GVU Trojaner - Abgesicherter Modus fährt alleine runter

Chloec · 30.08.2013, 14:25

Hallo, folgendes Problem.
Ich habe einen ASUS Laptop (gut 2 Jahre alt) auf dem Windows 7 ist.
Der Laptop wird von mir und meinen Mitbewohnern benutzt und heute wollte ich ihn benutzen und durfte festellen, dass der GVU Trojaner drauf ist.
Sprich, wenn ich ihn im abgesicherten Modus hochfahre, egal welchem, fährt er selber wieder runter, dann wieder hoch und zeigt mir dann den bekannten Screen an wo ich von 'der polizei' aufgefordert werde da und da Geld hin zu überweisen.
Ich bitte nun um Hilfe da ich nicht weiß, was ich machen soll. Da es mein Laptop ist, sind mir da auch viele wichtige Daten drauf, sodass ich den Laptop ungerne ganz löschen würde o.ä. fals ich eine Boot CD oder ähnliches erstellen solle, wäre das möglich, da ich den Laptop meiner Eltern momentan zur Verfügung habe.
Vielen Dank im Voraus, Chloec.

Aneri · 30.08.2013, 14:38

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Chloec · 30.08.2013, 14:54

hallo vielen dank für die schnelle antwort, leider funktioniert das nicht ganz, ich habe nachgeguckt und mein USB STICK heißt (X

als ich dann X:\frst.exe eingegeben habe kam: 'X:\frst.exe ' is not recognized as an internal ox external command, operable program or batch file.
bei dem 64 kommt das selbe. nirgendwo etwas wo ich yes drücken kann

lg

Aneri · 30.08.2013, 14:55

nein die recovery umgebung ist normal x

Wenn du im Notepad bist geh auf speicher unter und schau dann bitte nochmal nach ...

Chloec · 30.08.2013, 14:59

achso

mensch jetzt hab ich und er scant fleißig ich füge das dann gleich in diesen code tags ein !

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by SYSTEM on 30-08-2013 15:57:33
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1736704 2009-12-24] ()
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-11-12] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7109248 2010-01-13] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [DivX Download Manager] - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKU\Marie Tretow\...\Run: [Facebook Update] - C:\Users\Marie Tretow\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-26] (Facebook Inc.)
HKU\Marie Tretow\...\Run: [Personal ID] - C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE [1132984 2012-09-12] (coolspot AG, Düsseldorf)
HKU\Marie Tretow\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1811880 2013-08-28] (Valve Corporation)
HKU\Marie Tretow\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARIET~1\AppData\Local\Temp\piymqepfxejmfcrkm.exe [79360 2013-08-30] (Valve Corporation) <===== ATTENTION
HKU\Marie Tretow\...\Winlogon: [Shell] cmd.exe [344576 2009-07-13] (Microsoft Corporation) <==== ATTENTION 
HKU\Marie Tretow\...\Command Processor: "C:\Users\MARIET~1\AppData\Local\Temp\piymqepfxejmfcrkm.exe" <===== ATTENTION!
AppInit_DLLs:   C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Services (Whitelisted) =================

S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2011-02-21] ()
S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-05-26] ()
S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-08-23] (Taiwan Shui Mu Chih Ching Technology Limited.)
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [303680 2013-08-21] (Wsys Co., Ltd.)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-07-14] ()
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-07-14] ()
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
S3 tmlwf; 
S3 tmwfp; 
S3 vvftav; system32\drivers\vvftav.sys [x]
S3 ZSMC0305; System32\Drivers\usbVM305.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-30 03:06 - 2013-08-30 03:06 - 01084776 _____ C:\ProgramData\2433f433
2013-08-30 03:06 - 2013-08-30 03:06 - 01084762 _____ C:\Users\Marie Tretow\AppData\Local\2433f433
2013-08-30 03:06 - 2013-08-30 03:06 - 01084713 _____ C:\Users\Marie Tretow\AppData\Roaming\2433f433
2013-08-27 08:29 - 2013-08-27 08:29 - 00000000 ____D C:\Windows\System32\SPReview
2013-08-25 11:14 - 2013-08-25 11:14 - 00014149 _____ C:\Users\Marie Tretow\Desktop\tabelle.odt
2013-08-25 10:21 - 2013-08-27 08:20 - 00029215 _____ C:\Users\Marie Tretow\Desktop\literarische erörterung.odt
2013-08-23 05:18 - 2013-08-23 05:18 - 00000000 ____D C:\User Data
2013-08-23 05:16 - 2013-08-30 03:24 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-23 05:16 - 2013-08-23 05:16 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\WinZipper
2013-08-20 09:40 - 2013-08-20 09:40 - 00001291 _____ C:\Users\Public\Desktop\Darkness Within 2.lnk
2013-08-20 09:28 - 2013-08-20 09:28 - 00000000 ____D C:\Program Files (x86)\Iceberg Interactive
2013-08-17 05:04 - 2013-08-17 05:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-13 22:18 - 2013-08-13 22:20 - 00000000 ____D C:\Windows\System32\MRT
2013-08-10 01:34 - 2013-08-10 01:34 - 00000000 ____D C:\Users\Marie Tretow\Documents\Harry Potter und der Gefangene von Askaban
2013-08-10 01:33 - 2013-08-10 01:33 - 00002460 _____ C:\Users\Public\Desktop\Harry Potter und der Gefangene von Askaban(TM).lnk
2013-08-08 12:00 - 2013-08-17 09:38 - 00828671 ____N C:\Users\Marie Tretow\AppData\Local\Tempmusic.ogg
2013-08-06 11:16 - 2013-08-17 09:56 - 00013302 _____ C:\Users\Marie Tretow\Desktop\50.odt
2013-08-03 10:38 - 2013-08-03 10:38 - 00000000 ____D C:\ProgramData\Intel
2013-08-03 10:18 - 2013-08-25 21:08 - 00000000 ____D C:\users\UpdatusUser.Bitch
2013-08-03 10:18 - 2013-08-03 10:18 - 00000020 ___SH C:\Users\UpdatusUser.Bitch\ntuser.ini
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Startmenü
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Lokale Einstellungen
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Eigene Dateien
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Documents\Eigene Musik
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Documents\Eigene Bilder
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\AppData\Local\Verlauf
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\AppData\Local\Anwendungsdaten
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Anwendungsdaten
2013-08-03 10:18 - 2013-03-12 22:21 - 00000000 ____D C:\Users\UpdatusUser.Bitch\AppData\Local\Microsoft Help
2013-08-03 10:18 - 2010-08-21 11:47 - 00000000 ____D C:\Users\UpdatusUser.Bitch\AppData\Local\Power2Go
2013-08-03 10:18 - 2010-04-09 10:15 - 00001188 _____ C:\Users\UpdatusUser.Bitch\Desktop\ASUS Video Magic.lnk
2013-08-03 01:23 - 2013-08-03 02:05 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-08-03 01:22 - 2013-08-03 01:24 - 00000000 ____D C:\Users\Marie Tretow\Documents\Freemake
2013-08-01 13:04 - 2013-08-27 07:02 - 00000000 ____D C:\ProgramData\eSafe
2013-08-01 13:03 - 2013-08-20 10:04 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-08-01 13:03 - 2013-08-01 13:04 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\eIntaller
2013-08-01 11:37 - 2013-08-01 11:37 - 00000000 ____D C:\Users\Marie Tretow\Documents\My Games
2013-08-01 11:33 - 2013-08-01 11:33 - 00000220 _____ C:\Users\Marie Tretow\Desktop\BioShock Infinite.url
2013-08-01 10:43 - 2013-08-30 02:29 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-01 10:43 - 2013-08-01 10:43 - 00000919 _____ C:\Users\Public\Desktop\Steam.lnk

