Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PC hängt sich ständig auf (https://www.trojaner-board.de/121611-pc-haengt-staendig.html)

Raccoon 08.08.2012 23:18
PC hängt sich ständig auf
 
Hallo,

seit ca. 2 Monaten habe ich das folgende Problem, das mein PC ab und zu hängen bleibt.
Folgende Symptome:

- Wenn der PC gestartet wird, bleibt er oft, nachdem des Desktop angezeigt wurde, hängen. Nichts funktioniert mehr, keine Maus, Tastatur oder Task-Manager. Da hilft nur noch reseten.
- Wenn ich dann neustarte, kommt es öfters mal vor, dass der PC nicht mal mehr zum Desktop schafft - alles schwarz und es geht nicht mehr weiter.
- Nach mehreren Neustarts funktioniert es irgendwann mal wieder (aufhängen tut er sich spätestens unmittelbar nach der Desktopanzeige, sollte er jedoch 1-2 Minuten laufen, hängt er sich nicht mehr auf!)
- Sollte der PC dann aber im Betrieb sein, passiert es, dass in unregelmäßigen Abständen sich immer die Maus aus- und kurz darauf wieder einschaltet (ca. 10 Sekunden Pause). Dieses Problem zeigte sich übrigens als Vorbote. Erst ein paar Wochen später kam es zu diesem Aufhängen.

Jedenfalls ist es nun so, dass bei 50% der Fälle ich den PC immer wieder neustarten muss, bis er endlich geht - das nervt auf Dauer richtig!
Leider weiß ich nicht, ob da nun ein Hard- oder Softwarefehler vorliegt oder doch irgendwelche Viren dafür verantwortlich sind.
Mein Internet sowie meine gesamten PC-Programme laufen dagegen einwandfrei.

Könnt ihr mir bitte helfen?

Gruß
Raccoon

t'john 09.08.2012 09:46
:hallo:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Raccoon 09.08.2012 16:59
So, einmal Anti-Malware:


Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.09.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dennis Minaev :: VISTA [Administrator]

Schutz: Deaktiviert

09.08.2012 13:52:31
mbam-log-2012-08-09 (17-26-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 533039
Laufzeit: 3 Stunde(n), 30 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Dennis Minaev\Documents\Downloads\sim_city_2000_installer.exe (Adware.Onlinegames) -> Keine Aktion durchgeführt.

(Ende)



Und OTL:
OTL Logfile:
Code:
OTL Extras logfile created on: 09.08.2012 17:30:08 - Run 4
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Dennis Minaev\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 39,39% Memory free
6,71 Gb Paging File | 4,60 Gb Available in Paging File | 68,62% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 274,22 Gb Free Space | 58,88% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 103,74 Gb Free Space | 22,27% Space Free | Partition Type: NTFS
 
