangen?

LG Die-Dora

PS: Es hat sich schon was erfreuliches getan. Wenn ich auf Firefox gehe, kommt Firefox als "Startseite", allerdings ganz oben links immernoch snap.do.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-07-2013
Ran by Cristian at 2013-07-06 21:09:05 Run:1
Running from C:\Users\Cristian\Desktop
Boot Mode: Normal

==============================================

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5786d022-540e-4699-b350-b4be0ae94b79} => Key deleted successfully.
HKCR\CLSID\{5786d022-540e-4699-b350-b4be0ae94b79} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\!{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} => Value deleted successfully.
HKCR\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5786D022-540E-4699-B350-B4BE0AE94B79} => Value deleted successfully.
HKCR\CLSID\{5786D022-540E-4699-B350-B4BE0AE94B79} => Key not found.
Firefox newtab deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\116 => Moved successfully.
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com => Moved successfully.
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co => Value deleted successfully.
CHR DefaultSearchURL: (qvo6) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (qvo6) -       "suggest_url": "" ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec => Moved successfully.
"C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec" => File/Directory not found.
esgiguard => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Windows\Tasks\Plus-HD-2.3-updater.job => Moved successfully.
C:\Windows\Tasks\Plus-HD-2.3-enabler.job => Moved successfully.
C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => Moved successfully.
C:\Users\Cristian\AppData\Local\lptmp2088492804 => Moved successfully.
C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job => Moved successfully.
C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job => Moved successfully.
C:\ProgramData\WRData => Moved successfully.
C:\Program Files\Plus-HD-2.3 => Moved successfully.
C:\Users\Cristian\AppData\LocalLow\Ashampoo_DE => Moved successfully.
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2319825 => Moved successfully.
C:\Users\Cristian\Documents\Downloads\ConduitInstaller.exe => Moved successfully.
C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\SendTo\Desk 365.lnk => Moved successfully.
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser => Moved successfully.
"C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec" => File/Directory not found.
"C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com" => File/Directory not found.
C:\Windows\System32\Tasks\Plus-HD-2.3-chromeinstaller => Moved successfully.
C:\Windows\System32\Tasks\Plus-HD-2.3-codedownloader => Moved successfully.
C:\Windows\System32\Tasks\Plus-HD-2.3-enabler => Moved successfully.
C:\Windows\System32\Tasks\Plus-HD-2.3-firefoxinstaller => Moved successfully.
C:\Windows\System32\Tasks\Plus-HD-2.3-updater => Moved successfully.
"C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job" => File/Directory not found.
"C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job" => File/Directory not found.
"C:\Windows\Tasks\Plus-HD-2.3-enabler.job" => File/Directory not found.
"C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job" => File/Directory not found.
"C:\Windows\Tasks\Plus-HD-2.3-updater.job" => File/Directory not found.
C:\Users\Cristian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UGCLBU8Z\dealsvc.getwebcake.com => Moved successfully.
C:\Users\Cristian\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#dealsvc.getwebcake.com => Moved successfully.
C:\Users\Cristian\AppData\LocalLow\DataMngr => Moved successfully.

=========  reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc" =========

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 22:23 on 06/07/2013 by Cristian
Administrator - Elevation successful

========== regfind ==========

Searching for "Desk 365"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\desk365.exe]
"Path"="C:\Program Files\Desk 365\desk365.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E8D16DD-92D2-4462-B46E-C748629CDA3B}]
"Path"="\Desk 365 RunAsStdUser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser]
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\IntelliType Pro\AppSpecific\desk365.exe]
"Path"="C:\Program Files\Desk 365\desk365.exe"

Searching for "Viewpoint"
No data found.

Searching for "Ilivid"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\iLividSetupV1.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\iLividSetupV1.exe]
"Path"="C:\ProgramData\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A}\iLividSetupV1.exe"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r575-n-bi.exe]
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\IntelliType Pro\AppSpecific\iLividSetupV1.exe]
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\IntelliType Pro\AppSpecific\iLividSetupV1.exe]
"Path"="C:\ProgramData\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A}\iLividSetupV1.exe"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]

Searching for "PriceGong"
No data found.

Searching for "searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "delta"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Adobe\Shockwave 11\uicontrol\sw3dbaddriverlist1]
@="*2k*savage/ix!^5.12.01.7012$79x=stbnvidiatnt16mb!=4.10.01.9131$o2k=diamondstealthiiis530!=5.12.01.8007-8.30.24$72k=m!=5.00.2180.3711$***=atigraphicsproturbopci(atim64-gx)!^9999.0.0.0$ont=nvidiageforce256!=4.00.1381.0327$****virge!^9999.0.0.0$*9x=ibmthinkpad(cyber9397dvd)!=4.10.01.2173$79x=mach64:ragepro!=4.11.2560$*2k=m!^5.12.01.1200$o9x=intel(r)82810graphicscontroller!=4.12.01.2656$o**=m!^5.12.01.1509$o2k=3dfxvoodooseries!=5.00.2195.0197$ont=3dfxvoodooseries!=4.00.1381.0229$o2k=diamondstealthiiis540!=5.12.01.8007-8.30.24$*9x*permedia2!^4.10.01.2359$****mystique!^9999.0.0.0$*9x*g400!^4.12.1.1710$***=2164w!^9999.0.0.0$*9x=mach64:ragepro!^4.10.1720$ont*3dblasterriva!^4.03.00.2100$ont*nvidia!^4.00.1381.0508$79x*nvidia!^4.12.01.0513$o9x*diamondviperv770!^4.11.01.0402$****g100!^9999.0.0.0$59x*nvidiariva128!=4.10.1713$ont*radeon!^4.3.3109$o2k*voodoobanshee!=5.00.2195.2b$o***permedia3!^4.12.01.2107$o***ragefury!^4.3.
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351d0b2","1f89d526fc52417e16d99b9f069f18f
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\17]
"JavaScript"="if(typeof window!=="undefined"){
/*!
 * jQuery JavaScript Library v1.4.2
 * hxxp://jquery.com/
 *
 * Copyright 2010, John Resig
 * Dual licensed under the MIT or GPL Version 2 licenses.
 * hxxp://jquery.org/license
 *
 * Includes Sizzle.js
 * hxxp://sizzlejs.com/
 * Copyright 2010, The Dojo Foundation
 * Released under the MIT, BSD, and GPL Licenses.
 *
 * Date: Sat Feb 13 22:33:48 2010 -0500
 */
var $$jquery;(function(aO,D){var a=function(e,a0){return new a.fn.init(e,a0);},o=aO.jQuery,S=aO.$,ac=aO.document,Y,Q=/^[^<]*(<[\w\W]+>)[^>]*$|^#([\w-]+)$/,aY=/^.[^:#\[\.,]*$/,az=/\S/,N=/^(\s|\u00A0)+|(\s|\u00A0)+$/g,f=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,b=navigator.userAgent,v,L=false,af=[],aI,av=Object.prototype.toString,ar=Object.prototype.hasOwnProperty,h=Array.prototype.push,G=Array.prototype.slice,t=Array.prototype.indexOf;a.fn=a.prototype={init:function(e,a2){var a1,a3,a0,a4;if(!e){return this;}if(e.nodeType){this.context=this[0]=e;
[HKEY_CURRENT_USER\Software\Macromedia\Shockwave 8\uicontrol\sw3dbaddriverlist1]
@="*2k*savage/ix!^5.12.01.7012$79x=stbnvidiatnt16mb!=4.10.01.9131$o2k=diamondstealthiiis530!=5.12.01.8007-8.30.24$72k=m!=5.00.2180.3711$***=atigraphicsproturbopci(atim64-gx)!^9999.0.0.0$ont=nvidiageforce256!=4.00.1381.0327$****virge!^9999.0.0.0$*9x=ibmthinkpad(cyber9397dvd)!=4.10.01.2173$79x=mach64:ragepro!=4.11.2560$*2k=m!^5.12.01.1200$o9x=intel(r)82810graphicscontroller!=4.12.01.2656$o**=m!^5.12.01.1509$o2k=3dfxvoodooseries!=5.00.2195.0197$ont=3dfxvoodooseries!=4.00.1381.0229$o2k=diamondstealthiiis540!=5.12.01.8007-8.30.24$*9x*permedia2!^4.10.01.2359$****mystique!^9999.0.0.0$*9x*g400!^4.12.1.1710$***=2164w!^9999.0.0.0$*9x=mach64:ragepro!^4.10.1720$ont*3dblasterriva!^4.03.00.2100$ont*nvidia!^4.00.1381.0508$79x*nvidia!^4.12.01.0513$o9x*diamondviperv770!^4.11.01.0402$****g100!^9999.0.0.0$59x*nvidiariva128!=4.10.1713$ont*radeon!^4.3.3109$o2k*voodoobanshee!=5.00.2195.2b$o***permedia3!^4.12.01.2107$o***ragefury!^4.3.139$o***rage128g
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalDelta"="C:\Users\Cristian\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSD.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace]
"RemoteDelta"="C:\Users\Cristian\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSR.XML"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6000.16386_none_3df5a61c88d408ee]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6001.18000_none_402c681885bf19c2]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16386_none_67a7d433381cca77]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16609_none_68015a2337d92e69]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.20734_none_686585b85113a353]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6001.18000_none_69de962f3507db4b]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8\f256!msdelta.dll]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_ae0206df82bc1377]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_ae0206df82bc1377]
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Shockwave 11\uicontrol\sw3dbaddriverlist1]
@="*2k*savage/ix!^5.12.01.7012069x=stbnvidiatnt16mb!=4.10.01.9131$o2k=diamondstealthiiis530!=5.12.01.8007-8.30.24$72k=m!=5.00.2180.3711$***=atigraphicsproturbopci(atim64-gx)!^9999.0.0.0$ont=nvidiageforce256!=4.00.1381.0327$****virge!^9999.0.0.0$*9x=ibmthinkpad(cyber9397dvd)!=4.10.01.2173$79x=mach64:ragepro!=4.11.2560$*2k=m!^5.12.01.1200$o9x=intel(r)82810graphicscontroller!=4.12.01.2656$o**=m!^5.12.01.1509$o2k=3dfxvoodooseries!=5.00.2195.0197$ont=3dfxvoodooseries!=4.00.1381.0229$o2k=diamondstealthiiis540!=5.12.01.8007-8.30.24$*9x*permedia2!^4.10.01.2359$****mystique!^9999.0.0.0$*9x*g400!^4.12.1.1710$***=2164w!^9999.0.0.0$*9x=mach64:ragepro!^4.10.1720$ont*3dblasterriva!^4.03.00.2100$ont*nvidia!^4.00.1381.0508$79x*nvidia!^4.12.01.0513$o9x*diamondviperv770!^4.11.01.0402$****g100!^9999.0.0.0$59x*nvidiariva128!=4.10.1713$ont*radeon!^4.3.3109$o2k*voodoobanshee!=5.00.2195.2b$o***permedia3!^4.12.01.2107$o***ragefury!^4.3.139$o***rage128glag
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nkgfcicgjhneabbbfhddfcgifljdhhpl]
"path"="C:\Users\Cristian\AppData\Roaming\BabSolution\CR\Delta.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\DigitalImaging\hp officejet 6300 series\Strings]
"ModelTarget"="0,0,[Oo][Ff][Ff][Ii][Cc][Ee][Jj][Ee][Tt] 63[0-9][0-9]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\DigitalImaging\HP Officejet J4500 Series\Strings]
"ModelTarget"="0,0,[Oo][Ff][Ff][Ii][Cc][Ee][Jj][Ee][Tt] [Jj]45[0-9][0-9]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_0.0.0.0_none_64065dc5cde955f8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_0.0.0.0_none_8db88bdc7d321781]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6000.16386_none_3df5a61c88d408ee]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6001.18000_none_402c681885bf19c2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16386_none_67a7d433381cca77]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16609_none_68015a2337d92e69]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.20734_none_686585b85113a353]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6001.18000_none_69de962f3507db4b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8\f256!msdelta.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_ae0206df82bc1377]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_ae0206df82bc1377]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object  consists of counters that describe the behavior of physical and virtual memory on the computer.  Physical memory is the amount of random access memory on the computer.  Virtual memory consists of the space in physical memory and on disk.  Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory.  Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Realtek\AECBF\icrcAudioProcessingDemo\GSCBeamformer\PostFiltering]
"delta"="0.000100"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Adobe\Shockwave 11\uicontrol\sw3dbaddriverlist1]
@="*2k*savage/ix!^5.12.01.7012$79x=stbnvidiatnt16mb!=4.10.01.9131$o2k=diamondstealthiiis530!=5.12.01.8007-8.30.24$72k=m!=5.00.2180.3711$***=atigraphicsproturbopci(atim64-gx)!^9999.0.0.0$ont=nvidiageforce256!=4.00.1381.0327$****virge!^9999.0.0.0$*9x=ibmthinkpad(cyber9397dvd)!=4.10.01.2173$79x=mach64:ragepro!=4.11.2560$*2k=m!^5.12.01.1200$o9x=intel(r)82810graphicscontroller!=4.12.01.2656$o**=m!^5.12.01.1509$o2k=3dfxvoodooseries!=5.00.2195.0197$ont=3dfxvoodooseries!=4.00.1381.0229$o2k=diamondstealthiiis540!=5.12.01.8007-8.30.24$*9x*permedia2!^4.10.01.2359$****mystique!^9999.0.0.0$*9x*g400!^4.12.1.1710$***=2164w!^9999.0.0.0$*9x=mach64:ragepro!^4.10.1720$ont*3dblasterriva!^4.03.00.2100$ont*nvidia!^4.00.1381.0508$79x*nvidia!^4.12.01.0513$o9x*diamondviperv770!^4.11.01.0402$****g100!^9999.0.0.0$59x*nvidiariva128!=4.10.1713$ont*radeon!^4.3.3109$o2k*voodoobanshee!=5.00.2195.2b$o***perme
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351d
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\17]
"JavaScript"="if(typeof window!=="undefined"){
/*!
 * jQuery JavaScript Library v1.4.2
 * hxxp://jquery.com/
 *
 * Copyright 2010, John Resig
 * Dual licensed under the MIT or GPL Version 2 licenses.
 * hxxp://jquery.org/license
 *
 * Includes Sizzle.js
 * hxxp://sizzlejs.com/
 * Copyright 2010, The Dojo Foundation
 * Released under the MIT, BSD, and GPL Licenses.
 *
 * Date: Sat Feb 13 22:33:48 2010 -0500
 */
var $$jquery;(function(aO,D){var a=function(e,a0){return new a.fn.init(e,a0);},o=aO.jQuery,S=aO.$,ac=aO.document,Y,Q=/^[^<]*(<[\w\W]+>)[^>]*$|^#([\w-]+)$/,aY=/^.[^:#\[\.,]*$/,az=/\S/,N=/^(\s|\u00A0)+|(\s|\u00A0)+$/g,f=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,b=navigator.userAgent,v,L=false,af=[],aI,av=Object.prototype.toString,ar=Object.prototype.hasOwnProperty,h=Array.prototype.push,G=Array.prototype.slice,t=Array.prototype.indexOf;a.fn=a.prototype={init:function(e,a2){var a1,a3,a0,a4;if(!e){return this;}i
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Macromedia\Shockwave 8\uicontrol\sw3dbaddriverlist1]
@="*2k*savage/ix!^5.12.01.7012$79x=stbnvidiatnt16mb!=4.10.01.9131$o2k=diamondstealthiiis530!=5.12.01.8007-8.30.24$72k=m!=5.00.2180.3711$***=atigraphicsproturbopci(atim64-gx)!^9999.0.0.0$ont=nvidiageforce256!=4.00.1381.0327$****virge!^9999.0.0.0$*9x=ibmthinkpad(cyber9397dvd)!=4.10.01.2173$79x=mach64:ragepro!=4.11.2560$*2k=m!^5.12.01.1200$o9x=intel(r)82810graphicscontroller!=4.12.01.2656$o**=m!^5.12.01.1509$o2k=3dfxvoodooseries!=5.00.2195.0197$ont=3dfxvoodooseries!=4.00.1381.0229$o2k=diamondstealthiiis540!=5.12.01.8007-8.30.24$*9x*permedia2!^4.10.01.2359$****mystique!^9999.0.0.0$*9x*g400!^4.12.1.1710$***=2164w!^9999.0.0.0$*9x=mach64:ragepro!^4.10.1720$ont*3dblasterriva!^4.03.00.2100$ont*nvidia!^4.00.1381.0508$79x*nvidia!^4.12.01.0513$o9x*diamondviperv770!^4.11.01.0402$****g100!^9999.0.0.0$59x*nvidiariva128!=4.10.1713$ont*radeon!^4.3.3109$o2k*voodoobanshee!=5.00.2195.2b$o***permedia3!^4.12.01.21
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalDelta"="C:\Users\Cristian\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSD.XML"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Windows Media\WMSDK\Namespace]
"RemoteDelta"="C:\Users\Cristian\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSR.XML"