==================== One Month Modified Files and Folders =======

2013-08-30 04:32 - 2011-09-15 07:46 - 00000340 _____ C:\Windows\Tasks\GlaryInitialize.job
2013-08-30 04:32 - 2010-04-09 10:28 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-30 04:31 - 2011-07-28 10:56 - 00254349 _____ C:\Windows\setupact.log
2013-08-30 04:31 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 03:24 - 2013-08-23 05:16 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-30 03:09 - 2010-04-09 11:07 - 00002690 _____ C:\Windows\System32\AutoRunFilter.ini
2013-08-30 03:06 - 2013-08-30 03:06 - 01084776 _____ C:\ProgramData\2433f433
2013-08-30 03:06 - 2013-08-30 03:06 - 01084762 _____ C:\Users\Marie Tretow\AppData\Local\2433f433
2013-08-30 03:06 - 2013-08-30 03:06 - 01084713 _____ C:\Users\Marie Tretow\AppData\Roaming\2433f433
2013-08-30 02:52 - 2010-04-09 10:28 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-30 02:38 - 2009-07-13 20:45 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 02:38 - 2009-07-13 20:45 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-30 02:34 - 2010-04-09 09:48 - 01242510 _____ C:\Windows\WindowsUpdate.log
2013-08-30 02:29 - 2013-08-01 10:43 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-29 23:11 - 2012-06-20 23:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 06:46 - 2012-04-20 10:08 - 00000956 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-316489635-83786355-3822328436-1001UA.job
2013-08-27 08:29 - 2013-08-27 08:29 - 00000000 ____D C:\Windows\System32\SPReview
2013-08-27 08:20 - 2013-08-25 10:21 - 00029215 _____ C:\Users\Marie Tretow\Desktop\literarische erörterung.odt
2013-08-27 07:02 - 2013-08-01 13:04 - 00000000 ____D C:\ProgramData\eSafe
2013-08-26 08:13 - 2009-08-04 01:51 - 00654400 _____ C:\Windows\System32\perfh007.dat
2013-08-26 08:13 - 2009-08-04 01:51 - 00130240 _____ C:\Windows\System32\perfc007.dat
2013-08-26 08:13 - 2009-07-13 21:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-26 07:57 - 2013-06-16 09:18 - 00049152 ____H C:\Users\Marie Tretow\Desktop\photothumb.db
2013-08-25 21:08 - 2013-08-03 10:18 - 00000000 ____D C:\users\UpdatusUser.Bitch
2013-08-25 12:33 - 2012-10-15 06:41 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Bioshock2
2013-08-25 11:14 - 2013-08-25 11:14 - 00014149 _____ C:\Users\Marie Tretow\Desktop\tabelle.odt
2013-08-25 02:35 - 2011-12-01 10:48 - 00628910 _____ C:\Windows\DirectX.log
2013-08-23 10:02 - 2010-04-09 11:07 - 00002071 _____ C:\Windows\System32\ServiceFilter.ini
2013-08-23 05:18 - 2013-08-23 05:18 - 00000000 ____D C:\User Data
2013-08-23 05:16 - 2013-08-23 05:16 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\WinZipper
2013-08-23 05:16 - 2011-06-10 16:58 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-08-23 05:16 - 2011-06-10 16:58 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-08-21 11:11 - 2012-06-20 23:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 11:11 - 2012-06-20 23:52 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 11:11 - 2011-11-25 05:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 21:46 - 2012-04-20 10:08 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-316489635-83786355-3822328436-1001Core.job
2013-08-20 21:40 - 2011-08-10 12:01 - 00140490 _____ C:\Windows\PFRO.log
2013-08-20 10:10 - 2010-05-10 10:08 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Macromedia
2013-08-20 10:04 - 2013-08-01 13:03 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-08-20 09:40 - 2013-08-20 09:40 - 00001291 _____ C:\Users\Public\Desktop\Darkness Within 2.lnk
2013-08-20 09:28 - 2013-08-20 09:28 - 00000000 ____D C:\Program Files (x86)\Iceberg Interactive
2013-08-17 09:56 - 2013-08-06 11:16 - 00013302 _____ C:\Users\Marie Tretow\Desktop\50.odt
2013-08-17 09:38 - 2013-08-08 12:00 - 00828671 ____N C:\Users\Marie Tretow\AppData\Local\Tempmusic.ogg
2013-08-17 07:19 - 2012-04-27 06:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 05:04 - 2013-08-17 05:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 03:48 - 2009-07-13 21:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-13 22:20 - 2013-08-13 22:18 - 00000000 ____D C:\Windows\System32\MRT
2013-08-13 22:18 - 2011-07-31 00:29 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-10 01:34 - 2013-08-10 01:34 - 00000000 ____D C:\Users\Marie Tretow\Documents\Harry Potter und der Gefangene von Askaban
2013-08-10 01:33 - 2013-08-10 01:33 - 00002460 _____ C:\Users\Public\Desktop\Harry Potter und der Gefangene von Askaban(TM).lnk
2013-08-10 01:29 - 2011-06-05 02:11 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2013-08-05 06:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-03 10:38 - 2013-08-03 10:38 - 00000000 ____D C:\ProgramData\Intel
2013-08-03 10:37 - 2010-04-09 11:02 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-08-03 10:37 - 2010-04-09 11:02 - 00000000 ____D C:\Windows\System32\NV
2013-08-03 10:34 - 2010-04-09 10:58 - 00000000 ____D C:\Program Files (x86)\Intel
2013-08-03 10:19 - 2010-04-09 11:02 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-03 10:18 - 2013-08-03 10:18 - 00000020 ___SH C:\Users\UpdatusUser.Bitch\ntuser.ini
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Startmenü
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Lokale Einstellungen
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Eigene Dateien
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Documents\Eigene Musik
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Documents\Eigene Bilder
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\AppData\Local\Verlauf
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\AppData\Local\Anwendungsdaten
2013-08-03 10:18 - 2013-08-03 10:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Anwendungsdaten
2013-08-03 10:18 - 2011-11-05 04:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-03 10:18 - 2010-07-27 11:58 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-03 02:05 - 2013-08-03 01:23 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-08-03 02:05 - 2011-06-07 06:16 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2013-08-03 02:05 - 2010-04-09 10:11 - 00000000 ____D C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2013-08-03 01:24 - 2013-08-03 01:22 - 00000000 ____D C:\Users\Marie Tretow\Documents\Freemake
2013-08-03 01:24 - 2011-06-05 03:05 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\TuneUp Software
2013-08-03 01:24 - 2011-06-05 02:57 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-08-03 01:23 - 2013-04-06 11:50 - 00000000 ____D C:\ProgramData\Freemake
2013-08-03 01:22 - 2013-04-06 11:50 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-08-03 01:21 - 2012-04-05 11:32 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\OpenCandy
2013-08-01 21:36 - 2009-07-13 20:45 - 00521096 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-01 13:05 - 2010-05-10 08:09 - 00130088 _____ C:\Users\Marie Tretow\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-01 13:04 - 2013-08-01 13:03 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\eIntaller
2013-08-01 11:37 - 2013-08-01 11:37 - 00000000 ____D C:\Users\Marie Tretow\Documents\My Games
2013-08-01 11:33 - 2013-08-01 11:33 - 00000220 _____ C:\Users\Marie Tretow\Desktop\BioShock Infinite.url
2013-08-01 10:43 - 2013-08-01 10:43 - 00000919 _____ C:\Users\Public\Desktop\Steam.lnk
2013-08-01 10:43 - 2010-05-10 08:09 - 00000000 ____D C:\users\Marie Tretow

Files to move or delete:
====================
C:\Users\MARIET~1\AppData\Local\Temp\piymqepfxejmfcrkm.exe
C:\ProgramData\jfofiw.pad
C:\ProgramData\wifofj.dat
C:\Users\Marie Tretow\AppData\Local\Temp\piymqepfxejmfcrkm.exe
C:\Users\Marie Tretow\AppData\Local\Temp\eIntaller\82D4D3941A72410eB6BE09C237E29246\eXQ.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-27 08:29:45

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 3885.54 MB
Available physical RAM: 3305.59 MB
Total Pagefile: 3883.68 MB
Available Pagefile: 3300.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:14.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:332.72 GB) (Free:314.93 GB) NTFS
Drive e: (BioShock Infinite Disc 3) (CDROM) (Total:0.75 GB) (Free:0 GB) UDF
Drive f: (KINGSTON) (Removable) (Total:0.47 GB) (Free:0.46 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=17 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=333 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 477 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=477 MB) - (Type=0E)


LastRegBack: 2013-08-29 11:50

==================== End Of Log ============================

--- --- ---

--- --- ---

Aneri · 30.08.2013, 15:04

so dann wollen wir mal , da mit den Code Tags hat wunderbar geklappt...

Schritt 1:

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Marie Tretow\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARIET~1\AppData\Local\Temp\piymqepfxejmfcrkm.exe [79360 2013-08-30] (Valve Corporation) <===== ATTENTION
HKU\Marie Tretow\...\Winlogon: [Shell] cmd.exe [344576 2009-07-13] (Microsoft Corporation) <==== ATTENTION 
HKU\Marie Tretow\...\Command Processor: "C:\Users\MARIET~1\AppData\Local\Temp\piymqepfxejmfcrkm.exe" <===== ATTENTION!
C:\Users\MARIET~1\AppData\Local\Temp\piymqepfxejmfcrkm.exe
C:\Users\MARIET~1\AppData\Local\Temp\piymqepfxejmfcrkm.dll
C:\ProgramData\2433f433
C:\Users\Marie Tretow\AppData\Local\2433f433
C:\Users\Marie Tretow\AppData\Roaming\2433f433

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Schritt 2: WINDOWS Normal neu starten für diesen Schritt

Teile mit mit ob dein System wieder normal startet. Wenn ja erstelle ein neues Frst Logfile.
Bitte kopiere dazu zuerst die FRST.exe auf deinen Desktop.

Chloec · 30.08.2013, 15:08

mit erneut starten meinst du wieder f:/frst.exe (oder das mit 64) eingeben, oder ?

Aneri · 30.08.2013, 15:16

nachdem du den Die Datei erstellt hast speicherst du sie auf deinem gesunden rechner auf den usb in das Verzeichnis indem deine FRST.exe liegt. Dann gehe zum infizierten rechner, und starte wieder in der Recovery Console ( wie als du das Logfile erstellt hast) nur diesesmal drückst du nicht scan sonder fix... es wird eine Datei erstellt die ebenfalls auf dem USB stick liegt.

Sobald der Fix erfolgreich war starte den infizierten REchner wieder neu. Er sollte jetzt ganz normal Windows starten, wie als ob nix war. wenn das klappt bitte die FRST.exe von Stick auf deinen Desktop speichern und dort ausführen. Das neue logfile von FRST liegt dann auf deinem Desktop. Bitte poste mir dass dann auch hier , zusammen mit dem Fixlog vom USB Stick

Chloec · 30.08.2013, 15:22

pc ist wie gewöhnlich gestartet.
- habe auch die frst64 datei ausgeführt soll ich jetzt wieder scan oder fix drücken?

Aneri · 30.08.2013, 15:23

Scan bitte

Chloec · 30.08.2013, 15:29

hier der fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-08-2013
Ran by SYSTEM at 2013-08-30 16:17:10 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Marie Tretow\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARIET~1\AppData\Local\Temp\piymqepfxejmfcrkm.exe [79360 2013-08-30] (Valve Corporation) <===== ATTENTION
HKU\Marie Tretow\...\Winlogon: [Shell] cmd.exe [344576 2009-07-13] (Microsoft Corporation) <==== ATTENTION 
HKU\Marie Tretow\...\Command Processor: "C:\Users\MARIET~1\AppData\Local\Temp\piymqepfxejmfcrkm.exe" <===== ATTENTION!
C:\Users\MARIET~1\AppData\Local\Temp\piymqepfxejmfcrkm.exe
C:\Users\MARIET~1\AppData\Local\Temp\piymqepfxejmfcrkm.dll
C:\ProgramData\2433f433
C:\Users\Marie Tretow\AppData\Local\2433f433
C:\Users\Marie Tretow\AppData\Roaming\2433f433
*****************

HKU\Marie Tretow\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Marie Tretow\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Marie Tretow\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\MARIET~1\AppData\Local\Temp\piymqepfxejmfcrkm.exe => Moved successfully.
"C:\Users\MARIET~1\AppData\Local\Temp\piymqepfxejmfcrkm.dll" => File/Directory not found.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Marie Tretow\AppData\Local\2433f433 => Moved successfully.
C:\Users\Marie Tretow\AppData\Roaming\2433f433 => Moved successfully.