Computer Name: VISTA | User Name: Dennis Minaev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /n ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- C:\Program Files\ACDSee32\ACDSee32.exe "%1" (ACD Systems, Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04901DFE-8C7E-4F67-B6AF-8EDF5B826C77}" = lport=5357 | protocol=6 | dir=in | app=system |
"{1039C642-F1B5-4F80-A55F-840543363943}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1E81B88C-F371-49AF-87CC-49B344101E25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F38DE50-39DE-40CC-9E31-F12C6EF6BC38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{285ADCD1-D52D-4B25-8884-70D366106A6D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{2AFDB6EB-5AF8-409B-916F-1EC8EB91E36A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{2FBD663F-89E9-436C-9B6D-B81451CDF5E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D3854B7-542E-4A89-B495-991C67BE6EBC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3FC0C19F-CA99-47FC-86AE-7B02519F549C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{419ADD04-2EB3-44D0-9217-DE24C45DC4D5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{45B824F8-1919-467E-9F19-2FEA78112130}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5BF3E3C3-D275-4D2C-9BBD-9F94B410AC1D}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{62AAFF48-A0C8-4AB4-B723-268063CD3829}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{7160BC9F-DBB2-40BA-AE3F-1D048C776E1D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{724D4F68-2ABF-4D53-A888-8C975D98AA69}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7E60EDD9-82C7-4DDD-B79D-229EA676DBC6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80DFF985-F25A-4214-AD3D-190094EEF4F7}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{90D6DD9C-1FE4-4CAF-B8FD-F0EF0DF3C81D}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{944D5030-41CC-4BC8-9325-D5DC62599E26}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{944EE6CF-A759-4F81-B3D9-39600856CCF5}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{988ACA30-494C-4CD9-B468-15D89E1FBEBA}" = rport=5357 | protocol=6 | dir=out | app=system |
"{9C7DB031-2825-4D94-B30E-0D7B1546BD20}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{A390A5D6-4E01-4E03-89ED-7AD57A505A45}" = rport=5358 | protocol=6 | dir=out | app=system |
"{AAE59ED1-4ACF-45BA-9F47-F43F85F702F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD49EC96-249B-4B08-BD84-CA1482445418}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{AD7FAB37-E9F2-409D-99B3-71FFB8753F63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B15158B1-0A1B-4E81-B302-34B9BC7664D1}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{B1627CF0-2581-49BD-8D4C-BE913D718450}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{B7B2B78B-0121-498B-871B-EF0957D67DD3}" = lport=5358 | protocol=6 | dir=in | app=system |
"{BEF6B557-C4F1-4123-8C9A-C01AFC02448C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C2B02B08-D2A1-4105-8388-2837BC51CD45}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{C9DFFA65-0E48-4647-88DC-3DF3E20ABCC1}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{CDBE9007-E07D-4D9F-9794-2630625DF170}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{DA2C7541-9E1A-4103-8149-0CDDFF2E0DF9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{DB994089-A146-4097-84D4-28E1D957FBEE}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{DEDD5018-A987-48BD-AC5F-4CD25F92C1CF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E131D73A-558F-46F8-94E6-D736991599AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E29A25F6-F313-4859-9312-65A6F082E3AC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EBC892FA-376B-4BC4-9F88-2B1DDA6031E8}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{F729C4E2-CEB8-4468-A1F8-EC7766FD9C7B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F8D6B00E-7F2F-46B1-A0D8-DE541AE8D90F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0068703D-837D-4598-8F16-DE22E73DE819}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{02FAA4D5-247E-4295-8E67-EE8D4514EA59}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{043C8CF1-60C6-4E46-BD80-D90B4B31EFBD}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{057814F3-D4CD-4A17-8FD6-91E79A92852A}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{0A6B600A-2975-4337-B405-4C821AB10ADE}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{13036C6E-C1C0-4DF6-AC33-9566BE8670F0}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{185FE192-53DF-47A2-B23E-6727C7039EEA}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{1A86E4FF-7111-442F-9F78-A2917AFC5D25}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{1BB4BB92-126B-4F7C-87F0-BC4F4B96F164}