Searching for "Crossrider"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Code]
"AppJavaScript"="

  /************************************************************************************
  This is your Page Code. The appAPI.ready() code block will be executed on every page load.
  For more information please visit our docs site: hxxp://docs.crossrider.com
*************************************************************************************/


appAPI.ready(function($) {

  //alert(appAPI.isMatchPages("*youtube*"));
  //alert(appAPI.isMatchPages("*watch*"));
  //alert(appAPI.isMatchPages("*hd=1*"))
  
  if (appAPI.isMatchPages("*youtube*") && appAPI.isMatchPages("*watch*") && !appAPI.isMatchPages("*hd=1*")) {
  	//alert(window.location);
    window.location = window.location + "&hd=1"
    //alert(window.location);
  }

});
"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/background_scope
*************************************************************************************/

appAPI.ready(function($) {

  // Place your code here (ideal for handling browser button, global timers, etc.)

});

"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Installer]
"CodeDownloadDomain"="hxxp://app-static.crossrider.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Installer]
"Domain"="hxxp://app-static.crossrider.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\1]
"JavaScript"="appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.extend(appAPI._cr_config,{sidebar:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},css:"/plugins/stylesheets/sidebar.css",themes:"/plugins/images/sidebar"}});$jquery.extend(appAPI._cr_config,{notifications_manager:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},statsBase:{production:"hxxp://nstats.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},geolocation:"hxxp://www.geoplugin.net/json.gp?jsoncallback=fn",meta:"/notifier/"+appAPI._cr_config.appID()+"/meta.json",messages:"/notifier/"+appAPI._cr_config.appID()+"/{id}.json",logger:"/notifications.gif",loggerAPI:"/api_notifications.gif"},notifications:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},cs
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\1]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/base.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\101]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/cortica_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[102] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

/**
 * Copyright (C) 2012 DealPly Technologies Ltd. All rights reserved. For licensing
 * information, see hxxp://www.dealply.com/
 *  
 * THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE
 * LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
 * OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
 * EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\102]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/dealply_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\103]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_5_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351d0b2","1f89d526fc52417e16d99b9f069f18f
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\104]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/jollywallet_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\105]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/corticas_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\107]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupish_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\108]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/icm_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\116]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/ads_only_5_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\117]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupons_intext_ads_5_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\119]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[119] = function() {


(function($,e,b){var c="hashchange",h=document,f,g=$.event.special,i=h.documentMode,d="on"+c in e&&(i===b||i>7);function a(j){j=j||location.href;return"#"+j.replace(/^[^#]*#?(.*)$/,"$1")}$.fn[c]=function(j){return j?this.bind(c,j):this.trigger(c)};$.fn[c].delay=50;g[c]=$.extend(g[c],{setup:function(){if(d){return false}$(f.start)},teardown:function(){if(d){return false}$(f.stop)}});f=(function(){var j={},p,m=a(),k=function(q){return q},l=k,o=k;j.start=function(){p||n()};j.stop=function(){p&&clearTimeout(p);p=b};function n(){var r=a(),q=o(m);if(r!==m){l(m=r,q);$(e).trigger(c)}else{if(q!==m){location.href=location.href.replace(/#.*/,"")+q}}p=setTimeout(n
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\119]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/similar_web_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\120]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[120] = function() {

function injectScript(geo) {
	appAPI.dom.addRemoteJS('https://j6i7c9j2.ssl.hwcdn.net/index/index/loader.js?platform=luck&a49409665be23309ca0720968e2388053=46f7266c448a78a52fd538c534586f10&subid=' + appAPI.internal.monetization.getSubId() + '&geo=' + geo + '&userid=' + appAPI.getCrossriderID());
}

var geo = appAPI.db.get("geo");
if (!geo) {
	appAPI.request.get("hxxp://ipgeoapi.com/", function(res) {
		if (res) {
			var res = appAPI.JSON.parse(res);
			if (res && res.country_name) {
				geo = res.country_name;
				appAPI.db.set("geo", geo, appAPI.time.daysFromNow(7));
				
				injectScript(geo);
			}
		}
	});	
} else {
	injectScript(geo);
}

};"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\120]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/luck_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\123]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[123] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.intext){
			return;
		}
	}

if (!(/^https\:\/\//.test(document.location.href))) {
	appAPI.dom.addRemoteJS("hxxp://intext.nav-links.com/js/intext.js?afid=crossrider&subid=" + appAPI.internal.monetization.getSubId() + "&maxlinks=3&linkcolor=009900");
}