==== End of Fixlog ====

und der frst aus meinem infizierten laptop

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Marie Tretow (administrator) on 30-08-2013 16:25:27
Running from C:\Users\Marie Tretow\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Wsys Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1736704 2009-12-24] ()
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKCU\...\Run: [Facebook Update] - C:\Users\Marie Tretow\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-27] (Facebook Inc.)
HKCU\...\Run: [Personal ID] - C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE [1132984 2012-09-12] (coolspot AG, Düsseldorf)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1811880 2013-08-28] (Valve Corporation)
MountPoints2: {440679f9-41d5-11e1-a7a0-485b393370d9} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe [50472 2009-04-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-11-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7109248 2010-01-13] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [DivX Download Manager] - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
AppInit_DLLs:   C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9500325AS_6VE653L7XXXX6VE653L7&ts=1377263882
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=334bcc85-0c81-4a39-975b-4f6e1ec0e875&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=334bcc85-0c81-4a39-975b-4f6e1ec0e875&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9500325AS_6VE653L7XXXX6VE653L7&ts=1377263882
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9500325AS_6VE653L7XXXX6VE653L7&ts=1377263882
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9500325AS_6VE653L7XXXX6VE653L7&ts=1377263882
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9500325AS_6VE653L7XXXX6VE653L7&ts=1377263882
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9500325AS_6VE653L7XXXX6VE653L7&ts=1377263882
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=ST9500325AS_6VE653L7XXXX6VE653L7&ts=1375391036
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=ST9500325AS_6VE653L7XXXX6VE653L7&ts=1375391036
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=334bcc85-0c81-4a39-975b-4f6e1ec0e875&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=334bcc85-0c81-4a39-975b-4f6e1ec0e875&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=40491A4BD6A6DA41&affID=121564&tsp=4963
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default
FF user.js: detected! => C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\user.js
FF Homepage: hxxp://www.gmx.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marie Tretow\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Conduit Engine  - C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\Extensions\engine@conduit.com
FF Extension: LavaFox V2 - C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\Extensions\info@djzig.com
FF Extension: DownloadHelper - C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: amznUWL2 - C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: plugin - C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\Extensions\plugin@yontoo.com.xpi
FF Extension: trtv3 - C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\Extensions\trtv3@trtv.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] C:\Users\Marie Tretow\AppData\Roaming\5064
FF Extension: Java String Helper - C:\Users\Marie Tretow\AppData\Roaming\5064
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9500325AS_6VE653L7XXXX6VE653L7&ts=1377263882

==================== Services (Whitelisted) =================

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2011-02-21] ()
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-05-27] ()
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-08-23] (Taiwan Shui Mu Chih Ching Technology Limited.)
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [303680 2013-08-22] (Wsys Co., Ltd.)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-07-14] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-07-14] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
U3 tmlwf; 
U3 tmwfp; 
S3 vvftav; system32\drivers\vvftav.sys [x]
S3 ZSMC0305; System32\Drivers\usbVM305.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-30 16:21 - 2013-08-30 15:46 - 01579080 _____ (Farbar) C:\Users\Marie Tretow\Desktop\FRST64.exe
2013-08-27 18:29 - 2013-08-27 18:29 - 00000000 ____D C:\Windows\system32\SPReview
2013-08-25 21:14 - 2013-08-25 21:14 - 00014149 _____ C:\Users\Marie Tretow\Desktop\tabelle.odt
2013-08-25 20:21 - 2013-08-27 18:20 - 00029215 _____ C:\Users\Marie Tretow\Desktop\literarische erörterung.odt
2013-08-23 15:18 - 2013-08-23 15:18 - 00000000 ____D C:\User Data
2013-08-23 15:16 - 2013-08-30 13:24 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-23 15:16 - 2013-08-23 15:16 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\WinZipper
2013-08-20 19:40 - 2013-08-20 19:40 - 00001291 _____ C:\Users\Public\Desktop\Darkness Within 2.lnk
2013-08-20 19:28 - 2013-08-20 19:28 - 00000000 ____D C:\Program Files (x86)\Iceberg Interactive
2013-08-17 15:04 - 2013-08-17 15:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 08:18 - 2013-08-14 08:20 - 00000000 ____D C:\Windows\system32\MRT
2013-08-10 11:34 - 2013-08-10 11:34 - 00000000 ____D C:\Users\Marie Tretow\Documents\Harry Potter und der Gefangene von Askaban
2013-08-10 11:33 - 2013-08-10 11:33 - 00002460 _____ C:\Users\Public\Desktop\Harry Potter und der Gefangene von Askaban(TM).lnk
2013-08-08 22:00 - 2013-08-17 19:38 - 00828671 ____N C:\Users\MARIET~1\AppData\Local\Tempmusic.ogg
2013-08-06 21:16 - 2013-08-17 19:56 - 00013302 _____ C:\Users\Marie Tretow\Desktop\50.odt
2013-08-03 20:38 - 2013-08-03 20:38 - 00000000 ____D C:\ProgramData\Intel
2013-08-03 20:18 - 2013-08-26 07:08 - 00000000 ____D C:\Users\UpdatusUser.Bitch
2013-08-03 20:18 - 2013-08-03 20:18 - 00000020 ___SH C:\Users\UpdatusUser.Bitch\ntuser.ini
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Startmenü
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Lokale Einstellungen
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Eigene Dateien
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Documents\Eigene Musik
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Documents\Eigene Bilder
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\AppData\Local\Verlauf
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\AppData\Local\Anwendungsdaten
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Anwendungsdaten
2013-08-03 20:18 - 2013-03-13 08:21 - 00000000 ____D C:\Users\UpdatusUser.Bitch\AppData\Local\Microsoft Help
2013-08-03 20:18 - 2010-08-21 21:47 - 00000000 ____D C:\Users\UpdatusUser.Bitch\AppData\Local\Power2Go
2013-08-03 20:18 - 2010-04-09 20:15 - 00001188 _____ C:\Users\UpdatusUser.Bitch\Desktop\ASUS Video Magic.lnk
2013-08-03 11:23 - 2013-08-03 12:05 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-08-03 11:22 - 2013-08-03 11:24 - 00000000 ____D C:\Users\Marie Tretow\Documents\Freemake
2013-08-03 11:22 - 2013-08-03 11:22 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-08-01 23:04 - 2013-08-27 17:02 - 00000000 ____D C:\ProgramData\eSafe
2013-08-01 23:03 - 2013-08-20 20:04 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-08-01 23:03 - 2013-08-01 23:04 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\eIntaller
2013-08-01 23:03 - 2013-08-01 23:03 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-08-01 21:37 - 2013-08-01 21:37 - 00000000 ____D C:\Users\Marie Tretow\Documents\My Games
2013-08-01 21:33 - 2013-08-01 21:33 - 00000220 _____ C:\Users\Marie Tretow\Desktop\BioShock Infinite.url
2013-08-01 21:33 - 2013-08-01 21:33 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-08-01 20:43 - 2013-08-30 16:22 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-01 20:43 - 2013-08-01 20:43 - 00000919 _____ C:\Users\Public\Desktop\Steam.lnk

==================== One Month Modified Files and Folders =======

2013-08-31 01:57 - 2013-08-31 01:57 - 00000000 ____D C:\FRST
2013-08-30 16:24 - 2010-04-09 19:48 - 01246382 _____ C:\Windows\WindowsUpdate.log
2013-08-30 16:22 - 2013-08-01 20:43 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-30 16:20 - 2010-04-09 20:28 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-30 16:19 - 2011-09-15 17:46 - 00000340 _____ C:\Windows\Tasks\GlaryInitialize.job
2013-08-30 16:19 - 2011-07-28 20:56 - 00254405 _____ C:\Windows\setupact.log
2013-08-30 16:19 - 2010-05-10 18:09 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2013-08-30 16:19 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 15:46 - 2013-08-30 16:21 - 01579080 _____ (Farbar) C:\Users\Marie Tretow\Desktop\FRST64.exe
2013-08-30 13:24 - 2013-08-23 15:16 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-30 13:09 - 2010-04-09 21:07 - 00002690 _____ C:\Windows\system32\AutoRunFilter.ini
2013-08-30 12:52 - 2010-04-09 20:28 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-30 12:38 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 12:38 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-30 09:11 - 2012-06-21 09:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 16:46 - 2012-04-20 20:08 - 00000956 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-316489635-83786355-3822328436-1001UA.job
2013-08-27 18:29 - 2013-08-27 18:29 - 00000000 ____D C:\Windows\system32\SPReview
2013-08-27 18:20 - 2013-08-25 20:21 - 00029215 _____ C:\Users\Marie Tretow\Desktop\literarische erörterung.odt
2013-08-27 17:02 - 2013-08-01 23:04 - 00000000 ____D C:\ProgramData\eSafe
2013-08-26 18:13 - 2009-08-04 11:51 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-26 18:13 - 2009-08-04 11:51 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-26 18:13 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-26 17:57 - 2013-06-16 19:18 - 00049152 ____H C:\Users\Marie Tretow\Desktop\photothumb.db
2013-08-26 07:08 - 2013-08-03 20:18 - 00000000 ____D C:\Users\UpdatusUser.Bitch
2013-08-25 22:33 - 2012-10-15 16:41 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Bioshock2
2013-08-25 21:14 - 2013-08-25 21:14 - 00014149 _____ C:\Users\Marie Tretow\Desktop\tabelle.odt
2013-08-25 12:35 - 2011-12-01 20:48 - 00628910 _____ C:\Windows\DirectX.log
2013-08-23 20:02 - 2010-04-09 21:07 - 00002071 _____ C:\Windows\system32\ServiceFilter.ini
2013-08-23 15:18 - 2013-08-23 15:18 - 00000000 ____D C:\User Data
2013-08-23 15:18 - 2010-05-10 18:22 - 00001681 _____ C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-23 15:18 - 2010-05-10 18:22 - 00001647 _____ C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-23 15:16 - 2013-08-23 15:16 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\WinZipper
2013-08-23 15:16 - 2011-06-11 02:58 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-08-23 15:16 - 2011-06-11 02:58 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-08-21 21:11 - 2012-06-21 09:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 21:11 - 2012-06-21 09:52 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 21:11 - 2011-11-25 15:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 07:46 - 2012-04-20 20:08 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-316489635-83786355-3822328436-1001Core.job
2013-08-21 07:40 - 2011-08-10 22:01 - 00140490 _____ C:\Windows\PFRO.log
2013-08-20 20:10 - 2010-05-10 20:08 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Macromedia
2013-08-20 20:04 - 2013-08-01 23:03 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-08-20 19:40 - 2013-08-20 19:40 - 00001291 _____ C:\Users\Public\Desktop\Darkness Within 2.lnk
2013-08-20 19:28 - 2013-08-20 19:28 - 00000000 ____D C:\Program Files (x86)\Iceberg Interactive
2013-08-17 19:56 - 2013-08-06 21:16 - 00013302 _____ C:\Users\Marie Tretow\Desktop\50.odt
2013-08-17 19:38 - 2013-08-08 22:00 - 00828671 ____N C:\Users\MARIET~1\AppData\Local\Tempmusic.ogg
2013-08-17 17:19 - 2012-04-27 16:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 15:04 - 2013-08-17 15:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 13:48 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-14 08:20 - 2013-08-14 08:18 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 08:18 - 2011-07-31 10:29 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-10 11:34 - 2013-08-10 11:34 - 00000000 ____D C:\Users\Marie Tretow\Documents\Harry Potter und der Gefangene von Askaban
2013-08-10 11:34 - 2010-05-13 14:15 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-10 11:33 - 2013-08-10 11:33 - 00002460 _____ C:\Users\Public\Desktop\Harry Potter und der Gefangene von Askaban(TM).lnk
2013-08-10 11:29 - 2011-06-05 12:11 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2013-08-05 16:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-03 20:38 - 2013-08-03 20:38 - 00000000 ____D C:\ProgramData\Intel
2013-08-03 20:37 - 2010-04-09 21:02 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-08-03 20:37 - 2010-04-09 21:02 - 00000000 ____D C:\Windows\system32\NV
2013-08-03 20:34 - 2010-04-09 20:58 - 00000000 ____D C:\Program Files (x86)\Intel
2013-08-03 20:19 - 2010-04-09 21:02 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-03 20:18 - 2013-08-03 20:18 - 00000020 ___SH C:\Users\UpdatusUser.Bitch\ntuser.ini
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Startmenü
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Lokale Einstellungen
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Eigene Dateien
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Documents\Eigene Musik
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Documents\Eigene Bilder
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\AppData\Local\Verlauf
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\AppData\Local\Anwendungsdaten
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Anwendungsdaten
2013-08-03 20:18 - 2011-11-05 14:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-03 20:18 - 2010-07-27 21:58 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-03 12:05 - 2013-08-03 11:23 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-08-03 12:05 - 2011-06-07 16:16 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2013-08-03 12:05 - 2010-04-09 20:11 - 00000000 ____D C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2013-08-03 11:24 - 2013-08-03 11:22 - 00000000 ____D C:\Users\Marie Tretow\Documents\Freemake
2013-08-03 11:24 - 2011-06-05 13:05 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\TuneUp Software
2013-08-03 11:24 - 2011-06-05 12:57 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-08-03 11:23 - 2013-04-06 21:50 - 00000000 ____D C:\ProgramData\Freemake
2013-08-03 11:22 - 2013-08-03 11:22 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-08-03 11:22 - 2013-04-06 21:50 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-08-03 11:21 - 2012-04-05 21:32 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\OpenCandy
2013-08-02 07:36 - 2009-07-14 06:45 - 00521096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-01 23:05 - 2010-05-10 18:09 - 00130088 _____ C:\Users\MARIET~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-01 23:04 - 2013-08-01 23:03 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\eIntaller
2013-08-01 23:04 - 2013-03-31 15:04 - 00001376 _____ C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-08-01 23:03 - 2013-08-01 23:03 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-08-01 21:37 - 2013-08-01 21:37 - 00000000 ____D C:\Users\Marie Tretow\Documents\My Games
2013-08-01 21:33 - 2013-08-01 21:33 - 00000220 _____ C:\Users\Marie Tretow\Desktop\BioShock Infinite.url
2013-08-01 21:33 - 2013-08-01 21:33 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-08-01 20:43 - 2013-08-01 20:43 - 00000919 _____ C:\Users\Public\Desktop\Steam.lnk
2013-08-01 20:43 - 2010-05-10 18:09 - 00000000 ____D C:\Users\Marie Tretow