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{1BF4656F-D98A-41BD-BD18-FABE8F71DFD8}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{23A49B18-45C1-4741-A468-45C7C7E56BF3}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{25B3178D-2E85-4387-AEF2-A79D94F44F02}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{25BCCC58-5ABC-4745-A39F-BA98D332BA09}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{28B46E79-73D7-4846-839A-B0CEA1D7E236}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{303C7DB9-2E2E-4491-B1F1-469A721281F6}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{35AC0497-FBA7-4AE3-BB96-192DF1D195A1}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{363E881A-182F-48E7-8817-30AB4502F621}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{442A8F2E-9BE3-4DEB-8EBD-D9B80DE4A47D}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{48E0D28E-CCCA-4A24-841B-DCED9476EFFA}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{4CC979C8-47EC-49F0-9740-C162EA0E3231}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{4D3728B9-91FC-4471-A3B9-B031A8ED43CF}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{519BC038-38B7-4C03-8101-9AA6B1D23A82}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{51AEF5AF-2DA0-4587-855D-667BD4365288}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{5207FA43-8E2A-4927-A4AE-C79BDD4B0FFF}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{522AB4BC-9387-4E69-BF08-0A5794D4ADBF}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{570A3DBE-341E-4BF5-B278-85FDAB9E240D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{5BFA71C2-57E1-48DA-842C-9C778033CAAC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5C6C4D02-3817-477E-9E12-9CD158AA5632}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{622F15C5-5DCD-4F87-BE68-E0A4901864F4}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{6F37D866-3329-4A66-999B-0D91846E3DDB}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{7102CC66-8863-4001-B621-856E726E182B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{76314237-6442-426F-A291-CE4EEEAB29C8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{7E8F1BC6-05B9-40C8-9FA0-B094229DE885}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{83B01DB3-2780-4459-91D6-E9CB3C26E063}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{88FC5D83-C314-47A4-B241-06B8D939527F}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{8B59E1A3-B9F3-485C-AC01-DE1D87BEC67F}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{9383A3B3-FD20-40DE-AC4B-CE81E863E820}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{9577915D-365D-491E-B2AA-6576AC8B5B42}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{9B826C39-F667-4AAE-893A-0D0B16E0B365}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9C27C98D-35F5-4FEA-8DB6-44BBC2E21F67}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{9D713703-4298-4268-8636-4489AAD4A5C9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A130306D-747D-43A9-AB17-6F49F4B4D6F0}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{A148E011-E1E0-4A7F-9871-7BFDBFDBAD67}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A9E1E86B-D8AE-43B1-B941-0CA38DFB1DCC}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{B50029C3-900A-44B6-8456-53564AED6993}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{B6BBF86A-769A-4227-833D-F8579F551CF0}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{B9CEF840-88DF-4313-B95E-357A78255E3D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{C36972B0-FD9C-47D6-9DD0-99F364576F36}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C4ABFF14-9B50-43EE-90DE-CBB47E24A839}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{C841AE21-7E47-4DF7-A03C-ED203F697D61}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{CA2E9D2B-696D-4AA4-AB45-3D05D3905123}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{CEEBC316-9AA7-4477-BF33-CD3A30698FFF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D15E0277-512D-4C73-82D5-A230EEDEFD22}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E3705042-EC90-4D85-9202-A78BDAAD17FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E3AE7590-F0BD-4D3C-9354-C4177D388BB4}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E7A8FD21-921B-4AAC-9E5A-4FF1ABFB2958}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{EBE61324-0731-4E59-A0C2-3217E61E4CFA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F1DC231A-8C54-4409-9D70-31F4B3481321}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F3263E89-7E66-4AB3-A29D-7D9E0662D4B3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{F377768D-B550-4D48-B88F-F87AACB1C3DA}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F544F0DE-8EB6-4298-9160-219D1AC987AE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F79D2B53-927C-45E9-967C-455270EAF3E9}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{FB04E5EB-01A7-4E46-B06A-FBEFA6B0EB54}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{FDE68C3E-9DDD-4062-AFB4-BF3CA3A0948A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"TCP Query User{22476230-3012-4986-B384-5E680412700F}C:\users\dennis minaev\desktop\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\dennis minaev\desktop\diablo-iii-8370-engb-installer-downloader.exe |