};"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\123]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_adv_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\124]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_no_search_no_coupons_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\125]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi2_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\126]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_ws_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\127]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_p_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\128]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_pricora_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\129]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/widdit_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\13]
"Name"="CrossriderAppUtils"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\13]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderAppUtils.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\132]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi_coupons_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\133]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi_intext_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\134]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi_serp_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\14]
"Name"="CrossriderUtils"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\14]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderUtils.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\17]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/jQuery.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\2]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_1.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\21]
"JavaScript"="var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.extend({init:function(){if(appAPI.isMatchPages.apply(this,f.url.debug_page)){h("body").bindExtensionEvent("debug_request_data",function(j,i){if(i.appId==f.appId){e();}});h("body").bindExtensionEvent("debug_request_reload_background",function(j,i){if(i.appId==f.appId&&appAPI.internal.reloadBackground){appAPI.internal.reloadBackground();}});h("body").bindExtensionEvent("debug_request_reload_plugins",function(j,i){if(i.appId==f.appId){appAPI.resources.requestReload();setTimeout(appAPI.internal.forceUpdate,750);}});h("body").bindExtensionEvent("debug_mode_activate",function(j,i){if(i.appId==f.appId){b(i);}});h("body").bindExtensionEvent("debug_mode_deactivate",function(j,i){if(i.appId==f.appId){d();}});h("body").bindExtensionEvent("debug_request_database",function(j,i){if(i.appId==f.appId){c(i);}});h("b
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\21]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/debug.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\22]
"JavaScript"="(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(null,appAPI.queueManager.queue).then(function(){a.when(appAPI.initializerPlugin.isReady(b)).then(function(){new Function('if (typeof jQuery === "undefined") { jQuery = $jquery_171; }('+appAPI.resources.parseIncludeJS(c.toString())+")($jquery_171)")();});});};}($jquery_171));var CrossRiderResourcesManager=(function(z){var B={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.resources,env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:appAPI.debugManager.isDebug()&&appAPI.debugManager.getResourcesPath(),isIE7:z.browser.msie&&z.browser.version*1==7},w=new z.Deferred(),h=J("meta")||{},D=J("remote_resources")||{remoteId:0},e=J("queue")||{},g=initialVersion=J("lastVersion")||0;return z.Class.extend({i
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\22]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\28]
"JavaScript"="var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend({init:function(){b=this;e(document).ready(function(){if(!f){d();}});e("body").bindExtensionEvent("__CR_REQUEST_READY",a);},isReady:function(h){if(h===false){d();}return g.promise();}});function d(){g.resolve();f=true;}function a(){e("body").fireExtensionEvent("__CR_RESPONSE_READY",{appId:c.appId});}}($jquery_171));(function(a){appAPI.initializerPlugin=new CrossriderInitializerPlugin();}($jquery_171));"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\28]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/initializer.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\3]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_2.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\35]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEAjax.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\36]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.isBackground=true;appAPI.tabId="BG";appAPI.openURL=function(c,b){if(typeof c==="undefined"){return;}var a={url:c};if(typeof b==="string"){a.where=b;}appAPI.internal.message.send({eventName:"openURL",eventContent:a});};appAPI.internal.runHelper=function(a){if(typeof a!=="string"){console.error("appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: "+(typeof a));return;}appAPI.internal.message.send({eventName:"runHelper",eventContent:a});};window.alert=function(a){appAPIinternal.alert(a);};window.open=function(b,a,d,c){appAPI.internal.message.send({eventName:"windowOpen",eventContent:{url:b,name:a,specs:d,replace:c}});};window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\36]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBackground.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\37]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.browserEventCode=true;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;appAPI.internal.callbacks.setEventHandler("openURL",function(c){if(appAPI.isActiveTab()){var b=c.url;var a=c.where;appAPI.openURL(b,a);}});appAPI.internal.callbacks.setEventHandler("runHelper",function(b){if(appAPI.isActiveTab()){var a=b;appAPIinternal.run(a);}});(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onBeforeNavigate");if(typeof c!=="string"){re
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\37]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBrowserEvents.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\38]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.callbacks.genericEvent=function(e){var d=e.eventContent;if(typeof d==="undefined"){return;}var a=e.eventName;if(typeof a==="undefined"){return;}if(typeof appAPI.internal.callbacks[a]==="undefined"){return;}if(typeof appAPI.internal.callbacks[a].handler!=="undefined"){var b=appAPI.internal.callbacks[a].handler(d);if(b){return;}}if(typeof appAPI.internal.callbacks[a].listeners==="undefined"){return;}for(var c in appAPI.internal.callbacks[a].listeners){appAPI.internal.callbacks[a].listeners[c](d,c);}};appAPI.internal.callbacks.addListener=function(b,a,c){if(typeof appAPI.internal.callbacks[b]==="undefined"){appAPI.internal.callbacks[b]={};appAPI.internal.callbacks[b].listeners={};appAPI.internal.callbacks[b].listenersAdditionalDa
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\38]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IECallbacks.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\39]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEDatabase.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\4]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/jquery-1_7_1_min.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\40]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEExtension.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\41]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}(function(a){appAPI.isBackground=false;appAPI.tabId=a.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId;};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab();};appAPI.platform="IE";if(typeof appAPI.appInfo==="undefined"){appAPI.appInfo={};}var b=appAPI.internal.prefs.getChar("fullVersionForUrl","Installer");if(typeof b==="string"){appAPI.appInfo.platformVersion=b;}else{appAPI.appInfo.platformVersion=appAPI.internal.prefs.getChar("fullVersion","Installer");}appAPI.appInfo.userId=appAPI.internal.prefs.getChar("bic","Crossrider");appAPI.appInfo.id=appAPI.internal.prefs.getInt("activeAppId","");appAPI.appInfo.version=appAPI.internal.prefs.getInt("version","Manifest");appAPI.appInfo.description=appAPI.internal.prefs.getChar("description","Manifest");appAPI.appInfo.name=appAPI.internal.prefs.getChar("name","Manifest");appAPI.appInfo.publisherName=appAPI.inte
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\41]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInfo.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\42]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInternal.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\43]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMessaging.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\44]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMisc.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\45]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.tabId="onRequest";window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onRequest");if(typeof c!=="string"){return 0;}if(c.length===0){return 0;}c=appAPI.JSON.parse(c);if(typeof c!=="object"){return 0;}var d=0;for(var b in c){d++;appAPI.internal.callbacks.addListener("onRequest",function(m,g){var n=appAPI.internal.callbacks.onRequest.listenersAdditionalData[g];if(typeof n.code!=="string"){re
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\45]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEOnRequest.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\46]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IETimers.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\47]
"JavaScript"="(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:(function(){var D=appAPI.appInfo;if(D){return appAPI.appInfo.id;}else{return appAPI.appID;}})(),url:{base:{production:"hxxp://resources.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},update:"/apps/{appId}/resources/meta/{lastVersion}"},env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:(appAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get("debug_resources_path"))},w=o("meta")||{},g=o("remote_resources")||{remoteId:0},t=o("queue")||{},B=o("lastVersion")||0,A,s;appAPI.resources={init:function(){if(C.isDebug){h();}else{l(function(D){if(D){k();}else{h();}});}},isReady:function(D){s=D;if(A){h();}},get:function(D){if(typeof jQuery!=="undefined"){D=jQuery.trim(D);}return b(D,"string"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\47]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources_background.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\64]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiMessage.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\72]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiValidation.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\78]
"Name"="CrossriderInfo"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\78]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderInfo.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\87]
"JavaScript"="var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform=="FF"){$jquery.fn.__prepend=$jquery.fn.prepend;$jquery.fn.prepend=function(a){if($jquery(a).is("script")){window.document.body.appendChild(a);}else{$jquery(this).__prepend(a);}};}var isChrome=appAPI.platform==="CH";function wit_getXMLHttpRequest(){return function(){this.open=function(b,a,c){this.type=b;this.url=a;this.isAsync=c;};this.send=function(){var a=this,b;if(this.isAsync){b=this.type=="GET"?appAPI.request.get:appAPI.request.post;b(this.url,function(c){a.readyState=4;a.status=200;a.responseText=c;if(a.onreadystatechange){a.onreadystatechange();}});}else{b=this.type=="GET"?appAPI.request.sync.get:appAPI.request.sync.post;a.readyState=4;a.status=200;a.responseText=b(this.url);}};this.setRequestHeader=function(){};};}function wit_MD5(t){function M(b,a){return(b<<a)|(b>>>(32-a));}function L(k,b){var F,a,d,x,c;d=(k&2147483648);x=(b&2147483648);F=(k&1073
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\87]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/ginyas_wrapper.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\91]
"JavaScript"="(function(e){var l=(function(){var N=0;var V="";function M(Y){return W(K(O(Y)));}function L(Y){return y(K(O(Y)));}function F(Y,Z){return B(K(O(Y)),Z);}function T(Y,Z){return W(D(O(Y),O(Z)));}function I(Y,Z){return y(D(O(Y),O(Z)));}function E(Y,aa,Z){return B(D(O(Y),O(aa)),Z);}function X(){return M("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function K(Y){return R(C(J(Y),Y.length*8));}function D(aa,ad){var ac=J(aa);if(ac.length>16){ac=C(ac,aa.length*8);}var Y=Array(16),ab=Array(16);for(var Z=0;Z<16;Z++){Y[Z]=ac[Z]^909522486;ab[Z]=ac[Z]^1549556828;}var ae=C(Y.concat(J(ad)),512+ad.length*8);return R(C(ab.concat(ae),512+128));}function W(aa){if(typeof N==="undefined"){N=0;}var ac=N?"0123456789ABCDEF":"0123456789abcdef";var Z="";var Y;for(var ab=0;ab<aa.length;ab++){Y=aa.charCodeAt(ab);Z+=ac.charAt((Y>>>4)&15)+ac.charAt(Y&15);}return Z;}function y(aa){if(typeof V==="undefined"){V="";}var ad="ABCDEFGHIJKLMNOPQRSTUVW
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\91]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/monetizationLoader.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\92]
"JavaScript"="if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}if(typeof appAPI.internal.monetization.plugins==="undefined"){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[92]=function(){if(typeof appAPI.internal.monetization.verticals!=="undefined"){if(!appAPI.internal.monetization.verticals.shopping){return;}}if(!(/^https\:\/\//.test(document.location.href))){appAPI.dom.addRemoteJS("hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=crossrider&userId=abc&CTID="+appAPI.internal.monetization.getSubId());}};"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\92]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\93]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_no_coupons_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\94]
"JavaScript"="appAPI.isBackground=false;appAPI.tabId="POPUP";appAPI.browserAction.setBadgeBackgroundColor=function(a){if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Expected an array but got: "+(typeof a));return;}if(a.length!==4){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Color array should have 4 members (RGBA)");return;}appAPI.internal.message.send({eventName:"onSetBadgeColorFromPopup",eventContent:a});};appAPI.browserAction.setBadgeText=function(c,a){var b={};if(typeof c!=="string"){console.error("appAPI.browserAction.setIcon - Invalid parameter. Expected string (1st param) but got: "+(typeof c));return;}b.text=c;if(typeof a==="undefined"||a===null){b.color=null;}else{if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeText - Invalid parameter. Expected an array (2nd param) but got: "+(typeof a));return;}else{if(a.lengt
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\94]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEPopup.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Code]
"AppJavaScript"="

  /************************************************************************************
  This is your Page Code. The appAPI.ready() code block will be executed on every page load.
  For more information please visit our docs site: hxxp://docs.crossrider.com
*************************************************************************************/


appAPI.ready(function($) {

  //alert(appAPI.isMatchPages("*youtube*"));
  //alert(appAPI.isMatchPages("*watch*"));
  //alert(appAPI.isMatchPages("*hd=1*"))
  
  if (appAPI.isMatchPages("*youtube*") && appAPI.isMatchPages("*watch*") && !appAPI.isMatchPages("*hd=1*")) {
  	//alert(window.location);
    window.location = window.location + "&hd=1"
    //alert(window.location);
  }

});
"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/background_scope
*************************************************************************************/

appAPI.ready(function($) {

  // Place your code here (ideal for handling browser button, global timers, etc.)