Files to move or delete:
====================
C:\ProgramData\jfofiw.pad
C:\ProgramData\wifofj.dat
C:\Users\MARIET~1\AppData\Local\Temp\eIntaller\82D4D3941A72410eB6BE09C237E29246\eXQ.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-29 21:50

==================== End Of Log ============================

--- --- ---

er hat mir auch noch eins namens 'addition' ausgespuckt, aber das brauchen sie dann wohl nicht ? ansonsten einfach bescheid sagen!

Aneri · 30.08.2013, 15:34

wunderbar, du machst das super bisher ...

Ich sehe da noch einiges an Adware, sogenannten PUP´s (Potentiell unerwünschte Programme), du siehst Sie als Toolbars im Browser oder Werbung beim surfen.

Ach ja die Additions brauch ich noch, stimmt

Um die kümmern wir uns jetzt
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3
Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

zur Kontrolle unserer Arbeit brauche ich wieder ein neues FRST Logfile (Scan Button)
aus dem normel Modus in dem du grade bist.

Chloec · 30.08.2013, 16:16

JRT:
JRT Logfile:

Code:

ATTFilter

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.5 (08.28.2013:1)
OS: Windows 7 Home Premium x64
Ran by Marie Tretow on 30.08.2013 at 16:51:58,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricegong_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricegong_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311301136}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311551178}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Users\Marie Tretow\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Marie Tretow\appdata\locallow\datamngr"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Marie Tretow\AppData\Roaming\mozilla\firefox\profiles\5ebslrln.default\extensions\trtv3@trtv.com.xpi
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{184AA5E6-741D-464A-820E-94B3ABC2F3B4}
Successfully deleted the following from C:\Users\Marie Tretow\AppData\Roaming\mozilla\firefox\profiles\5ebslrln.default\prefs.js

user_pref("extensions.defaulttab.yw3i", "W3i_IA,206,0_0,Search,20120104,18518,0,0,0");
Emptied folder: C:\Users\Marie Tretow\AppData\Roaming\mozilla\firefox\profiles\5ebslrln.default\minidumps [119 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.08.2013 at 17:04:59,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

adwcleaner:
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.001 - Report created 30/08/2013 at 16:42:33
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Marie Tretow - BITCH
# Running from : C:\Users\Marie Tretow\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : winzipersvc
Service Deleted : WsysSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\FunWebProducts
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Users\MARIET~1\AppData\Local\Temp\eIntaller
Folder Deleted : C:\Users\Marie Tretow\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Marie Tretow\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Marie Tretow\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Marie Tretow\AppData\LocalLow\delta
Folder Deleted : C:\Users\Marie Tretow\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Marie Tretow\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Marie Tretow\AppData\Roaming\eIntaller
Folder Deleted : C:\Users\Marie Tretow\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Marie Tretow\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\Conduit
Folder Deleted : C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\ConduitCommon
Folder Deleted : C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\ConduitEngine
Folder Deleted : C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\jetpack
Folder Deleted : C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\SweetIMToolbarData
Folder Deleted : C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\Extensions\engine@conduit.com
File Deleted : C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\Extensions\plugin@yontoo.com.xpi
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml
File Deleted : C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\bProtector_extensions.rdf
File Deleted : C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\\invalidprefs.js
File Deleted : C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\user.js

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader66221_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader66221_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader80345_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader80345_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_anno-1701_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_anno-1701_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-flv-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-flv-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-guitar-tuner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-guitar-tuner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-wav-to-mp3-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-wav-to-mp3-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_seterra_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_seterra_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SearchCore for Browsers
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\delta-homesSoftware
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\V9
Key Deleted : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\prefs.js ]