"TCP Query User{2D5028D9-2342-4D61-9CE3-18AD14161AB6}C:\program files\intervideo\dvd7\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd7\windvd.exe |
"TCP Query User{30A840CD-1479-4B0F-AB44-0C1C29118196}C:\program files\jeak.de\qip 2005\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip 2005\qip.exe |
"TCP Query User{3994B592-2F7A-470C-B75A-A901F0CDFBF8}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"TCP Query User{4D284082-BF06-490E-865F-2FE769BE7C90}C:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe |
"TCP Query User{55360CDE-BDDA-4C6C-A7B5-737D77D286F0}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{69654F2E-2A20-404A-BC15-94EA70523637}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{76CC46E0-9A57-4FCE-AF57-D9E563B4E769}C:\westwood\dune2000\dune2000.dat" = protocol=6 | dir=in | app=c:\westwood\dune2000\dune2000.dat |
"TCP Query User{8BE647AC-96CC-4207-B862-76AB5F10FD8E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{8C79A971-957B-4C91-B9B8-2475AB9EEBFC}C:\users\dennis minaev\desktop\games\dune 2000\dune2000.dat" = protocol=6 | dir=in | app=c:\users\dennis minaev\desktop\games\dune 2000\dune2000.dat |
"TCP Query User{A03B7640-B12C-4B95-A71D-AB015D8AA7BE}C:\program files\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"TCP Query User{B044A2CC-767A-4A32-9095-4BF43CFE81C8}C:\users\dennis minaev\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\dennis minaev\desktop\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{C4D15006-0E6C-4E64-B55F-A486562D01D5}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat |
"TCP Query User{CF0E166B-D6E0-4461-B4E9-7432BFDA9532}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{D6A7015A-8649-4166-A08E-899AD51DD54A}C:\users\dennis minaev\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\dennis minaev\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{E3C04A96-7EF4-46C5-A71D-A1AECFE12C3E}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{EF8CA088-3E47-4EEE-A73E-135F9DE3D94A}C:\westwood\dune2000\dune2000.dat" = protocol=6 | dir=in | app=c:\westwood\dune2000\dune2000.dat |
"UDP Query User{0F9BF778-1DB4-465B-B5F9-0B819A299137}C:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe |
"UDP Query User{16E35C49-A9BF-4705-B3B7-79814B4BD9D3}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
"UDP Query User{24F928F0-45B0-4384-A649-285B19E880C7}C:\users\dennis minaev\desktop\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\dennis minaev\desktop\diablo-iii-8370-engb-installer-downloader.exe |
"UDP Query User{2E9CD2F4-8BE2-475E-AFF1-9F7E42588218}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{331BF30D-AA74-45BE-956F-D9B5D68B0F9A}C:\westwood\dune2000\dune2000.dat" = protocol=17 | dir=in | app=c:\westwood\dune2000\dune2000.dat |
"UDP Query User{4D6C58CA-0A21-4690-855F-E8D2EB917862}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
"UDP Query User{4EBF02A1-74F7-46A3-A1BA-1BF68F887F4A}C:\users\dennis minaev\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\dennis minaev\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{637BBBE2-37D3-4869-9D45-CADFC9689345}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{8A036CF7-E5D0-477F-A3BF-F79191B6F6BA}C:\users\dennis minaev\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\dennis minaev\desktop\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{8A84CDD3-64C7-4C7C-A8B5-485B9854FAB9}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat |
"UDP Query User{9DEF97A6-3C93-47CB-8920-7AC0A2D42F7A}C:\westwood\dune2000\dune2000.dat" = protocol=17 | dir=in | app=c:\westwood\dune2000\dune2000.dat |
"UDP Query User{A00CBD1C-D5E7-4AF8-B727-3869469E612D}C:\users\dennis minaev\desktop\games\dune 2000\dune2000.dat" = protocol=17 | dir=in | app=c:\users\dennis minaev\desktop\games\dune 2000\dune2000.dat |
"UDP Query User{CD430F5D-2B93-4910-A9DB-10D393554E19}C:\program files\intervideo\dvd7\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd7\windvd.exe |
"UDP Query User{E38A29B6-CA58-411D-A690-55170A4381E5}C:\program files\jeak.de\qip 2005\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip 2005\qip.exe |