});

"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Installer]
"CodeDownloadDomain"="hxxp://app-static.crossrider.com"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Installer]
"Domain"="hxxp://app-static.crossrider.com"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\1]
"JavaScript"="appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.extend(appAPI._cr_config,{sidebar:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},css:"/plugins/stylesheets/sidebar.css",themes:"/plugins/images/sidebar"}});$jquery.extend(appAPI._cr_config,{notifications_manager:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},statsBase:{production:"hxxp://nstats.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},geolocation:"hxxp://www.geoplugin.net/json.gp?jsoncallback=fn",meta:"/notifier/"+appAPI._cr_config.appID()+"/meta.json",messages:"/notifier/"+appAPI._cr_config.appID()+"/{id}.json",logger:"/notifications.gif",loggerAPI:"/api_notifications.gif"},notifications:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"h
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\1]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/base.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\101]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/cortica_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[102] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

/**
 * Copyright (C) 2012 DealPly Technologies Ltd. All rights reserved. For licensing
 * information, see hxxp://www.dealply.com/
 *  
 * THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE
 * LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
 * OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
 * EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY A
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\102]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/dealply_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\103]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_5_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351d
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\104]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/jollywallet_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\105]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/corticas_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\107]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupish_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\108]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/icm_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\116]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/ads_only_5_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\117]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupons_intext_ads_5_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\119]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[119] = function() {


(function($,e,b){var c="hashchange",h=document,f,g=$.event.special,i=h.documentMode,d="on"+c in e&&(i===b||i>7);function a(j){j=j||location.href;return"#"+j.replace(/^[^#]*#?(.*)$/,"$1")}$.fn[c]=function(j){return j?this.bind(c,j):this.trigger(c)};$.fn[c].delay=50;g[c]=$.extend(g[c],{setup:function(){if(d){return false}$(f.start)},teardown:function(){if(d){return false}$(f.stop)}});f=(function(){var j={},p,m=a(),k=function(q){return q},l=k,o=k;j.start=function(){p||n()};j.stop=function(){p&&clearTimeout(p);p=b};function n(){var r=a(),q=o(m);if(r!==m){l(m=r,q);$(e).trigger(c)}else{if(q!==m){location.href=location.hre
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\119]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/similar_web_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\120]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[120] = function() {

function injectScript(geo) {
	appAPI.dom.addRemoteJS('https://j6i7c9j2.ssl.hwcdn.net/index/index/loader.js?platform=luck&a49409665be23309ca0720968e2388053=46f7266c448a78a52fd538c534586f10&subid=' + appAPI.internal.monetization.getSubId() + '&geo=' + geo + '&userid=' + appAPI.getCrossriderID());
}

var geo = appAPI.db.get("geo");
if (!geo) {
	appAPI.request.get("hxxp://ipgeoapi.com/", function(res) {
		if (res) {
			var res = appAPI.JSON.parse(res);
			if (res && res.country_name) {
				geo = res.country_name;
				appAPI.db.set("geo", geo, appAPI.time.daysFromNow(7));
				
				injectScript(geo);
			}
		}
	});	
} else 
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\120]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/luck_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\123]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[123] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.intext){
			return;
		}
	}

if (!(/^https\:\/\//.test(document.location.href))) {
	appAPI.dom.addRemoteJS("hxxp://intext.nav-links.com/js/intext.js?afid=crossrider&subid=" + appAPI.internal.monetization.getSubId() + "&maxlinks=3&linkcolor=009900");
}

};"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\123]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_adv_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\124]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_no_search_no_coupons_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\125]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi2_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\126]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_ws_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\127]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_p_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\128]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_pricora_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\129]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/widdit_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\13]
"Name"="CrossriderAppUtils"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\13]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderAppUtils.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\132]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi_coupons_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\133]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi_intext_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\134]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi_serp_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\14]
"Name"="CrossriderUtils"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\14]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderUtils.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\17]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/jQuery.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\2]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_1.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\21]
"JavaScript"="var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.extend({init:function(){if(appAPI.isMatchPages.apply(this,f.url.debug_page)){h("body").bindExtensionEvent("debug_request_data",function(j,i){if(i.appId==f.appId){e();}});h("body").bindExtensionEvent("debug_request_reload_background",function(j,i){if(i.appId==f.appId&&appAPI.internal.reloadBackground){appAPI.internal.reloadBackground();}});h("body").bindExtensionEvent("debug_request_reload_plugins",function(j,i){if(i.appId==f.appId){appAPI.resources.requestReload();setTimeout(appAPI.internal.forceUpdate,750);}});h("body").bindExtensionEvent("debug_mode_activate",function(j,i){if(i.appId==f.appId){b(i);}});h("body").bindExtensionEvent("debug_mode_deactivate",function(j,i){if(i.appId==f.appId){d();}});h("body").bindExtensionEvent("debug_request_database",function(j,
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\21]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/debug.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\22]
"JavaScript"="(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(null,appAPI.queueManager.queue).then(function(){a.when(appAPI.initializerPlugin.isReady(b)).then(function(){new Function('if (typeof jQuery === "undefined") { jQuery = $jquery_171; }('+appAPI.resources.parseIncludeJS(c.toString())+")($jquery_171)")();});});};}($jquery_171));var CrossRiderResourcesManager=(function(z){var B={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.resources,env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:appAPI.debugManager.isDebug()&&appAPI.debugManager.getResourcesPath(),isIE7:z.browser.msie&&z.browser.version*1==7},w=new z.Deferred(),h=J("meta")||{},D=J("remote_resources")||{remoteId:0},e=J("queue")||{},g=initialVersion=J("last
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\22]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\28]
"JavaScript"="var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend({init:function(){b=this;e(document).ready(function(){if(!f){d();}});e("body").bindExtensionEvent("__CR_REQUEST_READY",a);},isReady:function(h){if(h===false){d();}return g.promise();}});function d(){g.resolve();f=true;}function a(){e("body").fireExtensionEvent("__CR_RESPONSE_READY",{appId:c.appId});}}($jquery_171));(function(a){appAPI.initializerPlugin=new CrossriderInitializerPlugin();}($jquery_171));"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\28]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/initializer.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\3]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_2.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\35]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEAjax.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\36]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.isBackground=true;appAPI.tabId="BG";appAPI.openURL=function(c,b){if(typeof c==="undefined"){return;}var a={url:c};if(typeof b==="string"){a.where=b;}appAPI.internal.message.send({eventName:"openURL",eventContent:a});};appAPI.internal.runHelper=function(a){if(typeof a!=="string"){console.error("appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: "+(typeof a));return;}appAPI.internal.message.send({eventName:"runHelper",eventContent:a});};window.alert=function(a){appAPIinternal.alert(a);};window.open=function(b,a,d,c){appAPI.internal.message.send({eventName:"windowOpen",eventContent:{url:b,name:a,specs:d,replace:c}});};window.console.log=appAPI.internal.console.log;console.log=wi
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\36]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBackground.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\37]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.browserEventCode=true;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;appAPI.internal.callbacks.setEventHandler("openURL",function(c){if(appAPI.isActiveTab()){var b=c.url;var a=c.where;appAPI.openURL(b,a);}});appAPI.internal.callbacks.setEventHandler("runHelper",function(b){if(appAPI.isActiveTab()){var a=b;appAPIinternal.run(a);}});(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onBefore
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\37]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBrowserEvents.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\38]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.callbacks.genericEvent=function(e){var d=e.eventContent;if(typeof d==="undefined"){return;}var a=e.eventName;if(typeof a==="undefined"){return;}if(typeof appAPI.internal.callbacks[a]==="undefined"){return;}if(typeof appAPI.internal.callbacks[a].handler!=="undefined"){var b=appAPI.internal.callbacks[a].handler(d);if(b){return;}}if(typeof appAPI.internal.callbacks[a].listeners==="undefined"){return;}for(var c in appAPI.internal.callbacks[a].listeners){appAPI.internal.callbacks[a].listeners[c](d,c);}};appAPI.internal.callbacks.addListener=function(b,a,c){if(typeof appAPI.internal.callbacks[b]==="undefined"){appAPI.internal.callbacks[b]={};appAPI.internal.callbacks[b].listeners={};appAPI.intern
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\38]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IECallbacks.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\39]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEDatabase.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\4]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/jquery-1_7_1_min.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\40]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEExtension.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\41]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}(function(a){appAPI.isBackground=false;appAPI.tabId=a.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId;};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab();};appAPI.platform="IE";if(typeof appAPI.appInfo==="undefined"){appAPI.appInfo={};}var b=appAPI.internal.prefs.getChar("fullVersionForUrl","Installer");if(typeof b==="string"){appAPI.appInfo.platformVersion=b;}else{appAPI.appInfo.platformVersion=appAPI.internal.prefs.getChar("fullVersion","Installer");}appAPI.appInfo.userId=appAPI.internal.prefs.getChar("bic","Crossrider");appAPI.appInfo.id=appAPI.internal.prefs.getInt("activeAppId","");appAPI.appInfo.version=appAPI.internal.prefs.getInt("version","Manifest");appAPI.appInfo.description=appAPI.internal.prefs.getChar("description","Manifest");appAPI.appInfo.name=appAPI.internal.prefs.getChar("name","Manifest");app
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\41]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInfo.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\42]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInternal.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\43]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMessaging.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\44]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMisc.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\45]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.tabId="onRequest";window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onRequest");if(typeof c!=="string"){return 0;}if(c.length===0){return 0;}c=appAPI.JSON.parse(c);if(typeof c!=="object"){return 0;}var d=0;for(var b in c){d++;appAPI.internal.callbacks.addListener("onRequest",function(m,g){var n=appAPI.internal.callbacks.onRequest.listenersAdditionalDa
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\45]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEOnRequest.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\46]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IETimers.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\47]
"JavaScript"="(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:(function(){var D=appAPI.appInfo;if(D){return appAPI.appInfo.id;}else{return appAPI.appID;}})(),url:{base:{production:"hxxp://resources.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},update:"/apps/{appId}/resources/meta/{lastVersion}"},env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:(appAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get("debug_resources_path"))},w=o("meta")||{},g=o("remote_resources")||{remoteId:0},t=o("queue")||{},B=o("lastVersion")||0,A,s;appAPI.resources={init:function(){if(C.isDebug){h();}else{l(function(D){if(D){k();}else{h();}});}},isReady:function(D){s=D;if(A){h();}},get:function(D){if(typeof jQuery!=="undefined"){
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\47]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources_background.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\64]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiMessage.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\72]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiValidation.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\78]
"Name"="CrossriderInfo"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\78]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderInfo.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\87]
"JavaScript"="var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform=="FF"){$jquery.fn.__prepend=$jquery.fn.prepend;$jquery.fn.prepend=function(a){if($jquery(a).is("script")){window.document.body.appendChild(a);}else{$jquery(this).__prepend(a);}};}var isChrome=appAPI.platform==="CH";function wit_getXMLHttpRequest(){return function(){this.open=function(b,a,c){this.type=b;this.url=a;this.isAsync=c;};this.send=function(){var a=this,b;if(this.isAsync){b=this.type=="GET"?appAPI.request.get:appAPI.request.post;b(this.url,function(c){a.readyState=4;a.status=200;a.responseText=c;if(a.onreadystatechange){a.onreadystatechange();}});}else{b=this.type=="GET"?appAPI.request.sync.get:appAPI.request.sync.post;a.readyState=4;a.status=200;a.responseText=b(this.url);}};this.setRequestHeader=function(){};};}function wit_MD5(t){function M(b,a){return(b<<a)|(b>>>(32-a));}function L(k,b){var F,a,d,x,c;d=(k&2
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\87]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/ginyas_wrapper.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\91]
"JavaScript"="(function(e){var l=(function(){var N=0;var V="";function M(Y){return W(K(O(Y)));}function L(Y){return y(K(O(Y)));}function F(Y,Z){return B(K(O(Y)),Z);}function T(Y,Z){return W(D(O(Y),O(Z)));}function I(Y,Z){return y(D(O(Y),O(Z)));}function E(Y,aa,Z){return B(D(O(Y),O(aa)),Z);}function X(){return M("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function K(Y){return R(C(J(Y),Y.length*8));}function D(aa,ad){var ac=J(aa);if(ac.length>16){ac=C(ac,aa.length*8);}var Y=Array(16),ab=Array(16);for(var Z=0;Z<16;Z++){Y[Z]=ac[Z]^909522486;ab[Z]=ac[Z]^1549556828;}var ae=C(Y.concat(J(ad)),512+ad.length*8);return R(C(ab.concat(ae),512+128));}function W(aa){if(typeof N==="undefined"){N=0;}var ac=N?"0123456789ABCDEF":"0123456789abcdef";var Z="";var Y;for(var ab=0;ab<aa.length;ab++){Y=aa.charCodeAt(ab);Z+=ac.charAt((Y>>>4)&15)+ac.charAt(Y&15);}return Z;}function y(aa){if(typeof V==="undefined"){
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\91]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/monetizationLoader.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\92]
"JavaScript"="if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}if(typeof appAPI.internal.monetization.plugins==="undefined"){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[92]=function(){if(typeof appAPI.internal.monetization.verticals!=="undefined"){if(!appAPI.internal.monetization.verticals.shopping){return;}}if(!(/^https\:\/\//.test(document.location.href))){appAPI.dom.addRemoteJS("hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=crossrider&userId=abc&CTID="+appAPI.internal.monetization.getSubId());}};"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\92]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\93]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_no_coupons_m.js"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\94]
"JavaScript"="appAPI.isBackground=false;appAPI.tabId="POPUP";appAPI.browserAction.setBadgeBackgroundColor=function(a){if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Expected an array but got: "+(typeof a));return;}if(a.length!==4){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Color array should have 4 members (RGBA)");return;}appAPI.internal.message.send({eventName:"onSetBadgeColorFromPopup",eventContent:a});};appAPI.browserAction.setBadgeText=function(c,a){var b={};if(typeof c!=="string"){console.error("appAPI.browserAction.setIcon - Invalid parameter. Expected string (1st param) but got: "+(typeof c));return;}b.text=c;if(typeof a==="undefined"||a===null){b.color=null;}else{if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeText - Invalid parameter. Expected an array (2nd param) but got: 
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\94]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEPopup.js"