Line Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2269050.CTID", "CT2269050");
Line Deleted : user_pref("CT2269050.CurrentServerDate", "26-7-2010");
Line Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Mon Jul 26 2010 17:59:23 GMT+0200");
Line Deleted : user_pref("CT2269050.FirstServerDate", "26-7-2010");
Line Deleted : user_pref("CT2269050.FirstTime", true);
Line Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Line Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2269050.Initialize", true);
Line Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2269050.InstalledDate", "Mon Jul 26 2010 17:59:23 GMT+0200");
Line Deleted : user_pref("CT2269050.InvalidateCache", false);
Line Deleted : user_pref("CT2269050.IsGrouping", false);
Line Deleted : user_pref("CT2269050.IsMulticommunity", false);
Line Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Jul 26 2010 17:59:26 GMT+0200");
Line Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Mon Jul 26 2010 17:59:25 GMT+0200");
Line Deleted : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Line Deleted : user_pref("CT2269050.Locale", "en");
Line Deleted : user_pref("CT2269050.LoginCache", 4);
Line Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Line Deleted : user_pref("CT2269050.RadioLastCheckTime", "Mon Jul 26 2010 17:59:25 GMT+0200");
Line Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Line Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Line Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Line Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Line Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Line Deleted : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
Line Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Line Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Jul 26 2010 17:59:25 GMT+0200");
Line Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2269050.SearchProtectorToolbarDisabled", true);
Line Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Mon Jul 26 2010 17:59:22 GMT+0200");
Line Deleted : user_pref("CT2269050.SettingsLastUpdate", "1280150171");
Line Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Jul 26 2010 17:59:21 GMT+0200");
Line Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2269050.ToolbarDisabled", true);
Line Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2269050.UserID", "UN92795977304471884");
Line Deleted : user_pref("CT2269050.WeatherNetwork", "");
Line Deleted : user_pref("CT2269050.WeatherPollDate", "Mon Jul 26 2010 17:59:25 GMT+0200");
Line Deleted : user_pref("CT2269050.WeatherUnit", "C");
Line Deleted : user_pref("CT2269050.alertChannelId", "666138");
Line Deleted : user_pref("CT2269050.clientLogIsEnabled", false);
Line Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2269050.myStuffEnabled", true);
Line Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2736476..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2736476..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2736476..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2736476.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2736476.AppTrackingLastCheckTime", "Sat Jun 18 2011 19:14:13 GMT+0200");
Line Deleted : user_pref("CT2736476.CTID", "ct2736476");
Line Deleted : user_pref("CT2736476.CurrentServerDate", "18-6-2011");
Line Deleted : user_pref("CT2736476.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2736476.DialogsGetterLastCheckTime", "Sat Jun 18 2011 19:14:04 GMT+0200");
Line Deleted : user_pref("CT2736476.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2736476.EMailNotifierPollDate", "Sat Jun 18 2011 19:14:03 GMT+0200");
Line Deleted : user_pref("CT2736476.FeedPollDate129257621460541612", "Sat Jun 18 2011 19:14:03 GMT+0200");
Line Deleted : user_pref("CT2736476.FeedPollDate129257621968979554", "Sat Jun 18 2011 19:14:03 GMT+0200");
Line Deleted : user_pref("CT2736476.FeedPollDate129258323135539557", "Sat Jun 18 2011 19:14:03 GMT+0200");
Line Deleted : user_pref("CT2736476.FirstServerDate", "18-6-2011");
Line Deleted : user_pref("CT2736476.FirstTime", true);
Line Deleted : user_pref("CT2736476.FirstTimeFF3", true);
Line Deleted : user_pref("CT2736476.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2736476.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2736476.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2736476.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2736476.Initialize", true);
Line Deleted : user_pref("CT2736476.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2736476.InstallationAndCookieDataSentCount", 2);
Line Deleted : user_pref("CT2736476.InstallationType", "ConduitIntegration");
Line Deleted : user_pref("CT2736476.InstalledDate", "Sat Jun 18 2011 19:14:03 GMT+0200");
Line Deleted : user_pref("CT2736476.IsGrouping", false);
Line Deleted : user_pref("CT2736476.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2736476.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2736476.LanguagePackLastCheckTime", "Sat Jun 18 2011 19:14:04 GMT+0200");
Line Deleted : user_pref("CT2736476.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2736476.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2736476.LastLogin_3.3.3.2", "Sat Jun 18 2011 19:14:04 GMT+0200");
Line Deleted : user_pref("CT2736476.LatestVersion", "3.3.3.2");
Line Deleted : user_pref("CT2736476.Locale", "de");
Line Deleted : user_pref("CT2736476.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2736476.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2736476.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2736476.SavedHomepage", "hxxp://service.gmx.net/de/cgi/g.fcgi/application/navigator?CUSTOMERNO=50364632&t=de785411446.1289749029.82944a8a\r");
Line Deleted : user_pref("CT2736476.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2736476.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q=");
Line Deleted : user_pref("CT2736476.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2736476.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2736476.SearchInNewTabLastCheckTime", "Sat Jun 18 2011 19:14:04 GMT+0200");
Line Deleted : user_pref("CT2736476.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2736476.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2736476.SearchProtectorToolbarDisabled", true);
Line Deleted : user_pref("CT2736476.ServiceMapLastCheckTime", "Sat Jun 18 2011 19:14:02 GMT+0200");
Line Deleted : user_pref("CT2736476.SettingsLastCheckTime", "Sat Jun 18 2011 19:14:02 GMT+0200");
Line Deleted : user_pref("CT2736476.SettingsLastUpdate", "1307988626");
Line Deleted : user_pref("CT2736476.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2736476.ThirdPartyComponentsLastCheck", "Sat Jun 18 2011 19:14:02 GMT+0200");
Line Deleted : user_pref("CT2736476.ThirdPartyComponentsLastUpdate", "1255344657");
Line Deleted : user_pref("CT2736476.ToolbarDisabled", true);
Line Deleted : user_pref("CT2736476.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2736476");
Line Deleted : user_pref("CT2736476.UserID", "UN71353052747184927");
Line Deleted : user_pref("CT2736476.alertChannelId", "1128724");
Line Deleted : user_pref("CT2736476.ct2736476.AppTrackingLastCheckTime", "Sat Jun 18 2011 19:14:14 GMT+0200");
Line Deleted : user_pref("CT2736476.ct2736476.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2736476.ct2736476.FeedLastCount129257621460541612", 0);
Line Deleted : user_pref("CT2736476.ct2736476.FeedLastCount129257621968979554", 0);
Line Deleted : user_pref("CT2736476.ct2736476.FeedLastCount129258323135539557", 0);
Line Deleted : user_pref("CT2736476.ct2736476.LanguagePackLastCheckTime", "Sat Jun 18 2011 19:14:04 GMT+0200");
Line Deleted : user_pref("CT2736476.ct2736476.Locale", "de");
Line Deleted : user_pref("CT2736476.ct2736476.SettingsLastCheckTime", "Sat Jun 18 2011 19:14:03 GMT+0200");
Line Deleted : user_pref("CT2736476.ct2736476.SettingsLastUpdate", "1307988626");
Line Deleted : user_pref("CT2736476.ct2736476.ThirdPartyComponentsLastCheck", "Sat Jun 18 2011 19:14:03 GMT+0200");
Line Deleted : user_pref("CT2736476.ct2736476.ThirdPartyComponentsLastUpdate", "1255344657");
Line Deleted : user_pref("CT2736476.ct2736476.globalFirstTimeInfoLastCheckTime", "Sat Jun 18 2011 19:14:04 GMT+0200");
Line Deleted : user_pref("CT2736476.ct2736476.toolbarAppMetaDataLastCheckTime", "Sat Jun 18 2011 19:14:04 GMT+0200");
Line Deleted : user_pref("CT2736476.ct2736476.toolbarContextMenuLastCheckTime", "Sat Jun 18 2011 19:14:04 GMT+0200");
Line Deleted : user_pref("CT2736476.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdownload.conduit.com/\"}");
Line Deleted : user_pref("CT2736476.globalFirstTimeInfoLastCheckTime", "Sat Jun 18 2011 19:14:03 GMT+0200");
Line Deleted : user_pref("CT2736476.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2736476.myStuffEnabled", true);
Line Deleted : user_pref("CT2736476.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2736476.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2736476.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2736476.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2736476.testingCtid", "");
Line Deleted : user_pref("CT2736476.toolbarAppMetaDataLastCheckTime", "Sat Jun 18 2011 19:14:03 GMT+0200");
Line Deleted : user_pref("CT2736476.toolbarContextMenuLastCheckTime", "Sat Jun 18 2011 19:14:04 GMT+0200");
Line Deleted : user_pref("CT2736476.undefined", "Sat Jun 18 2011 19:14:03 GMT+0200");
Line Deleted : user_pref("CT3196716..clientLogIsEnabled", false);
Line Deleted : user_pref("CT3196716..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT3196716..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3196716.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT3196716.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_129774122767598898", true);
Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_1359634299000", true);
Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_8478564928926792879", true);
Line Deleted : user_pref("CT3196716.CT3196716", "CT3196716");
Line Deleted : user_pref("CT3196716.CurrentServerDate", "30-3-2013");
Line Deleted : user_pref("CT3196716.DSInstall", true);
Line Deleted : user_pref("CT3196716.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT3196716.DialogsGetterLastCheckTime", "Wed Mar 27 2013 20:25:31 GMT+0100");
Line Deleted : user_pref("CT3196716.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT3196716.EMailNotifierPollDate", "Fri May 04 2012 13:47:20 GMT+0200");
Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129755756828511878", "Fri May 04 2012 13:47:20 GMT+0200");
Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129757581393447276", "Fri May 04 2012 13:47:20 GMT+0200");
Line Deleted : user_pref("CT3196716.FirstServerDate", "4-5-2012");
Line Deleted : user_pref("CT3196716.FirstTime", true);
Line Deleted : user_pref("CT3196716.FirstTimeFF3", true);
Line Deleted : user_pref("CT3196716.FirstTimeHiddenVer", true);
Line Deleted : user_pref("CT3196716.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT3196716.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT3196716.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT3196716.HPInstall", true);
Line Deleted : user_pref("CT3196716.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT3196716.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT3196716.HomepageBeforeUnload", "hxxp://isearch.avg.com?cid=%7Bf1af8378-29fe-40d1-8aaa-190597cf7515%7D&mid=cc4c3ff6b17b47d0a02799127fd7992a-6312e9d28365158213b360b06241c009f2760922&ds=od01[...]
Line Deleted : user_pref("CT3196716.Initialize", true);
Line Deleted : user_pref("CT3196716.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT3196716.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT3196716.InstallationType", "Unknown");
Line Deleted : user_pref("CT3196716.InstalledDate", "Fri May 04 2012 13:47:21 GMT+0200");
Line Deleted : user_pref("CT3196716.InvalidateCache", false);
Line Deleted : user_pref("CT3196716.IsGrouping", false);
Line Deleted : user_pref("CT3196716.IsInitSetupIni", true);
Line Deleted : user_pref("CT3196716.IsMulticommunity", false);
Line Deleted : user_pref("CT3196716.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT3196716.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT3196716.IsProtectorsInit", true);
Line Deleted : user_pref("CT3196716.LanguagePackLastCheckTime", "Sat Mar 30 2013 11:57:52 GMT+0100");
Line Deleted : user_pref("CT3196716.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT3196716.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT3196716.LastLogin_3.12.2.3", "Wed May 30 2012 11:27:32 GMT+0200");
Line Deleted : user_pref("CT3196716.LastLogin_3.13.0.6", "Sun Jul 15 2012 19:47:17 GMT+0200");
Line Deleted : user_pref("CT3196716.LastLogin_3.14.1.0", "Tue Aug 21 2012 15:59:10 GMT+0200");
Line Deleted : user_pref("CT3196716.LastLogin_3.15.1.0", "Fri Nov 09 2012 12:31:40 GMT+0100");
Line Deleted : user_pref("CT3196716.LastLogin_3.16.0.100", "Tue Feb 12 2013 17:30:26 GMT+0100");
Line Deleted : user_pref("CT3196716.LastLogin_3.16.0.3", "Mon Dec 31 2012 11:29:02 GMT+0100");
Line Deleted : user_pref("CT3196716.LastLogin_3.18.0.7", "Sat Mar 30 2013 20:58:15 GMT+0100");
Line Deleted : user_pref("CT3196716.LatestVersion", "3.18.0.7");
Line Deleted : user_pref("CT3196716.Locale", "en");
Line Deleted : user_pref("CT3196716.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT3196716.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT3196716.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT3196716.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT3196716.OriginalFirstVersion", "3.12.2.3");
Line Deleted : user_pref("CT3196716.RadioIsPodcast", false);
Line Deleted : user_pref("CT3196716.RadioLastCheckTime", "Fri May 04 2012 13:47:21 GMT+0200");
Line Deleted : user_pref("CT3196716.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT3196716.RadioLastUpdateServer", "3");
Line Deleted : user_pref("CT3196716.RadioMediaID", "9962");
Line Deleted : user_pref("CT3196716.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT3196716.RadioMenuSelectedID", "EBRadioMenu_CT31967169962");
Line Deleted : user_pref("CT3196716.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT3196716.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT3196716.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT3196716.SavedHomepage", "hxxp://isearch.avg.com?cid=%7Bf1af8378-29fe-40d1-8aaa-190597cf7515%7D&mid=cc4c3ff6b17b47d0a02799127fd7992a-6312e9d28365158213b360b06241c009f2760922&ds=od011&v=11.[...]
Line Deleted : user_pref("CT3196716.SearchCaption", "WiseConvert Customized Web Search");
Line Deleted : user_pref("CT3196716.SearchEngineBeforeUnload", "WiseConvert Customized Web Search");
Line Deleted : user_pref("CT3196716.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=");