"UDP Query User{E72E0DA8-B125-40D1-A177-D0ED9D8EAC3C}C:\program files\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"UDP Query User{FD485BAC-250C-403F-987F-99528777ECAE}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{FE64D3EA-7A22-496A-8563-9985CD3E78F2}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C88C4A1-A9D7-4C28-8F06-4C2048765193}" = Magic The Gathering - Battlegrounds
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15F52B39-04CB-4EDB-9A8C-496C4A5588E2}" = Rayman 3
"{17B2670B-DB33-4F5E-9273-0E5CDF39DA5F}" = Windows Phone Intro Video (DEU)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23E49254-B48D-4422-93A1-5F26F02A0A69}_is1" = Vampires Dawn II: Ancient Blood
"{24ECFEDB-6CE0-48D0-8C34-EE4C5BC275BF}" = Die Völker Gold Edition
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79AE264A-7DEA-49AF-AFAF-7A2D8F706F51}" = Roxio WinOnCD LE 10
"{819B324F-62E8-4CBF-9E41-52CE31BF1F2C}" = MAGIX Speed burnR (MSI)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}" = Duke Nukem - Manhattan Project
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CBCA733-4D81-453D-95EB-28FD5C57430A}" = Pearl Harbor II
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}" = Hercules Webcam
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF55095E-07AA-432E-8376-CEF71D70746A}_is1" = Vampires Dawn: Reign of Blood
"{D208F4A7-6B73-4C2A-8B1E-8756FCBA831E}" = Hercules WebCam Station
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}" = resident evil 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ACDSee 32" = ACDSee 32
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires" = Microsoft Age of Empires
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"AltoMP3 Gold" = AltoMP3 Gold 5.20
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"Benutzerhandbuch ESDX5000_CX4900" = Benutzerhandbuch ESDX5000_CX4900
"C&C - Zero Hour - Full Uncut Patch Final v.2.5" = C&C - Zero Hour - Full Uncut Patch Final v.2.5
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CSCLIB" = Canon Camera Support Core Library
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Digital Camera" = Digital Camera
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Dune 2000" = Dune 2000
"DVD Shrink_is1" = DVD Shrink 3.1.7
"Emperor" = Emperor - Schlacht um Dune
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Final Uninstaller_is1" = Final Uninstaller
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.908
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Futaba VFD control program V2.4F" = Futaba VFD control program V2.4F
"Guard.Mail.ru" = Guard.ICQ
"Hamachi" = Hamachi 1.0.2.1
"HDCleaner" = HDCleaner
"ICQ Pro to Lite Converter" = ICQ Pro to Lite Converter
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"Little Fighter 2" = Little Fighter 2 version 2.0a
"Little Fighter 2 Toolbar" = Little Fighter 2 Toolbar
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX_MSI_Speed3_burnR_mxcdr_MSI" = MAGIX Speed burnR (MSI)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Neue deutsche Rechtschreibung für Microsoft Office 9x" = Neue deutsche Rechtschreibung für Microsoft Office 9x
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Nvidia Omega Drivers for Windows Vistav1.169.25" = Nvidia Omega Drivers v1.169.25 Setup Files and Tools
"Office8.0" = Microsoft Office 97, Professional Edition
"PhotoStitch" = Canon Utilities PhotoStitch
"QIP 2005_is1" = QIP 2005 8080
"QIP 8080 Jeak-Edition" = QIP 8080 Jeak-Edition
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"rayman2" = rayman2
"Recuva" = Recuva (remove only)
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SimCity 3000" = SimCity 3000
"StarCraft II" = StarCraft II
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"The KMPlayer" = The KMPlayer (remove only)
"Warcraft III" = Warcraft III
"WebPost" = Microsoft Web Publishing-Assistent 1.5
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"Zune" = Zune
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"FoxTab Music Converter" = FoxTab Music Converter
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.08.2012 06:29:59 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.08.2012 06:29:59 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.08.2012 06:29:59 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.08.2012 06:29:59 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.08.2012 06:29:59 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.08.2012 06:29:59 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.08.2012 06:29:59 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.08.2012 06:29:59 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.08.2012 06:29:59 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.08.2012 06:29:59 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.08.2012 06:29:59 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description =
 