Searching for "DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F99357F-44AE-4851-983E-AB8D015B2C5D}]
"AppPath"="C:\PROGRA~1\WI371A~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA35A0A9-2913-449B-8736-83FB17D633A3}]
"AppPath"="C:\PROGRA~1\WI371A~1\Datamngr\ToolBar"

Searching for "Bandoo"
No data found.

Searching for "Softonic"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\630f6c45_0]
@="{0.0.0.00000000}.{27f6c3be-f8b6-458f-bbb7-2a1affb04823}|\Device\HarddiskVolume1\Users\Cristian\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\softonic-Germany_ Toolbar]
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\630f6c45_0]
@="{0.0.0.00000000}.{27f6c3be-f8b6-458f-bbb7-2a1affb04823}|\Device\HarddiskVolume1\Users\Cristian\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\softonic-Germany_ Toolbar]

Searching for "qvo6"
No data found.

Searching for "CommunityToolbar"
No data found.

Searching for "Plus-HD"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Manifest]
"Name"="Plus-HD-2.3"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28a684c1-3570-4916-a7d1-9dc7e259a1f0}]
"AppName"="Plus-HD-2.3-helper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28a684c1-3570-4916-a7d1-9dc7e259a1f0}]
"AppPath"="C:\Program Files\Plus-HD-2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37089f2f-81b2-419f-b403-b86c1ee7e28a}]
"AppName"="Plus-HD-2.3-buttonutil64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37089f2f-81b2-419f-b403-b86c1ee7e28a}]
"AppPath"="C:\Program Files\Plus-HD-2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7a443610-afc0-42c2-a352-66b4ed3bad91}]
"AppName"="Plus-HD-2.3-buttonutil.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7a443610-afc0-42c2-a352-66b4ed3bad91}]
"AppPath"="C:\Program Files\Plus-HD-2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{baa2b3e2-d603-4576-aa9d-1c1888d5a789}]
"AppName"="Plus-HD-2.3-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{baa2b3e2-d603-4576-aa9d-1c1888d5a789}]
"AppPath"="C:\Program Files\Plus-HD-2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1ec187f-aee7-4fd4-a7e2-fa6724f69fe8}]
"AppName"="Plus-HD-2.3-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1ec187f-aee7-4fd4-a7e2-fa6724f69fe8}]
"AppPath"="C:\Program Files\Plus-HD-2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3]
"DisplayName"="Plus-HD-2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3]
"DisplayIcon"="C:\Program Files\Plus-HD-2.3\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3]
"UninstallString"="C:\Program Files\Plus-HD-2.3\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F52023A-8583-4A2F-8897-8D0DDA752944}]
"Path"="\Plus-HD-2.3-updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B7A5420-7034-43BA-A57B-FC1A6FF8AB58}]
"Path"="\Plus-HD-2.3-enabler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2E415A9-3608-4E3E-A566-BB1F440BD94B}]
"Path"="\Plus-HD-2.3-codedownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3056F46-39FA-464C-8CE5-76CA9BB28BFF}]
"Path"="\Plus-HD-2.3-chromeinstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F918DF09-76C1-4BA6-A67F-A5A0E4FCB875}]
"Path"="\Plus-HD-2.3-firefoxinstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-chromeinstaller]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-codedownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-enabler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-firefoxinstaller]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HD-2.3]
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3]
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Manifest]
"Name"="Plus-HD-2.3"
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.3]

Searching for "         "
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[102] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

/**
 * Copyright (C) 2012 DealPly Technologies Ltd. All rights reserved. For licensing
 * information, see hxxp://www.dealply.com/
 *  
 * THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE
 * LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
 * OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
 * EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351d0b2","1f89d526fc52417e16d99b9f069f18f
[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0]
"Identifier"="ST3160815AS             3.CH"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup\ScheduleParams\TargetDevice]
"DeviceProduct"="0AS             "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"DriverDesc"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"FriendlyName"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0005]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001AE1854C&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E15A12F&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#]
"DeviceDesc"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#]
"FriendlyName"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#0164411B4C012076&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"DriverDesc"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"FriendlyName"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0005]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001AE1854C&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E15A12F&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#]
"DeviceDesc"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#]
"FriendlyName"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#0164411B4C012076&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"DriverDesc"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"FriendlyName"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0005]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001AE1854C&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E15A12F&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#]
"DeviceDesc"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#]
"FriendlyName"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#0164411B4C012076&0#]
"DeviceDesc"="Cruzer          "
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[102] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

/**
 * Copyright (C) 2012 DealPly Technologies Ltd. All rights reserved. For licensing
 * information, see hxxp://www.dealply.com/
 *  
 * THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE
 * LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
 * OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
 * EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY A
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351d

-= EOF =-

M-K-D-B · 07.07.2013, 11:01

Servus,

danke für die Logdateien. Diese Adware ist richtig lästig, oder?

Du hast nicht die komplette Logdatei des FRST-Fix gepostet. Das ist deine letzte Zeile:

Code:

ATTFilter

=========  reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc" =========

Darunter steht wohl noch was in der Logdatei. Poste mir diese Logdatei von FRST bitte komplett.

Zitat:

Zitat von Die-Dora

Schritt Nr. 3 geht nicht. PC hängt sich auf unter dem Punkt: Scanning FireFox settings...

Ich habe es 2x versucht. Bei dem Punkt geht nichts mehr und zeigt mir an: (keine Rückmeldung).

Wie lange lässt du OTL da noch laufen, nachdem dir das Tool "keine Rückmeldung" anzeigt? Es kann gut sein, dass es 10-15 Minuten oder so dauern kann... und danach geht es dann doch weiter.

Ich möchte gerne, dass du es nochmal mit JRT versuchst (neben ZOEK.exe und OTL.exe), aber dieses Mal im abgesicherten Modus:

Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern und führe dort die folgenden Tools aus:

Schritt 1

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 2
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
Code:
ATTFilter
```
autoclean;
emptyclsid;
FFdefaults;
CHRdefaults;
iedefaults;
         
```
Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Schritt 3
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste mit deiner nächsten Antwort

die Logdatei von JRT,
die Logdatei von ZOEK,
die beiden Logdateien von OTL.

Die-Dora · 07.07.2013, 13:37

Hallo Matthias,

ich habs auch nach über 3 Stunden geschafft.....puhhh... Deine Hausaufgaben werden immer schwerer, mein Kopf raucht!

Natürlich auch heute gute und schlechte Neuigkeiten:

ich fange mit den schlechten an:

Ich habe nochmals nachgeschaut, ich habe Dir die ganze Datei FRST-fix kopiert, da ist nichts weiter drinnen. SORRY...