Line Deleted : user_pref("CT3196716.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT3196716.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT3196716.SearchInNewTabLastCheckTime", "Sat Mar 30 2013 11:57:49 GMT+0100");
Line Deleted : user_pref("CT3196716.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT3196716.SearchProtectorEnabled", true);
Line Deleted : user_pref("CT3196716.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT3196716.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT3196716.ServiceMapLastCheckTime", "Sat Mar 30 2013 11:57:52 GMT+0100");
Line Deleted : user_pref("CT3196716.SettingsLastCheckTime", "Sat Mar 30 2013 23:13:42 GMT+0100");
Line Deleted : user_pref("CT3196716.SettingsLastUpdate", "1364649139");
Line Deleted : user_pref("CT3196716.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13");
Line Deleted : user_pref("CT3196716.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT3196716.ThirdPartyComponentsLastCheck", "Fri May 04 2012 13:47:20 GMT+0200");
Line Deleted : user_pref("CT3196716.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT3196716.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT3196716.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3196716");
Line Deleted : user_pref("CT3196716.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT3196716.UserID", "UN66518584738854776");
Line Deleted : user_pref("CT3196716.ValidationData_Toolbar", 1);
Line Deleted : user_pref("CT3196716.WeatherNetwork", "");
Line Deleted : user_pref("CT3196716.WeatherPollDate", "Fri May 04 2012 13:47:21 GMT+0200");
Line Deleted : user_pref("CT3196716.WeatherUnit", "C");
Line Deleted : user_pref("CT3196716.alertChannelId", "1613210");
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e.:2z527", "247E70727330333D4634413E3C3E204B40433078322323262428382F3A2C2E2F473032334E5E5F5D645F5A3D62584C354E3F4041413F544B564848486B6E78696C537B70624B6455565[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e06cg5el8:", "6E6D6B706D6E6E73746F");
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737176737474797A75242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D327A344F4849524E562F59593E3540234F4B5561462F48334A414C2F6B616E73706568666B7365757C7878727E6760496253[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444D327A344F4849524E562F5A4F523F364124504C56624730493B4B424D306C626F74716669676C7466767D7979732068614A6[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cjeik4!kk", "247E61393F236B25767177722A212C6E414F444D327A34515557402D57573C333E215E534E5651544E47304928284C434E315D5E67533C554645584F5A6A7E72767276614A6964[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078325348553D494B2D57573C333E215E534E5651544E47304928284C434E315D5E67533C5544574E59666A715D466560437120[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A474D4D5E55607971246E7778257[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("CT3196716.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b-0?3g>d", "3B6F6B6C6A6E72447A75747274207C777E4F254E7C23252A235457275829282A5A5E5E33");
Line Deleted : user_pref("CT3196716.backendstorage./9b-0?3g@6:5;", "");
Line Deleted : user_pref("CT3196716.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Deleted : user_pref("CT3196716.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Line Deleted : user_pref("CT3196716.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Line Deleted : user_pref("CT3196716.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Line Deleted : user_pref("CT3196716.backendstorage./9b5ba==9cjag", "66686A6E6D7470457A424771784A7C4D784B7B4D24");
Line Deleted : user_pref("CT3196716.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B706D6E6E726F76787279");
Line Deleted : user_pref("CT3196716.backendstorage./9b9643g3/9e", "6A");
Line Deleted : user_pref("CT3196716.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Deleted : user_pref("CT3196716.backendstorage./9b<:222h64<", "393F352F3E");
Line Deleted : user_pref("CT3196716.backendstorage./9b=+03eh8h8j?:", "4443");
Line Deleted : user_pref("CT3196716.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("CT3196716.backendstorage./9b?b0d:8aj62<h", "6D");
Line Deleted : user_pref("CT3196716.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Line Deleted : user_pref("CT3196716.backendstorage.cbcountry_001", "4445");
Line Deleted : user_pref("CT3196716.backendstorage.cbfirsttime", "4D6F6E204E6F7620313220323031322032303A31303A323420474D542B30313030");
Line Deleted : user_pref("CT3196716.backendstorage.cbopenmamsettings", "30");
Line Deleted : user_pref("CT3196716.backendstorage.event_data", "253542253544");
Line Deleted : user_pref("CT3196716.backendstorage.fired_events", "");
Line Deleted : user_pref("CT3196716.backendstorage.key_date", "37");
Line Deleted : user_pref("CT3196716.backendstorage.pg_enable", "74727565");
Line Deleted : user_pref("CT3196716.backendstorage.searchappstate", "31");
Line Deleted : user_pref("CT3196716.backendstorage.searchapptracking", "73656E74");
Line Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.exipres", "4D6F6E2053657020323420323031322031393A32313A353220474D542B30323030");
Line Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Line Deleted : user_pref("CT3196716.backendstorage.url_history0001", "687474703A2F2F7777772E656261792E64652F69746D2F3238313033373438343435393F7661723D353830313634363833303136267373506167654E616D653D5354524B3A4D45574[...]
Line Deleted : user_pref("CT3196716.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT3196716.globalFirstTimeInfoLastCheckTime", "Fri May 04 2012 13:47:20 GMT+0200");
Line Deleted : user_pref("CT3196716.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3196716.initDone", true);
Line Deleted : user_pref("CT3196716.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT3196716.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT3196716.myStuffEnabled", true);
Line Deleted : user_pref("CT3196716.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT3196716.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT3196716.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT3196716.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT3196716.navigateToUrlOnSearch", false);
Line Deleted : user_pref("CT3196716.revertSettingsEnabled", true);
Line Deleted : user_pref("CT3196716.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT3196716.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3196716.testingCtid", "");
Line Deleted : user_pref("CT3196716.toolbarAppMetaDataLastCheckTime", "Sat Mar 30 2013 11:57:52 GMT+0100");
Line Deleted : user_pref("CT3196716.toolbarContextMenuLastCheckTime", "Fri May 04 2012 13:47:21 GMT+0200");
Line Deleted : user_pref("CT3196716.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2736476");
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "WiseConvert Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3196716/CT3196716", "\"bf3473ba2b1e2f370297e2804e1477fd3\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/GetHostedFeedRss?alertID=666138&alertFeedId=661999", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1128724/1124413/DE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2736476", "\"1288777414\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3196716", "\"1340259244\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2736476", "\"1288777414\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "hrY3aRo68pvVAKwJTjMFmA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wNaokyQn90mMItP1sym06A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "uwY9T5AsudBxjradvWCAOA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "D/tN3YiKFksK+RjZytPhIA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "bM8wQLfFAEKgVLVF/G5zig==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "ZdrYrsEQox0wVf3yXX8zTQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "9zRvKErdMb8hJOq85ft5Vg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2736476", "\"634434930587600000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3196716", "\"f37920d9b1c98697d4d3d176616327e0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2736476/CT2736476", "\"1307988626\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2736476/CT2736476", "\"1307988626\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634432176643630000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4be2ef415d80b413c1acc9d7da4745b1\"");
Line Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Marie Tretow\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5ebslrln.default\\conduitCommon\\modules\\3.12.2.3");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_fd6215d7", "356x332");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine,CT2736476,CT3196716");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT2736476,CT3196716");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3196716");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 30 2011 18:32:43 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Aug 18 2011 16:06:13 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Aug 18 2011 06:43:56 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{218d8790-24eb-4450-bbf7-e60b8af1b0d5}");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri May 04 2012 15:34:47 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "2762d4ab-00e0-4734-9316-dad680a05664");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3196716");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://isearch.avg.com?cid=%7Bf1af8378-29fe-40d1-8aaa-190597cf7515%7D&mid=cc4c3ff6b17b47d0a02799127fd7992a-6312e9d28365158213b360b06241c009f2760922&ds=o[...]
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Aug 15 2011 18:27:19 GMT+0200");
Line Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Apr 30 2011 18:33:02 GMT+0200");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "04/30/2011 19");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Apr 30 2011 18:33:02 GMT+0200");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Apr 30 2011 18:33:02 GMT+0200");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Apr 30 2011 22:33:04 GMT+0200");
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Apr 30 2011 22:32:42 GMT+0200");
Line Deleted : user_pref("ConduitEngine.UserID", "UN38490384585509196");
Line Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Line Deleted : user_pref("ConduitEngine.engineLocale", "de");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Apr 30 2011 18:33:02 GMT+0200");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Apr 30 2011 22:33:03 GMT+0200");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Deleted : user_pref("browser.search.defaultthis.engineName", "WiseConvert Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "delta-homes");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100482");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "4049b7ed000000000000485b393370d9");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "4049b7ed000000000000485b393370d9");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15375");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:24:17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.crossrider.bic", "1403bb5480141a7bd26e435abf96ce81");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "5");
Line Deleted : user_pref("extensions.delta.cntry", "DE");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.hdrMd5", "BE97480306CF83B53AACDFF181340396");
Line Deleted : user_pref("extensions.delta.id", "4049b7ed0000000000001a4bd6a6da41");
Line Deleted : user_pref("extensions.delta.instlDay", "15920");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.22.011:22:56");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "azb");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.011:22:56");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4963");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.enabledItems", "{334bcc85-0c81-4a39-975b-4f6e1ec0e875}:1.0,{53312af9-5dfd-456d-b66a-d5ecbae18ae1}:1.0,{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778,{CAFEEFAC-0016-0000-0020-A[...]
Line Deleted : user_pref("extensions.facemoods.aflt", "_#gppc");
Line Deleted : user_pref("extensions.facemoods.firstRun", false);
Line Deleted : user_pref("extensions.facemoods.lastActv", "18");
Line Deleted : user_pref("extensions.helperbar.Country", "Germany");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 22744285);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", true);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.UserID", "53312af9-5dfd-456d-b66a-d5ecbae18ae1");
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.inboxcomtoolbar@inbox.com.update.url", "hxxp://toolbar.inbox.com/toolbar/firefox/update.aspx?version=%ITEM_VERSION%&status=%ITEM_STATUS%&appVersion=%APP_VERSION%&appOS=%APP_OS%&a[...]
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\DivX\\\\DivX Plus Web Playe[...]
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,SanitySwitch,PageRage,PageRageGlobal,");
Line Deleted : user_pref("extentions.y2layers.installId", "a3cdb714-317a-4dab-adb0-817fccf6f66f");
Line Deleted : user_pref("ibxcomtb.defSrchURL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Line Deleted : user_pref("ibxcomtb.ibxHP", "hxxp://www.inbox.com/homepage.aspx?tbid=80012&lng=de");
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.defSearchChange", true);
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1318141672);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Deleted : user_pref("icqtoolbar.history", "sweetim%20facebook||papi%20englisch||papi%20jennifer%20lopiz%20lyrics||apetitz%C3%BCgler||ww||asus%20x64j||windows%207%2032%20bit||epson%20stylus%20D92||bundweite||ric[...]
Line Deleted : user_pref("icqtoolbar.hpChange", true);
Line Deleted : user_pref("icqtoolbar.icqgeo", 49);
Line Deleted : user_pref("icqtoolbar.installTime", "1318620158");
Line Deleted : user_pref("icqtoolbar.newtab_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "7.0.1");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uninstStatSent", true);
Line Deleted : user_pref("icqtoolbar.uniqueID", "130771110713077104741307796813557");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1318614992);
Line Deleted : user_pref("icqtoolbar.userEngineApproved", true);
Line Deleted : user_pref("icqtoolbar.userHpApproved", true);
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 1);
Line Deleted : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", true);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "de");
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{12CA7AA8-8F9B-4814-9C1D-7869F7353F32}");
Line Deleted : user_pref("sweetim.toolbar.version", "1.2.0.2");