[ System Events ]
Error - 09.08.2012 06:13:10 | Computer Name = Vista | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 09.08.2012 um 12:10:38 unerwartet heruntergefahren.
 
Error - 09.08.2012 06:15:24 | Computer Name = Vista | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 09.08.2012 um 12:13:10 unerwartet heruntergefahren.
 
Error - 09.08.2012 06:18:57 | Computer Name = Vista | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 09.08.2012 um 12:16:14 unerwartet heruntergefahren.
 
Error - 09.08.2012 06:22:29 | Computer Name = Vista | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 09.08.2012 06:24:35 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 09.08.2012 06:24:35 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 09.08.2012 06:24:35 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 09.08.2012 06:24:35 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 09.08.2012 06:24:35 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 09.08.2012 06:24:35 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
 
< End of report >
--- --- ---

OTL Logfile:
Code:
OTL logfile created on: 09.08.2012 17:30:08 - Run 4
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Dennis Minaev\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 39,39% Memory free
6,71 Gb Paging File | 4,60 Gb Available in Paging File | 68,62% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 274,22 Gb Free Space | 58,88% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 103,74 Gb Free Space | 22,27% Space Free | Partition Type: NTFS
 
Computer Name: VISTA | User Name: Dennis Minaev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dennis Minaev\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\SDDetect.exe ()
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Guard-ICQ\GuardICQ.exe ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\Microp.dll ()
MOD - C:\Windows\SDDetect.exe ()
MOD - C:\Windows\VFDAPI.dll ()
MOD - C:\Program Files\Hercules\WebCam Station\PhotoImpression\Share\PIHook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Guard.Mail.ru) -- C:\Program Files\Guard-ICQ\GuardICQ.exe ()
SRV - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (WMSvc) -- C:\Windows\System32\inetsrv\WMSvc.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Winsock - Google Desktop Search Backup Before Last Install) --  File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) --  File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (Afc) -- system32\drivers\Afc.sys File not found
DRV - (adxapie) -- C:\Users\DENNIS~1\AppData\Local\Temp\adxapie.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2342185
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,en-US;q=0.7,ru-RU;q=0.3
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 07 A9 EB 5B CB C9 01  [binary data]
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - No CLSID value found
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\URLSearchHook: {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - No CLSID value found
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=a4a83ccf0000000000000021859bf417
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{45DECCAF-2323-4BF6-8321-385D451B7EEF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3c36bbd4-09d7-4806-a745-e0819315489a&apn_sauid=F8782BD1-D409-4F9E-88A0-3220BBC754C1
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{4D73D675-CE43-442C-97C0-BA1D347556D1}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={A2FD61DD-E1BD-46D9-8EFA-09CBDCD8EDED}&mid=b3ae2bd99ba547d080d5d168c37f1de4-ee4dd4b2007062f46400c1ec3ab5bbd5f13a9e1f&lang=de&ds=cv011&pr=sa&d=2012-05-24 14:47:00&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2342185
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{C3CD744D-2FAE-4640-8297-16B5DA423104}: "URL" = hxxp://search.littlefighter2-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{F3A6C1D3-BB6E-4043-987F-9DC9759D05A0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7SUNC_de
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B8f0224c0-83ac-4c69-a6cf-7035c61131a7%7D&mid=b3ae2bd99ba547d080d5d168c37f1de4-ee4dd4b2007062f46400c1ec3ab5bbd5f13a9e1f&ds=cv011&v=11.1.0.7&lang=de&pr=sa&d=2012-05-24%2014%3A47%3A00&sap=ku&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.20 16:24:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.20 16:24:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 18:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 18:04:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 18:20:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Dennis Minaev\AppData\Roaming\13001.024 [2012.07.13 19:20:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 18:04:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 18:20:52 | 000,000,000 | ---D | M]
 