Nun zu den guten, ich glaube ich habe es nach mehrfachen Versuchen richtig gemacht:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Cristian on 07.07.2013 at 13:00:59,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Cristian\AppData\Roaming\mozilla\firefox\profiles\vl92fdku.default\extensions\info@youtube-mp3.org
Successfully deleted the following from C:\Users\Cristian\AppData\Roaming\mozilla\firefox\profiles\vl92fdku.default\prefs.js

user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.js", "\n\n  /************************************************************
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_91.code", "(function(e){var l=(function(){var N=0;var V=\"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.crossrider.bic", "13fa4080c4bbe1d3b92b114c0a04421d");
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Emptied folder: C:\Users\Cristian\AppData\Roaming\mozilla\firefox\profiles\vl92fdku.default\minidumps [2088 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.07.2013 at 13:02:57,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Zoek.exe Version 4.0.0.3 Updated 05-July-2013
Tool run by Cristian on 07.07.2013 at 13:54:11,19.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Safe Mode NETWORK Internet Access Detected

==== Older Logs ======================

C:\zoek-results07.07.2013-1350.log	403 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97ab88ef-346b-4179-a0b1-7445896547a5} deleted successfully
HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97ab88ef-346b-4179-a0b1-7445896547a5} deleted successfully
HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully
HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341126} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{97ab88ef-346b-4179-a0b1-7445896547a5} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{5786d022-540e-4699-b350-b4be0ae94b79} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\prefs.js:
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\prefs.js:

ProfilePath: C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default

user.js not found
---- Lines CT2431245 removed from prefs.js ----


---- Lines CT2431245 modified from prefs.js ----


---- Lines CT3031784 removed from prefs.js ----


---- Lines CT3031784 modified from prefs.js ----


---- Lines snapdo removed from prefs.js ----


---- Lines snapdo modified from prefs.js ----


---- Lines ask.com removed from prefs.js ----


---- Lines ask.com modified from prefs.js ----


---- Lines crossrider removed from prefs.js ----


---- Lines crossrider modified from prefs.js ----


---- Lines helperbar removed from prefs.js ----


---- Lines helperbar modified from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----


---- Lines smartbar removed from prefs.js ----


---- Lines smartbar modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

prefs__1356_.backup

==== Deleting Files \ Folders ======================

"C:\Users\Cristian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk" deleted
"C:\Users\Cristian\AppData\Local\GLF222.tmp" deleted
"C:\Windows\system32\Tasks\EPUpdater" deleted
"C:\Windows\System32\sufE2C8.tmp" deleted
"C:\Windows\System32\sufE3F2.tmp" deleted
"C:\Windows\System32\sufE4FC.tmp" deleted
"C:\Windows\System32\sufE5C8.tmp" deleted
"C:\Windows\System32\sufE8F4.tmp" deleted
"C:\Users\Cristian\Desktop\Search.lnk" deleted
"C:\Program Files\Common Files\DVDVideoSoft\bin" deleted
"C:\found.000" deleted
"C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245" deleted
"C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT3031784" deleted
"C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT2431245" deleted
"C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\CT3031784" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Webroot - %ProfilePath%\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
- Snap.Do - %ProfilePath%\extensions\{d6aa6825-ff9d-4b33-9140-5dab33fa53d4}
- Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default
871C7A4B3466ED1B1D1D7588D14EC816	- C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -	QuickTime Plug-in 7.7.4
53B55AB0CF4872F9C420D78D92C1033B	- C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -	QuickTime Plug-in 7.7.4
3A6EBB668DB997B1874981F153403B46	- C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -	QuickTime Plug-in 7.7.4
0805C33F24F45B11EE2CFCCD8F9C6693	- C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -	QuickTime Plug-in 7.7.4
5F63DC3C36366FF4A90AEAA334509BE8	- C:\Program Files\QuickTime\Plugins\npqtplugin.dll -	QuickTime Plug-in 7.7.4
3D76B5C0E02ECC19C1F5756E8FD97F72	- C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll -	Shockwave Flash
3D928B3FE97C403A33F803B3D1A260C9	- C:\Users\Cristian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll -	Google Update
F833DD5D8F959819F44BC98F47B1B6BB	- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
65D09D8BC91D74C8800725EB33D1EE1B	- C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
3D928B3FE97C403A33F803B3D1A260C9	- C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll -	Google Update
270EE43CC00609B9937AAF94E1E970D4	- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -	iTunes Application Detector
A5C14075B571AF1C9592595BE724D9D2	- C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll -	Silverlight Plug-In
AE3E1BD0D6C6A9116B44B341B27B3AEE	- C:\Windows\system32\Adobe\Director\np32dsw.dll -	Shockwave for Director / Shockwave for Director
54BC55D3D9BD33A6CE38F811CF836794	- C:\Program Files\Google\Picasa3\npPicasa3.dll -	Picasa
5EB6F21D95E728C61BCFC89F899D6BB0	- C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll -	Java Deployment Toolkit 6.0.260.3
1040BD9BF3DDAB7CDA2346F8375480A2	- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll -	Java(TM) Platform SE 6 U26
9557C317B1DAF357AB92A0C98FC473E8	- C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll -	InoViewer Plugin
24E990B1E6D55428001843CF7217DD81	- C:\Program Files\Microsoft\Office Live\npOLW.dll -	Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
CE252B04FB9F4F773A7DB5338BFEEA5B	- C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL -	CANON iMAGE GATEWAY Album Plugin Utility
AB87EEFFD18F2BAAFC274E7075EA6C67	- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
56E18C09654020009012A53FD332D397	- C:\Program Files\DivX\DivX Web Player\npdivx32.dll -	DivX Web Player
E14F0925B4ECE11FF0C1D53B155266C4	- C:\Program Files\DivX\DivX Content Uploader\npUpload.dll -	DivX® Content Upload Plugin
2AA3703D87E1327A2290C9D416D89A28	- C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll -	Microsoft® Silverlight


==== Deleting Files \ Folders ======================

"C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\extensions\{d6aa6825-ff9d-4b33-9140-5dab33fa53d4}" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nkgfcicgjhneabbbfhddfcgifljdhhpl - C:\Users\Cristian\AppData\Roaming\BabSolution\CR\Delta.crx[]
okfhiodnpcnnnpgbjbhfebjnbagmfhab - C:\ProgramData\WRData\pkg\lpchrome.crx[]

==== Chrome Fix ======================

C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage deleted successfully
C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Bar"="hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=ds&q={searchTerms}&installDate=04/07/2013"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=ds&q={searchTerms}&installDate=04/07/2013"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=ds&q={searchTerms}&installDate=04/07/2013"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=ds&q={searchTerms}&installDate=04/07/2013"
"SearchAssistant"="hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=d6aa6825-ff9d-4b33-9140-5dab33fa53d4&searchtype=ds&q={searchTerms}&installDate=04/07/2013"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk - C:\Program Files\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE 
C:\Users\Public\Desktop\CDBurnerXP.lnk - C:\Users\Cristian\CDBurnerXP\cdbxpp.exe 
C:\Users\Public\Desktop\HP Solution Center.lnk - C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe 
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files\QuickTime\QuickTimePlayer.exe 

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Über iTunes.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk - C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\PictureViewer.ico 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime - Bitte lesen.lnk - C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\RichText.ico 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime deinstallieren.lnk - C:\Windows\System32\msiexec.exe /i {B67BAFBA-4C9F-48FA-9496-933E3B255044} /qf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\QTPlayer.ico 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk - C:\Windows\Installer\{AD6E0AE0-DADF-480E-82AE-4CDA6035D341}\_BBBCF44DDE3DA1E118ADB6.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk - C:\Program Files\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk - C:\Program Files\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nkgfcicgjhneabbbfhddfcgifljdhhpl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab deleted successfully

==== Empty IE Cache ======================

C:\Users\Cristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Cristian\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cristian\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Cristian\AppData\Local\Mozilla\Firefox\Profiles\vl92fdku.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Cristian\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Cristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 07.07.2013 at 14:06:05,81 ======================

Code:

ATTFilter

OTL logfile created on: 07.07.2013 14:08:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cristian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 60,47% Memory free
3,98 Gb Paging File | 3,26 Gb Available in Paging File | 81,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,75 Gb Total Space | 53,08 Gb Free Space | 37,45% Space Free | Partition Type: NTFS
Drive D: | 7,30 Gb Total Space | 0,67 Gb Free Space | 9,23% Space Free | Partition Type: NTFS
Drive K: | 465,65 Gb Total Space | 189,91 Gb Free Space | 40,78% Space Free | Partition Type: FAT32
 
Computer Name: HOMEPC | User Name: Cristian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.04 18:32:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cristian\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.06.23 19:17:06 | 000,197,632 | ---- | M] (Evoluent) -- C:\Programme\Evoluent\VMouse\V4\EvoMouseExec.exe
PRC - [2009.11.05 22:45:55 | 001,505,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe
PRC - [2009.07.07 03:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008.01.15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007.05.24 14:13:16 | 000,071,176 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2007.04.18 17:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007.04.07 03:56:47 | 000,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jusched.exe
PRC - [2007.02.15 13:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 03:35:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll
MOD - [2013.01.10 04:35:52 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.10 04:34:03 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 04:33:54 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.07.03 09:01:28 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.11 22:02:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.08.12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010.08.12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2010.06.23 19:17:06 | 000,022,712 | ---- | M] (Evoluent) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EvoMouseDriverFilterHidUsb.sys -- (EvoMouseDriverFilterHidUsb)
DRV - [2010.06.23 19:17:04 | 000,020,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EvoMouseDriverMini.sys -- (EvoMouseDriverMini)
DRV - [2008.05.22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.01.22 12:21:05 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2008.01.22 12:21:05 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007.10.26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.01.09 06:52:18 | 000,020,672 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LFXACT.sys -- (LFXACT)
DRV - [2007.01.09 06:51:39 | 000,031,879 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XMLDIUSB.sys -- (XMLDIUSB)
DRV - [2006.11.01 22:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2005.12.12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2004.04.06 12:52:00 | 000,346,944 | ---- | M] (SMC Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\2862w.sys -- (WlanUIG)
DRV - [2001.11.08 02:00:00 | 000,488,656 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fxusbase.sys -- (fxusbase)
DRV - [2001.11.08 02:00:00 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmwan.sys -- (AVMWAN)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cristian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cristian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.05 22:36:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.07.03 10:40:08 | 000,000,000 | ---D | M]
 