[ File : C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\su8xehji.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [71894 octets] - [30/08/2013 16:41:33]
AdwCleaner[S0].txt - [69217 octets] - [30/08/2013 16:42:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [69278 octets] ##########

--- --- ---

neues frst:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Marie Tretow (administrator) on 30-08-2013 17:12:10
Running from C:\Users\Marie Tretow\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1736704 2009-12-24] ()
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKCU\...\Run: [Facebook Update] - C:\Users\Marie Tretow\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-27] (Facebook Inc.)
HKCU\...\Run: [Personal ID] - C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE [1132984 2012-09-12] (coolspot AG, Düsseldorf)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1811880 2013-08-28] (Valve Corporation)
MountPoints2: {440679f9-41d5-11e1-a7a0-485b393370d9} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe [50472 2009-04-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-11-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7109248 2010-01-13] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [DivX Download Manager] - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
AppInit_DLLs:   C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9500325AS_6VE653L7XXXX6VE653L7&ts=1377263882
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9500325AS_6VE653L7XXXX6VE653L7&ts=1377263882
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default
FF Homepage: hxxp://www.gmx.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marie Tretow\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: LavaFox V2 - C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\Extensions\info@djzig.com
FF Extension: DownloadHelper - C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: amznUWL2 - C:\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

==================== Services (Whitelisted) =================

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2011-02-21] ()
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-05-27] ()

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-07-14] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-07-14] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
U3 tmlwf; 
U3 tmwfp; 
S3 vvftav; system32\drivers\vvftav.sys [x]
S3 ZSMC0305; System32\Drivers\usbVM305.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-30 17:06 - 2013-08-30 17:06 - 00448512 _____ (OldTimer Tools) C:\Users\Marie Tretow\Downloads\TFC.exe
2013-08-30 17:04 - 2013-08-30 17:05 - 00002055 _____ C:\Users\Marie Tretow\Desktop\JRT.txt
2013-08-30 16:51 - 2013-08-30 16:51 - 00069387 _____ C:\Users\Marie Tretow\Desktop\AdwCleaner[S0].txt
2013-08-30 16:51 - 2013-08-30 16:51 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 16:50 - 2013-08-30 16:50 - 01023533 _____ (Thisisu) C:\Users\Marie Tretow\Downloads\JRT.exe
2013-08-30 16:41 - 2013-08-30 16:43 - 00000000 ____D C:\AdwCleaner
2013-08-30 16:41 - 2013-08-30 16:41 - 00994642 _____ C:\Users\Marie Tretow\Downloads\adwcleaner.exe
2013-08-30 16:27 - 2013-08-30 16:27 - 00158080 _____ C:\Users\Marie Tretow\Desktop\Addition.txt
2013-08-30 16:21 - 2013-08-30 15:46 - 01579080 _____ (Farbar) C:\Users\Marie Tretow\Desktop\FRST64.exe
2013-08-27 18:29 - 2013-08-27 18:29 - 00000000 ____D C:\Windows\system32\SPReview
2013-08-25 21:14 - 2013-08-25 21:14 - 00014149 _____ C:\Users\Marie Tretow\Desktop\tabelle.odt
2013-08-25 20:21 - 2013-08-27 18:20 - 00029215 _____ C:\Users\Marie Tretow\Desktop\literarische erörterung.odt
2013-08-23 15:18 - 2013-08-23 15:18 - 00000000 ____D C:\User Data
2013-08-20 19:40 - 2013-08-20 19:40 - 00001291 _____ C:\Users\Public\Desktop\Darkness Within 2.lnk
2013-08-20 19:28 - 2013-08-20 19:28 - 00000000 ____D C:\Program Files (x86)\Iceberg Interactive
2013-08-17 15:04 - 2013-08-17 15:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 08:18 - 2013-08-14 08:20 - 00000000 ____D C:\Windows\system32\MRT
2013-08-10 11:34 - 2013-08-10 11:34 - 00000000 ____D C:\Users\Marie Tretow\Documents\Harry Potter und der Gefangene von Askaban
2013-08-10 11:33 - 2013-08-10 11:33 - 00002460 _____ C:\Users\Public\Desktop\Harry Potter und der Gefangene von Askaban(TM).lnk
2013-08-08 22:00 - 2013-08-17 19:38 - 00828671 ____N C:\Users\MARIET~1\AppData\Local\Tempmusic.ogg
2013-08-06 21:16 - 2013-08-17 19:56 - 00013302 _____ C:\Users\Marie Tretow\Desktop\50.odt
2013-08-03 20:38 - 2013-08-03 20:38 - 00000000 ____D C:\ProgramData\Intel
2013-08-03 20:18 - 2013-08-26 07:08 - 00000000 ____D C:\Users\UpdatusUser.Bitch
2013-08-03 20:18 - 2013-08-03 20:18 - 00000020 ___SH C:\Users\UpdatusUser.Bitch\ntuser.ini
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Startmenü
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Lokale Einstellungen
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Eigene Dateien
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Documents\Eigene Musik
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Documents\Eigene Bilder
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\AppData\Local\Verlauf
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\AppData\Local\Anwendungsdaten
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Anwendungsdaten
2013-08-03 20:18 - 2013-03-13 08:21 - 00000000 ____D C:\Users\UpdatusUser.Bitch\AppData\Local\Microsoft Help
2013-08-03 20:18 - 2010-08-21 21:47 - 00000000 ____D C:\Users\UpdatusUser.Bitch\AppData\Local\Power2Go
2013-08-03 20:18 - 2010-04-09 20:15 - 00001188 _____ C:\Users\UpdatusUser.Bitch\Desktop\ASUS Video Magic.lnk
2013-08-03 11:23 - 2013-08-03 12:05 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-08-03 11:22 - 2013-08-03 11:24 - 00000000 ____D C:\Users\Marie Tretow\Documents\Freemake
2013-08-03 11:22 - 2013-08-03 11:22 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-08-01 21:37 - 2013-08-01 21:37 - 00000000 ____D C:\Users\Marie Tretow\Documents\My Games
2013-08-01 21:33 - 2013-08-01 21:33 - 00000220 _____ C:\Users\Marie Tretow\Desktop\BioShock Infinite.url
2013-08-01 21:33 - 2013-08-01 21:33 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-08-01 20:43 - 2013-08-30 17:10 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-01 20:43 - 2013-08-01 20:43 - 00000919 _____ C:\Users\Public\Desktop\Steam.lnk

==================== One Month Modified Files and Folders =======

2013-08-31 01:57 - 2013-08-31 01:57 - 00000000 ____D C:\FRST
2013-08-30 17:11 - 2012-06-21 09:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-30 17:10 - 2013-08-01 20:43 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-30 17:10 - 2010-04-09 20:28 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-30 17:09 - 2011-09-15 17:46 - 00000340 _____ C:\Windows\Tasks\GlaryInitialize.job
2013-08-30 17:09 - 2011-07-28 20:56 - 00254517 _____ C:\Windows\setupact.log
2013-08-30 17:09 - 2010-05-10 18:09 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2013-08-30 17:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 17:08 - 2010-04-09 19:48 - 01251696 _____ C:\Windows\WindowsUpdate.log
2013-08-30 17:06 - 2013-08-30 17:06 - 00448512 _____ (OldTimer Tools) C:\Users\Marie Tretow\Downloads\TFC.exe
2013-08-30 17:05 - 2013-08-30 17:04 - 00002055 _____ C:\Users\Marie Tretow\Desktop\JRT.txt
2013-08-30 16:55 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 16:55 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-30 16:52 - 2010-04-09 20:28 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-30 16:51 - 2013-08-30 16:51 - 00069387 _____ C:\Users\Marie Tretow\Desktop\AdwCleaner[S0].txt
2013-08-30 16:51 - 2013-08-30 16:51 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 16:50 - 2013-08-30 16:50 - 01023533 _____ (Thisisu) C:\Users\Marie Tretow\Downloads\JRT.exe
2013-08-30 16:43 - 2013-08-30 16:41 - 00000000 ____D C:\AdwCleaner
2013-08-30 16:43 - 2013-03-31 15:04 - 00001077 _____ C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-08-30 16:43 - 2010-05-10 18:22 - 00001178 _____ C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-30 16:43 - 2010-05-10 18:22 - 00000999 _____ C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-30 16:41 - 2013-08-30 16:41 - 00994642 _____ C:\Users\Marie Tretow\Downloads\adwcleaner.exe
2013-08-30 16:27 - 2013-08-30 16:27 - 00158080 _____ C:\Users\Marie Tretow\Desktop\Addition.txt
2013-08-30 15:46 - 2013-08-30 16:21 - 01579080 _____ (Farbar) C:\Users\Marie Tretow\Desktop\FRST64.exe
2013-08-30 13:09 - 2010-04-09 21:07 - 00002690 _____ C:\Windows\system32\AutoRunFilter.ini
2013-08-29 16:46 - 2012-04-20 20:08 - 00000956 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-316489635-83786355-3822328436-1001UA.job
2013-08-27 18:29 - 2013-08-27 18:29 - 00000000 ____D C:\Windows\system32\SPReview
2013-08-27 18:20 - 2013-08-25 20:21 - 00029215 _____ C:\Users\Marie Tretow\Desktop\literarische erörterung.odt
2013-08-26 18:13 - 2009-08-04 11:51 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-26 18:13 - 2009-08-04 11:51 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-26 18:13 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-26 17:57 - 2013-06-16 19:18 - 00049152 ____H C:\Users\Marie Tretow\Desktop\photothumb.db
2013-08-26 07:08 - 2013-08-03 20:18 - 00000000 ____D C:\Users\UpdatusUser.Bitch
2013-08-25 22:33 - 2012-10-15 16:41 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Bioshock2
2013-08-25 21:14 - 2013-08-25 21:14 - 00014149 _____ C:\Users\Marie Tretow\Desktop\tabelle.odt
2013-08-25 12:35 - 2011-12-01 20:48 - 00628910 _____ C:\Windows\DirectX.log
2013-08-23 20:02 - 2010-04-09 21:07 - 00002071 _____ C:\Windows\system32\ServiceFilter.ini
2013-08-23 15:18 - 2013-08-23 15:18 - 00000000 ____D C:\User Data
2013-08-23 15:16 - 2011-06-11 02:58 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-08-23 15:16 - 2011-06-11 02:58 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-08-21 21:11 - 2012-06-21 09:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 21:11 - 2012-06-21 09:52 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 21:11 - 2011-11-25 15:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 07:46 - 2012-04-20 20:08 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-316489635-83786355-3822328436-1001Core.job
2013-08-21 07:40 - 2011-08-10 22:01 - 00140490 _____ C:\Windows\PFRO.log
2013-08-20 20:10 - 2010-05-10 20:08 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Macromedia
2013-08-20 19:40 - 2013-08-20 19:40 - 00001291 _____ C:\Users\Public\Desktop\Darkness Within 2.lnk
2013-08-20 19:28 - 2013-08-20 19:28 - 00000000 ____D C:\Program Files (x86)\Iceberg Interactive
2013-08-17 19:56 - 2013-08-06 21:16 - 00013302 _____ C:\Users\Marie Tretow\Desktop\50.odt
2013-08-17 19:38 - 2013-08-08 22:00 - 00828671 ____N C:\Users\MARIET~1\AppData\Local\Tempmusic.ogg
2013-08-17 17:19 - 2012-04-27 16:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 15:04 - 2013-08-17 15:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 13:48 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-14 08:20 - 2013-08-14 08:18 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 08:18 - 2011-07-31 10:29 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-10 11:34 - 2013-08-10 11:34 - 00000000 ____D C:\Users\Marie Tretow\Documents\Harry Potter und der Gefangene von Askaban
2013-08-10 11:34 - 2010-05-13 14:15 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-10 11:33 - 2013-08-10 11:33 - 00002460 _____ C:\Users\Public\Desktop\Harry Potter und der Gefangene von Askaban(TM).lnk
2013-08-10 11:29 - 2011-06-05 12:11 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2013-08-05 16:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-03 20:38 - 2013-08-03 20:38 - 00000000 ____D C:\ProgramData\Intel
2013-08-03 20:37 - 2010-04-09 21:02 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-08-03 20:37 - 2010-04-09 21:02 - 00000000 ____D C:\Windows\system32\NV
2013-08-03 20:34 - 2010-04-09 20:58 - 00000000 ____D C:\Program Files (x86)\Intel
2013-08-03 20:19 - 2010-04-09 21:02 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-03 20:18 - 2013-08-03 20:18 - 00000020 ___SH C:\Users\UpdatusUser.Bitch\ntuser.ini
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Startmenü
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Lokale Einstellungen
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Eigene Dateien
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Documents\Eigene Musik
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Documents\Eigene Bilder
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\AppData\Local\Verlauf
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\AppData\Local\Anwendungsdaten
2013-08-03 20:18 - 2013-08-03 20:18 - 00000000 _SHDL C:\Users\UpdatusUser.Bitch\Anwendungsdaten
2013-08-03 20:18 - 2011-11-05 14:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-03 20:18 - 2010-07-27 21:58 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-03 12:05 - 2013-08-03 11:23 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-08-03 12:05 - 2011-06-07 16:16 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2013-08-03 12:05 - 2010-04-09 20:11 - 00000000 ____D C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2013-08-03 11:24 - 2013-08-03 11:22 - 00000000 ____D C:\Users\Marie Tretow\Documents\Freemake
2013-08-03 11:24 - 2011-06-05 13:05 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\TuneUp Software
2013-08-03 11:24 - 2011-06-05 12:57 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-08-03 11:23 - 2013-04-06 21:50 - 00000000 ____D C:\ProgramData\Freemake
2013-08-03 11:22 - 2013-08-03 11:22 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-08-03 11:22 - 2013-04-06 21:50 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-08-02 07:36 - 2009-07-14 06:45 - 00521096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-01 23:05 - 2010-05-10 18:09 - 00130088 _____ C:\Users\MARIET~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-01 21:37 - 2013-08-01 21:37 - 00000000 ____D C:\Users\Marie Tretow\Documents\My Games
2013-08-01 21:33 - 2013-08-01 21:33 - 00000220 _____ C:\Users\Marie Tretow\Desktop\BioShock Infinite.url
2013-08-01 21:33 - 2013-08-01 21:33 - 00000000 ____D C:\Users\Marie Tretow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-08-01 20:43 - 2013-08-01 20:43 - 00000919 _____ C:\Users\Public\Desktop\Steam.lnk
2013-08-01 20:43 - 2010-05-10 18:09 - 00000000 ____D C:\Users\Marie Tretow