[2008.11.27 12:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Extensions
[2012.07.04 22:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions
[2011.03.03 19:24:53 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.03.03 19:24:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.28 17:29:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.05.26 14:30:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.07.27 18:05:38 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.11 19:39:43 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com
[2009.11.04 21:54:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\moveplayer@movenetworks.com
[2012.08.06 13:47:23 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\toolbar@ask.com
[2012.04.18 11:52:32 | 000,002,333 | ---- | M] () -- C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\searchplugins\askcom.xml
[2012.07.11 18:46:55 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\searchplugins\icqplugin-1.xml
[2012.01.27 20:27:40 | 000,001,056 | ---- | M] () -- C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\searchplugins\icqplugin.xml
[2012.05.27 20:03:33 | 000,003,915 | ---- | M] () -- C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\searchplugins\sweetim.xml
[2012.07.22 15:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.22 15:32:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.09 18:23:13 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2012.07.13 19:20:02 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\DENNIS MINAEV\APPDATA\ROAMING\13001.024
[2012.06.17 18:04:27 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.01 19:27:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.09 18:23:05 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.06 20:22:26 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.10.01 19:27:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.01 19:27:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 19:27:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 19:27:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 19:27:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.10.09 12:27:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Little Fighter 2 Toolbar Helper) - {AE90C38C-97CF-4696-B290-C7973DC9675E} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.2\Little_Fighter_2_Toolbar.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Little Fighter 2 Toolbar) - {C3CD744D-2FAE-4640-8297-16B5DA423104} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.2\Little_Fighter_2_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\Toolbar\WebBrowser: (no name) - {B12785F5-D8D0-4530-A3EA-5C4263B85BEF} - No CLSID value found.
O3 - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VFD_DISPLAY] C:\Windows\SDDetect.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2883731651-2019705986-642209600-1000..\Run: [EPSON Stylus DX5000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Dennis Minaev\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis Minaev\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A8D7BE2-C34D-40AD-81C4-0D67D9C8DAE6}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) -  File not found
O24 - Desktop WallPaper: C:\Users\Dennis Minaev\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dennis Minaev\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.09 13:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.09 13:51:04 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.09 13:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.09 13:50:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis Minaev\Desktop\OTL.exe
[2012.08.09 12:19:37 | 000,000,000 | ---D | C] -- C:\Users\Dennis Minaev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012.08.06 13:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.30 22:31:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis Minaev\AppData\Local\AskToolbar
[2012.07.27 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\Dennis Minaev\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.27 18:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.07.27 18:05:35 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.07.23 18:21:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012.07.22 15:32:49 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.07.22 15:32:49 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.07.22 15:32:49 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.07.22 15:32:49 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.07.22 15:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.07.17 18:58:26 | 000,000,000 | ---D | C] -- C:\Users\Dennis Minaev\Desktop\ASP
[2012.07.13 19:20:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis Minaev\AppData\Roaming\13001.024
[2012.07.13 19:04:27 | 000,000,000 | ---D | C] -- C:\Users\Dennis Minaev\AppData\Roaming\xmldm
[2012.07.13 19:04:26 | 000,000,000 | ---D | C] -- C:\Users\Dennis Minaev\AppData\Roaming\kock
[2012.07.11 22:46:23 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 22:43:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.11 22:43:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.11 22:43:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.11 22:43:39 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.11 22:43:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.11 22:43:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.11 22:43:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 18:50:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dennis Minaev\AppData\Roaming\*.tmp files -> C:\Users\Dennis Minaev\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.09 17:43:39 | 008,150,682 | ---- | M] () -- C:\Users\Dennis Minaev\Desktop\Man and machine.mp3
[2012.08.09 17:25:58 | 000,054,911 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.09 17:25:57 | 000,054,911 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.09 16:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.09 16:18:58 | 000,005,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.09 16:18:58 | 000,005,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.09 13:51:05 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.09 13:50:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis Minaev\Desktop\OTL.exe
[2012.08.09 12:18:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.09 12:18:49 | 240,180,547 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.07 17:39:54 | 000,729,960 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.07 17:39:54 | 000,678,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.07 17:39:54 | 000,163,696 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.07 17:39:54 | 000,134,226 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.05 23:12:45 | 000,033,505 | -H-- | M] () -- C:\Users\Dennis Minaev\Desktop\ZbThumbnail.info
[2012.08.05 16:59:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.05 16:59:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.27 18:05:36 | 000,001,157 | ---- | M] () -- C:\Users\Dennis Minaev\Desktop\YouTube Converter.lnk
[2012.07.22 15:32:35 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.07.22 15:32:35 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.07.22 15:32:35 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.07.22 15:32:35 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.07.22 15:32:35 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.07.13 22:38:52 | 000,000,051 | ---- | M] () -- C:\Users\Dennis Minaev\AppData\Roaming\blckdom.res
[2012.07.12 18:26:43 | 000,537,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dennis Minaev\AppData\Roaming\*.tmp files -> C:\Users\Dennis Minaev\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.09 13:51:05 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.09 12:18:49 | 240,180,547 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.27 18:05:36 | 000,001,157 | ---- | C] () -- C:\Users\Dennis Minaev\Desktop\YouTube Converter.lnk
[2012.07.23 18:20:52 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.07.13 19:19:42 | 000,000,051 | ---- | C] () -- C:\Users\Dennis Minaev\AppData\Roaming\blckdom.res
[2012.06.05 17:29:30 | 000,000,216 | ---- | C] () -- C:\Windows\Ulead32.ini
[2012.05.05 12:54:20 | 000,537,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.09 17:58:01 | 000,054,911 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.02.09 17:57:58 | 000,054,911 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.02.09 17:50:26 | 000,472,576 | ---- | C] () -- C:\Windows\Nvidia Omega Drivers v1.169.25 Uninstall.exe
[2012.02.06 20:22:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.01.23 18:39:17 | 000,000,647 | ---- | C] () -- C:\Windows\SC2K4WIN.INI
[2012.01.01 17:19:37 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.09.26 22:30:52 | 000,000,097 | ---- | C] () -- C:\Windows\System32\WININIT.INI
[2011.09.26 22:30:51 | 000,000,000 | ---- | C] () -- C:\Windows\7thlevel.ini
[2010.11.22 21:58:25 | 000,036,352 | ---- | C] () -- C:\Windows\System32\sxgunins.dll
[2010.11.22 21:58:22 | 000,028,672 | ---- | C] () -- C:\Windows\Oiduts.dll
[2010.11.22 21:58:22 | 000,000,227 | ---- | C] () -- C:\Windows\sxg07.ini
[2010.01.06 22:12:07 | 000,000,101 | ---- | C] () -- C:\Users\Dennis Minaev\AppData\Local\fusioncache.dat
[2008.11.28 14:53:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.11.20 22:00:19 | 000,024,227 | ---- | C] () -- C:\Users\Dennis Minaev\AppData\Roaming\UserTile.png
[2008.11.19 00:28:15 | 000,236,032 | ---- | C] () -- C:\Users\Dennis Minaev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.19 00:19:23 | 000,001,356 | ---- | C] () -- C:\Users\Dennis Minaev\AppData\Local\d3d9caps.dat