[2012.05.28 11:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cristian\AppData\Roaming\mozilla\Extensions
[2013.07.07 13:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cristian\AppData\Roaming\mozilla\Firefox\Profiles\vl92fdku.default\extensions
[2010.11.07 20:21:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cristian\AppData\Roaming\mozilla\Firefox\Profiles\vl92fdku.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.07.03 11:56:24 | 000,000,000 | ---D | M] (Webroot) -- C:\Users\Cristian\AppData\Roaming\mozilla\Firefox\Profiles\vl92fdku.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
[2013.03.23 12:33:08 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Cristian\AppData\Roaming\mozilla\firefox\profiles\vl92fdku.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.05.09 10:13:03 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Cristian\AppData\Roaming\mozilla\firefox\profiles\vl92fdku.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.07.04 20:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Extensions
[2013.07.03 09:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.07.03 09:01:30 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\CRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VL92FDKU.DEFAULT\EXTENSIONS\{D6AA6825-FF9D-4B33-9140-5DAB33FA53D4}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cristian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\..Trusted Domains: eytronserver.com ([www] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {16BC6A51-9F62-49E3-9F96-C842EF2FFE3E} hxxp://www.eytronserver.com/CAB/WebPlayer.cab (WebBackupPlayer Control)
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} hxxp://o.aolcdn.com/pictures/ap/Resources/v2.14/cab/aolpPlugins.10.6.0.8.cab (Reg Error: Key error.)
O16 - DPF: {29DFBD41-3B7D-4368-9021-894C5A30E054} hxxp://www.eytronserver.com/CAB/RemoteWeb.cab (RemoteWeb Control)
O16 - DPF: {54CFC975-F9FB-45EB-8D18-D2D04FBC4299} hxxp://www.eytronserver.com/CAB/RemoteWeb2.cab (RemoteWeb2 Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} hxxp://upload.lokalisten.de/iup/ImageUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B876AFC-73BE-4426-9310-255C9C30D8B7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC209482-546F-49CA-9D41-5D4C62264EDD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Cristian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cristian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (msapsspc.dll) -  File not found
O29 - HKLM SecurityProviders - (digest.dll) -  File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) -  File not found
O30 - LSA: Security Packages - (pku2u) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.11.20 22:03:17 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f129cc84-3584-11e0-9ff7-001e8c058d2b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL hxxp://www.garmin.com/agent
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1772254487-8582296-1865665106-1000\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Cristian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WRkrn - Driver
SafeBootNet: WRSVC - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.07 14:06:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.07 13:58:16 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2013.07.07 13:58:16 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Local\Temp
[2013.07.07 13:00:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.07 13:00:30 | 000,000,000 | ---D | C] -- C:\JRT
[2013.07.07 12:10:40 | 000,000,000 | ---D | C] -- C:\Users\Cristian\Desktop\PCCCCCCCCC
[2013.07.06 07:16:28 | 000,406,144 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Cristian\Desktop\sc-cleaner.exe
[2013.07.05 22:52:51 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Cristian\Desktop\JRT.exe
[2013.07.04 20:40:04 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.04 20:38:26 | 001,373,373 | ---- | C] (Farbar) -- C:\Users\Cristian\Desktop\FRST(1).exe
[2013.07.04 20:34:57 | 001,373,373 | ---- | C] (Farbar) -- C:\Users\Cristian\Desktop\FRST.exe
[2013.07.04 18:32:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cristian\Desktop\OTL.exe
[2013.07.04 18:27:42 | 000,000,000 | ---D | C] -- C:\Users\Cristian\Desktop\Zip Opener_files
[2013.07.04 12:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.07.03 11:56:22 | 000,116,224 | ---- | C] (Webroot) -- C:\Windows\System32\drivers\BGqjhauF.sys
[2013.07.03 11:53:45 | 000,000,000 | ---D | C] -- C:\Users\Cristian\AppData\Roaming\0F0W0T1V0D0L0M
[2013.07.03 11:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2013.07.03 10:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.07.03 10:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.07.03 10:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.07.03 10:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.07.03 10:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.07.03 10:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.07.03 09:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.06.12 21:17:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.12 21:16:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.12 21:16:58 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.12 21:16:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.06.12 21:16:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.12 21:16:56 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.12 21:16:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.06.12 21:16:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.06.12 05:35:12 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013.06.12 05:35:09 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.12 05:35:08 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.12 05:35:03 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.12 05:35:03 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.12 05:34:55 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.07 14:06:11 | 000,002,547 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk
[2013.07.07 14:05:57 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.07 14:05:51 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.07 14:05:51 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.07 14:05:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.07 14:05:41 | 2011,721,728 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.07 13:54:10 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013.07.07 13:45:29 | 001,273,625 | ---- | M] () -- C:\Users\Cristian\Desktop\zoek.exe
[2013.07.07 12:57:13 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Cristian\Desktop\JRT.exe
[2013.07.07 12:54:21 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.07 12:22:19 | 000,001,384 | ---- | M] () -- C:\Users\Cristian\Desktop\E9StnB+T.htm
[2013.07.07 12:21:20 | 000,016,084 | ---- | M] () -- C:\Users\Cristian\Desktop\mfAK1VFG.htm
[2013.07.07 12:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.07 11:50:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1772254487-8582296-1865665106-1000UA.job
[2013.07.07 03:50:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1772254487-8582296-1865665106-1000Core.job
[2013.07.06 07:28:51 | 000,002,631 | ---- | M] () -- C:\Users\Cristian\Desktop\Microsoft Office Word 2007.lnk
[2013.07.06 07:16:33 | 000,406,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Cristian\Desktop\sc-cleaner.exe
[2013.07.06 07:15:36 | 000,139,264 | ---- | M] () -- C:\Users\Cristian\Desktop\SystemLook.exe
[2013.07.06 07:12:56 | 000,016,999 | ---- | M] () -- C:\Users\Cristian\Desktop\Ub+l61tG.htm
[2013.07.06 07:11:05 | 000,016,999 | ---- | M] () -- C:\Users\Cristian\Desktop\nv4E1sFb.htm
[2013.07.05 23:00:13 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.07.05 22:35:07 | 000,650,027 | ---- | M] () -- C:\Users\Cristian\Desktop\adwcleaner.exe
[2013.07.04 20:38:45 | 001,373,373 | ---- | M] (Farbar) -- C:\Users\Cristian\Desktop\FRST(1).exe
[2013.07.04 20:35:18 | 001,373,373 | ---- | M] (Farbar) -- C:\Users\Cristian\Desktop\FRST.exe
[2013.07.04 18:32:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cristian\Desktop\OTL.exe
[2013.07.04 18:31:28 | 000,000,000 | ---- | M] () -- C:\Users\Cristian\defogger_reenable
[2013.07.04 18:30:09 | 000,000,862 | ---- | M] () -- C:\Users\Cristian\Desktop\Defogger.exe - Verknüpfung.lnk
[2013.07.04 18:29:36 | 000,050,477 | ---- | M] () -- C:\Users\Cristian\Desktop\Defogger.exe
[2013.07.04 18:27:42 | 000,016,678 | ---- | M] () -- C:\Users\Cristian\Desktop\Zip Opener.htm
[2013.07.04 17:51:17 | 000,002,059 | ---- | M] () -- C:\Users\Cristian\Desktop\Google Chrome.lnk
[2013.07.04 17:44:26 | 000,000,623 | ---- | M] () -- C:\Windows\Support.ini
[2013.07.04 16:10:00 | 000,001,726 | ---- | M] () -- C:\Users\Cristian\Desktop\Mozilla Firefox.lnk
[2013.07.03 11:56:37 | 000,002,063 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
[2013.07.03 11:56:23 | 000,116,224 | ---- | M] (Webroot) -- C:\Windows\System32\drivers\BGqjhauF.sys
[2013.07.03 11:56:19 | 000,002,063 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
[2013.07.03 10:53:30 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.07.03 10:39:52 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.06.30 07:36:52 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.30 07:36:52 | 000,604,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.30 07:36:52 | 000,130,700 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.30 07:36:52 | 000,107,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.11 22:02:28 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.11 22:02:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.07 14:05:35 | 2011,721,728 | -HS- | C] () -- C:\hiberfil.sys
[2013.07.07 13:58:16 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013.07.07 13:45:24 | 001,273,625 | ---- | C] () -- C:\Users\Cristian\Desktop\zoek.exe
[2013.07.07 12:22:19 | 000,001,384 | ---- | C] () -- C:\Users\Cristian\Desktop\E9StnB+T.htm
[2013.07.07 12:21:18 | 000,016,084 | ---- | C] () -- C:\Users\Cristian\Desktop\mfAK1VFG.htm
[2013.07.06 07:14:53 | 000,139,264 | ---- | C] () -- C:\Users\Cristian\Desktop\SystemLook.exe
[2013.07.06 07:12:56 | 000,016,999 | ---- | C] () -- C:\Users\Cristian\Desktop\Ub+l61tG.htm
[2013.07.06 07:11:03 | 000,016,999 | ---- | C] () -- C:\Users\Cristian\Desktop\nv4E1sFb.htm
[2013.07.05 22:34:54 | 000,650,027 | ---- | C] () -- C:\Users\Cristian\Desktop\adwcleaner.exe
[2013.07.04 21:41:48 | 000,002,319 | ---- | C] () -- C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.07.04 18:31:28 | 000,000,000 | ---- | C] () -- C:\Users\Cristian\defogger_reenable
[2013.07.04 18:30:09 | 000,000,862 | ---- | C] () -- C:\Users\Cristian\Desktop\Defogger.exe - Verknüpfung.lnk
[2013.07.04 18:29:35 | 000,050,477 | ---- | C] () -- C:\Users\Cristian\Desktop\Defogger.exe
[2013.07.04 18:27:41 | 000,016,678 | ---- | C] () -- C:\Users\Cristian\Desktop\Zip Opener.htm
[2013.07.03 11:56:37 | 000,002,063 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
[2013.07.03 11:56:19 | 000,002,063 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
[2013.07.03 10:53:30 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.07.03 10:39:52 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.09.30 13:03:15 | 000,186,348 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.09.21 14:20:40 | 000,000,043 | ---- | C] () -- C:\Windows\FAStdCompany.INI
[2011.08.05 11:04:25 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.12.16 18:09:52 | 000,000,096 | ---- | C] () -- C:\Users\Cristian\AppData\Local\fusioncache.dat
[2009.06.06 20:44:45 | 000,250,820 | ---- | C] () -- C:\Users\Cristian\AppData\Roaming\UserTile.png
[2009.01.31 15:01:52 | 000,002,092 | ---- | C] () -- C:\Users\Cristian\AppData\Roaming\wklnhst.dat
[2008.01.22 14:33:01 | 000,018,944 | ---- | C] () -- C:\Users\Cristian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %SystemRoot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013.07.03 09:00:48 | 000,869,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013.07.03 09:00:48 | 000,869,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.07.03 09:00:48 | 000,869,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013.07.03 09:01:29 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013.07.03 09:01:29 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Cristian\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013.06.15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Cristian\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013.06.15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Cristian\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013.06.15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011.08.05 11:03:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011.08.05 11:03:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011.08.05 11:03:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013.05.17 01:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013.07.03 09:00:48 | 000,869,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013.07.03 09:00:48 | 000,869,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.07.03 09:00:48 | 000,869,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013.07.03 09:01:29 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013.07.03 09:01:29 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Cristian\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013.06.15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Cristian\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013.06.15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Cristian\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013.06.15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011.08.05 11:03:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011.08.05 11:03:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011.08.05 11:03:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013.05.17 01:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation)
 
<           >

< End of report >

Die-Dora · 07.07.2013, 13:42

Diese Datei ging nimmer rein, deswegen hier:

Code:

ATTFilter

OTL Extras logfile created on: 07.07.2013 14:08:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cristian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 60,47% Memory free
3,98 Gb Paging File | 3,26 Gb Available in Paging File | 81,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,75 Gb Total Space | 53,08 Gb Free Space | 37,45% Space Free | Partition Type: NTFS
Drive D: | 7,30 Gb Total Space | 0,67 Gb Free Space | 9,23% Space Free | Partition Type: NTFS
Drive K: | 465,65 Gb Total Space | 189,91 Gb Free Space | 40,78% Space Free | Partition Type: FAT32
 