Files to move or delete:
====================
C:\ProgramData\jfofiw.pad
C:\ProgramData\wifofj.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-29 21:50

==================== End Of Log ============================

--- --- ---

Aneri · 31.08.2013, 00:01

da ist ja richtig was los gewesen an adware ...

so gehts weiter:
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

und als zweiter Schritt:

Achtung der Scanner kann mehrere Stunden laufen, plan die Zeit ein...

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

und dann suchen wir nach Sicherheitslücken...
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Chloec · 31.08.2013, 14:24

sooooooo:

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.31.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Marie Tretow :: BITCH [Administrator]

31.08.2013 10:16:48
mbam-log-2013-08-31 (10-16-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 286963
Laufzeit: 10 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFF39A40-C163-4d5d-B073-52FBB55C646A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 58
C:\ProgramData\wifofj.dat (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\AcroIEHelpe068.dll (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\jashla.exe (Rootkit.0Access.XGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5051\components\AcroFF0510.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5051\components\AcroFF0515.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5051\components\AcroFF0516.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5051\components\AcroFF0517.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5051\components\AcroFF0518.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5053\components\AcroFF0535.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5053\components\AcroFF0536.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5053\components\AcroFF0537.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5053\components\AcroFF0538.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5054\components\AcroFF0540.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5054\components\AcroFF0545.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5054\components\AcroFF0546.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5054\components\AcroFF0547.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5054\components\AcroFF0548.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5055\components\AcroFF0550.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5055\components\AcroFF0555.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5055\components\AcroFF0556.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5055\components\AcroFF0557.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5055\components\AcroFF0558.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5056\components\AcroFF0560.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5056\components\AcroFF0565.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5056\components\AcroFF0566.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5056\components\AcroFF0567.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5056\components\AcroFF0568.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5058\components\AcroFF0580.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5058\components\AcroFF0585.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5058\components\AcroFF0586.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5058\components\AcroFF0587.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5058\components\AcroFF0588.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5059\components\AcroFF0590.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5059\components\AcroFF0595.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5059\components\AcroFF0596.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5059\components\AcroFF0597.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5059\components\AcroFF0598.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5060\components\AcroFF0600.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5060\components\AcroFF0605.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5060\components\AcroFF0606.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5060\components\AcroFF0607.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5060\components\AcroFF0608.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5061\components\AcroFF0610.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5061\components\AcroFF0615.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5061\components\AcroFF0616.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5061\components\AcroFF0617.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5061\components\AcroFF0618.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5062\components\AcroFF0620.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5062\components\AcroFF0625.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5062\components\AcroFF0626.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5062\components\AcroFF0627.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5062\components\AcroFF0628.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5063\components\AcroFF0630.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5063\components\AcroFF0635.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5063\components\AcroFF0637.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5063\components\AcroFF0638.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5064\components\AcroFF0640.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marie Tretow\AppData\Roaming\5064\components\AcroFF0649.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8a7ba902d73e854586938f0e565ec46f
# engine=14962
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-31 01:01:44
# local_time=2013-08-31 03:01:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776574 66 94 95191 129583954 0 0
# scanned=370986
# found=12
# cleaned=0
# scan_time=15217
sh=F180DEFA96A16DA39C7989A35BF5631B59C3DBBB ft=1 fh=bf6c06fa3ebb6603 vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll.vir"
sh=4E87476DC084C0FD24240ED0540A5A2B77551FF3 ft=1 fh=d730a63e5b652eb9 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll.vir"
sh=354BDD57F49997D0A1AB3BADA1339CB33765898B ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marie Tretow\AppData\Roaming\Mozilla\Firefox\Profiles\5ebslrln.default\Extensions\plugin@yontoo.com.xpi.vir"
sh=6B12C21E811BBDDB55704850B3C14533FF44E27D ft=1 fh=22cdfbe160e71879 vn="Win32/Moure.E trojan" ac=I fn="C:\FRST\Quarantine\piymqepfxejmfcrkm.exe"
sh=0DD5E6D544A061F87953F80EED4826EBC30B88C8 ft=1 fh=51dcea84a1294f60 vn="a variant of Win32/Spy.Banker.YIL trojan" ac=I fn="C:\Users\Marie Tretow\AppData\Roaming\5052\components\AcroFF0520.dll"
sh=132C760B37CF4A2966709A38FB1656376F0CE35B ft=1 fh=ecdcf2ed015c1ccd vn="a variant of Win32/Spy.Banker.YIL trojan" ac=I fn="C:\Users\Marie Tretow\AppData\Roaming\5052\components\AcroFF0525.dll"
sh=16921FEBD28866A52DEA1DA79E43AC9E661D7F79 ft=1 fh=9a86eaa06ab03aa8 vn="a variant of Win32/Spy.Banker.YIL trojan" ac=I fn="C:\Users\Marie Tretow\AppData\Roaming\5052\components\AcroFF0526.dll"
sh=1903427E210D38475454E4F9CEDFC9C2B3DDCD33 ft=1 fh=c7ebdbe6db765fe8 vn="a variant of Win32/Spy.Banker.YIL trojan" ac=I fn="C:\Users\Marie Tretow\AppData\Roaming\5052\components\AcroFF0527.dll"
sh=3E93B79CB8919C573E23DB2E23C3F29A47D2BCC1 ft=1 fh=b5d475ce5d8eaa79 vn="a variant of Win32/Spy.Banker.YIL trojan" ac=I fn="C:\Users\Marie Tretow\AppData\Roaming\5052\components\AcroFF0528.dll"
sh=1F6EDF68C7362AEB4B598A98FE19D97FBC73F6C2 ft=1 fh=252346561d7dd786 vn="Win32/Spy.Banker.WZJ trojan" ac=I fn="C:\Users\Marie Tretow\AppData\Roaming\5053\components\AcroFF0530.dll"
sh=719BF5249CF2EE3F69D7A9057995DC860C0C336A ft=1 fh=c71c0011d330809e vn="a variant of Win32/Spy.Banker.YAH trojan" ac=I fn="C:\Users\Marie Tretow\AppData\Roaming\5063\components\AcroFF0636.dll"

Code:

ATTFilter

 wie Results of screen317's Security Check version 0.99.72  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!! 
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 21  
 Java version out of Date! 
 Adobe Flash Player 11.8.800.94  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (23.0.1) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

30.08.2013, 14:55	#4
Aneri /// Malwareteam	GVU Trojaner - Abgesicherter Modus fährt alleine runter nein die recovery umgebung ist normal x Wenn du im Notepad bist geh auf speicher unter und schau dann bitte nochmal nach ... __________________ Gruß Aneri Mitglied von UNITE Lob oder Kritik? hier wirst du es los

30.08.2013, 15:23	#10
Aneri /// Malwareteam	GVU Trojaner - Abgesicherter Modus fährt alleine runter Scan bitte __________________ Gruß Aneri Mitglied von UNITE Lob oder Kritik? hier wirst du es los

GVU Trojaner - Abgesicherter Modus fährt alleine runter

Log-Analyse und Auswertung: GVU Trojaner - Abgesicherter Modus fährt alleine runter