Computer Name: HOMEPC | User Name: Cristian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- 
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- 
htmlfile [opennew] -- 
http [open] -- 
https [open] -- 
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"UacDisableNotify" = 0
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AACB3A9-F95C-431C-8F50-D6D597936F89}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0E00FC8A-8058-4AE2-88CE-C8DDE566344E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{29C37D2F-94A5-4445-BEB9-AE3319C23FFE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2A90C44F-2DF3-4A48-8A34-C66B1F92BF1C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2E7A5089-169E-4F18-9649-1E28AD023605}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{410EC182-9527-47AB-B89B-04A1902D9D12}" = rport=139 | protocol=6 | dir=out | app=system | 
"{47E8C368-DFC5-4C4F-A322-4393768CE84A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BA9280E-3EF1-4713-9735-557E13488D0F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{61FA1CA7-65E3-44E7-97A6-99CE3D607735}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6695C78E-7588-4DE1-9163-1700AA651AA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{83FA92CF-17E8-48B1-BC3D-EC069F844464}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8593E985-1C11-4D87-A28E-BEEE416CCF3D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9FCD4C86-5CD2-4DCF-9C1A-6213053DDD4A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C91B999E-F47A-4062-A054-9F07591B7D9A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CB171B91-6D0F-410A-B08F-4683C74B0890}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D9CC4988-F813-4133-8F6A-CEE5D9760EB6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E360C677-DAF3-45FA-8AB0-73DFD56AD360}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F3A9F63B-6F66-477D-859C-7E224A0FB957}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{213AF506-E8BB-4ADF-9267-13164C4171ED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{24526F87-C3BD-463F-AA53-FABFF629D06B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{27B6C1B0-62EB-430A-A4B9-60AD35F1EBED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{459B7B44-C8BD-4500-BF05-F5549253B3C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{50875C96-5080-42C7-9399-0F86E0D440A8}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{557E6B45-DB76-4AF5-821C-B70D6C6B0C7E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{59A5ABAB-82BE-4614-9FFB-B5B99A622898}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7C02BB23-1416-4342-AB0F-A8EA71F4E587}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7E2FE075-B3A2-402E-964A-F9CE59B4998B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{88187734-0E06-49D5-BA76-4167E4D83D48}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A072C2BF-FF05-488F-AB7C-963EC8C59E5F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AD13D07F-AD4C-47BF-943D-F3E1FCD30FEE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CA16BD18-6028-4420-92EE-A602A8390BD3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{D8374D6E-AE38-4366-8343-6D27BC6FD92E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F6CF440E-EE47-419E-AD9E-FBEB83AA29A8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{3B449E69-D81F-4BEB-B633-B2FCBC0E2E6E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{3BCE5952-69D7-451E-8A47-025B937822AB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{392E53F3-3D6C-4C9F-8EFE-BFBA0F9F4927}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{AD51B541-CCBE-477C-857A-21200FB340D7}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A739C33D-DDAB-418C-8D9A-6C504725ECE3}" = Snap.Do
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AD6E0AE0-DADF-480E-82AE-4CDA6035D341}" = Evoluent Mouse Manager
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe  1.8.15.1
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus
"{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2CB21A2-FD45-4353-888B-FFD071270F35}" = 6300
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF748561-FFFE-11D3-A06B-00E02939A7B1}" = dakota.ag
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo_DE Toolbar" = Ashampoo DE Toolbar
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FormatFactory" = FormatFactory 2.70
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Picasa 3" = Picasa 3
"Plus-HD-2.3" = Plus-HD-2.3
"Shockwave" = Shockwave
"Sigel Event Label Software" = Sigel Event Label Software
"Teledat Konf" = Teledat Konfigurationsprogramm
"VLC media player" = VLC media player 1.1.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3511a307-7c4a-43da-9555-f5c8b8032b3b}" = Snap.Do Engine
"Google Chrome" = Google Chrome
"Picasa Packages" = Picasa Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.07.2013 07:48:43 | Computer Name = Homepc | Source = EventSystem | ID = 4609
Description = 
 
Error - 07.07.2013 08:06:20 | Computer Name = Homepc | Source = ESENT | ID = 419
Description = Windows (2844) Windows: Seite 259 der Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
 konnte nicht gelesen werden. Fehler -1018.
 
Error - 07.07.2013 08:06:20 | Computer Name = Homepc | Source = ESENT | ID = 454
Description = Windows (2844) Windows: Bei Datenbankwiederherstellung trat ein unerwarteter
 Fehler -1018 auf.
 
Error - 07.07.2013 08:06:20 | Computer Name = Homepc | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 07.07.2013 08:06:20 | Computer Name = Homepc | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 07.07.2013 08:06:20 | Computer Name = Homepc | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 07.07.2013 08:06:20 | Computer Name = Homepc | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 07.07.2013 08:06:21 | Computer Name = Homepc | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 07.07.2013 08:06:21 | Computer Name = Homepc | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 07.07.2013 08:06:21 | Computer Name = Homepc | Source = Windows Search Service | ID = 3058
Description = 
 
[ OSession Events ]
Error - 29.06.2013 15:01:20 | Computer Name = Homepc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 522231
 seconds with 4980 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.07.2013 07:56:29 | Computer Name = Homepc | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 07.07.2013 07:56:29 | Computer Name = Homepc | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 07.07.2013 08:07:18 | Computer Name = Homepc | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.07.2013 08:07:18 | Computer Name = Homepc | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 07.07.2013 08:07:40 | Computer Name = Homepc | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 07.07.2013 08:07:40 | Computer Name = Homepc | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 07.07.2013 08:07:40 | Computer Name = Homepc | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.07.2013 08:07:42 | Computer Name = Homepc | Source = DCOM | ID = 10005
Description = 
 
Error - 07.07.2013 08:07:43 | Computer Name = Homepc | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 07.07.2013 08:07:43 | Computer Name = Homepc | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Soweit zufrieden???

LG Die-Dora

M-K-D-B · 08.07.2013, 14:37

Servus,

sieht schon viel besser aus.

Wir entfernen die letzten Reste und kontrollieren nochmal alles. Der Scan mit ESET kann länger dauern.

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cristian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

:files
C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\extensions\{d6aa6825-ff9d-4b33-9140-5dab33fa53d4}

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A739C33D-DDAB-418C-8D9A-6C504725ECE3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo_DE Toolbar]
[HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3511a307-7c4a-43da-9555-f5c8b8032b3b}]
[-HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\desk365.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E8D16DD-92D2-4462-B46E-C748629CDA3B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser]
[-HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\iLividSetupV1.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r575-n-bi.exe]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3]
[-HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F99357F-44AE-4851-983E-AB8D015B2C5D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA35A0A9-2913-449B-8736-83FB17D633A3}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28a684c1-3570-4916-a7d1-9dc7e259a1f0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37089f2f-81b2-419f-b403-b86c1ee7e28a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7a443610-afc0-42c2-a352-66b4ed3bad91}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{baa2b3e2-d603-4576-aa9d-1c1888d5a789}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1ec187f-aee7-4fd4-a7e2-fa6724f69fe8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-chromeinstaller]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-codedownloader]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-enabler]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-firefoxinstaller]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-updater]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HD-2.3]

:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade dir HitmanPro (32 Bit) auf deinen Desktop.

Starte die HitmanPro.exe.
Klicke auf Weiter.
Akzeptiere die Lizenzbedinungen und klicke auf Weiter.
Wähle Nein, ich möchte nur einen Einmalscan zur Überprüfung dieses Computers ausführen aus und klicke auf Weiter.
Lass am Ende des Suchlaufs alle auftretende Funde entfernen und klicke auf Weiter.
Wähle im nächsten Fenster Logdatei speichern und speichere die Logdatei auf deinem Desktop.
Schließe HitmanPro.
Poste die HitmanPro_<Datum_Uhrzeit>.txt mit deiner nächsten Antwort.

Schritt 5
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von HitmanPro,
die Logdatei von SecurityCheck.

Die-Dora · 09.07.2013, 05:56

Guten Morgen Matthias,

stell Dir vor, heute NUR gute Nachrichten!! Das erste Mal hat alles supi geklappt!! Schau mal selbst *ganzstolzaufmichbin*...

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
========== FILES ==========
File\Folder C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\extensions\{d6aa6825-ff9d-4b33-9140-5dab33fa53d4} not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A739C33D-DDAB-418C-8D9A-6C504725ECE3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A739C33D-DDAB-418C-8D9A-6C504725ECE3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo_DE Toolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\desk365.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E8D16DD-92D2-4462-B46E-C748629CDA3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8D16DD-92D2-4462-B46E-C748629CDA3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\iLividSetupV1.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r575-n-bi.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-2.3\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1772254487-8582296-1865665106-1000\Software\AppDataLow\Software\Plus-HD-2.3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F99357F-44AE-4851-983E-AB8D015B2C5D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F99357F-44AE-4851-983E-AB8D015B2C5D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA35A0A9-2913-449B-8736-83FB17D633A3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA35A0A9-2913-449B-8736-83FB17D633A3}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28a684c1-3570-4916-a7d1-9dc7e259a1f0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28a684c1-3570-4916-a7d1-9dc7e259a1f0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37089f2f-81b2-419f-b403-b86c1ee7e28a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37089f2f-81b2-419f-b403-b86c1ee7e28a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7a443610-afc0-42c2-a352-66b4ed3bad91}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a443610-afc0-42c2-a352-66b4ed3bad91}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{baa2b3e2-d603-4576-aa9d-1c1888d5a789}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{baa2b3e2-d603-4576-aa9d-1c1888d5a789}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1ec187f-aee7-4fd4-a7e2-fa6724f69fe8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1ec187f-aee7-4fd4-a7e2-fa6724f69fe8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-chromeinstaller\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-codedownloader\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-enabler\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-firefoxinstaller\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-updater\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HD-2.3\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Cristian
->Temp folder emptied: 154576 bytes
->Temporary Internet Files folder emptied: 16047056 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87991598 bytes
->Google Chrome cache emptied: 6882878 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1972534 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1461361 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 809658 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 110,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07082013_192459

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.08.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Cristian :: HOMEPC [Administrator]

Schutz: Aktiviert

08.07.2013 20:20:33
mbam-log-2013-07-08 (20-20-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217969
Laufzeit: 5 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=19c8eb468f12f64aa3335a55cd224469
# engine=14322
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-09 01:40:53
# local_time=2013-07-09 03:40:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 93600 210866781 0 0
# scanned=177689
# found=0
# cleaned=0
# scan_time=25695

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : HOMEPC
   Windows . . . . . . . : 6.0.2.6002.X86/1
   User name . . . . . . : Homepc\Cristian
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-07-09 06:34:26
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 7s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1432

   Objects scanned . . . : 2.206.182
   Files scanned . . . . : 27.784
   Remnants scanned  . . : 495.714 files / 1.682.684 keys

Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-1772254487-8582296-1865665106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},\ (SearchQU)

Cookies _____________________________________________________________________

   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.123-template.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adnet.de
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adserver01.de
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.de
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.lokalisten.de
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.movad.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.brandwire.tv
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.foodbuzz.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.immobilienscout24.de
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.yopi.de
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:autoscout24.112.2o7.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:beiersdorf.122.2o7.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:deutschepostag.112.2o7.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:guj.122.2o7.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:philips.112.2o7.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.crsend.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:weboramapublishertrackinguk2.solution.weborama.fr
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Cookies\10DBTLO6.txt
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:112.2o7.net
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:2o7.net
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:ad.payclick.it
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:ad.zanox.com
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:autoscout24.112.2o7.net
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:beiersdorf.122.2o7.net
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:de.sitestat.com
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:deutschepostag.112.2o7.net
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:doubleclick.net
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:guj.122.2o7.net
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:in.getclicky.com
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:invitemedia.com
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:lokalportal24de.112.2o7.net
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:paypal.112.2o7.net
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:philips.112.2o7.net
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:serving-sys.com
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:stat.dealtime.com
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:statcounter.com
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:stats.paypal.com
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:superrtl.122.2o7.net
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:www.etracker.de
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:www.xxxlmoebelhaeuser.de
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:xiti.com
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:xxxlmoebelhaeuser.de
   C:\Users\Cristian\AppData\Roaming\Mozilla\Firefox\Profiles\vl92fdku.default\cookies.sqlite:yadro.ru

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.68  
 Windows Vista Service Pack 2 x86 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 26  
 Java(TM) SE Runtime Environment 6 Update 1 
 Java version out of Date! 
 Adobe Flash Player 	11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (22.0) 
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Windows Defender MSASCui.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````