< End of report >
--- --- ---

t'john 10.08.2012 13:32
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (Guard.Mail.ru) -- C:\Program Files\Guard-ICQ\GuardICQ.exe ()
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (Afc) -- system32\drivers\Afc.sys File not found
DRV - (adxapie) -- C:\Users\DENNIS~1\AppData\Local\Temp\adxapie.sys File not found
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2342185
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - No CLSID value found
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\URLSearchHook: {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - No CLSID value found
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=a4a83ccf0000000000000021859bf417
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{45DECCAF-2323-4BF6-8321-385D451B7EEF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3c36bbd4-09d7-4806-a745-e0819315489a&apn_sauid=F8782BD1-D409-4F9E-88A0-3220BBC754C1
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{4D73D675-CE43-442C-97C0-BA1D347556D1}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={A2FD61DD-E1BD-46D9-8EFA-09CBDCD8EDED}&mid=b3ae2bd99ba547d080d5d168c37f1de4-ee4dd4b2007062f46400c1ec3ab5bbd5f13a9e1f&lang=de&ds=cv011&pr=sa&d=2012-05-24 14:47:00&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = http://search.kikin.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2342185
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{C3CD744D-2FAE-4640-8297-16B5DA423104}: "URL" = http://search.littlefighter2-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\SearchScopes\{F3A6C1D3-BB6E-4043-987F-9DC9759D05A0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7SUNC_de
IE - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B8f0224c0-83ac-4c69-a6cf-7035c61131a7%7D&mid=b3ae2bd99ba547d080d5d168c37f1de4-ee4dd4b2007062f46400c1ec3ab5bbd5f13a9e1f&ds=cv011&v=11.1.0.7&lang=de&pr=sa&d=2012-05-24%2014%3A47%3A00&sap=ku&q="
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 18:23:13 | 000,000,000 | ---D | M]
[2012.07.09 18:23:13 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\Toolbar\WebBrowser: (no name) - {B12785F5-D8D0-4530-A3EA-5C4263B85BEF} - No CLSID value found.
O3 - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [VFD_DISPLAY] C:\Windows\SDDetect.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Dennis Minaev\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]


[2011.11.11 19:39:43 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com

[2012.07.13 19:04:27 | 000,000,000 | ---D | C] -- C:\Users\Dennis Minaev\AppData\Roaming\xmldm
[2012.07.13 19:04:26 | 000,000,000 | ---D | C] -- C:\Users\Dennis Minaev\AppData\Roaming\kock
[2012.08.09 16:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.13 22:38:52 | 000,000,051 | ---- | M] () -- C:\Users\Dennis Minaev\AppData\Roaming\blckdom.res
[2012.07.13 19:20:02 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\DENNIS MINAEV\APPDATA\Roaming\13001.024
[2012.07.13 19:20:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis Minaev\AppData\Roaming\13001.024
:Files
C:\Users\Dennis Minaev\AppData\Roaming\13*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Raccoon 10.08.2012 16:38
Ok. (leider ausversehen den logfile doppelt gepostet...)



All processes killed
========== OTL ==========
Service vToolbarUpdater11.2.0 stopped successfully!
Service vToolbarUpdater11.2.0 deleted successfully!
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe moved successfully.
Service Guard.Mail.ru stopped successfully!
Service Guard.Mail.ru deleted successfully!
C:\Program Files\Guard-ICQ\GuardICQ.exe moved successfully.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys File not found not found.
Service Afc stopped successfully!
Service Afc deleted successfully!
File system32\drivers\Afc.sys File not found not found.
Service adxapie stopped successfully!
Service adxapie deleted successfully!
File C:\Users\DENNIS~1\AppData\Local\Temp\adxapie.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b12785f5-d8d0-4530-a3ea-5c4263b85bef} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b12785f5-d8d0-4530-a3ea-5c4263b85bef}\ not found.
HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{45DECCAF-2323-4BF6-8321-385D451B7EEF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45DECCAF-2323-4BF6-8321-385D451B7EEF}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4D73D675-CE43-442C-97C0-BA1D347556D1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D73D675-CE43-442C-97C0-BA1D347556D1}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C3CD744D-2FAE-4640-8297-16B5DA423104}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3CD744D-2FAE-4640-8297-16B5DA423104}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F3A6C1D3-BB6E-4043-987F-9DC9759D05A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3A6C1D3-BB6E-4043-987F-9DC9759D05A0}\ not found.
HKU\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Hotspot Shield Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "google.de" removed from browser.startup.homepage
Prefs.js: foxmarks@kei.com:3.9.5 removed from extensions.enabledItems
Prefs.js: moveplayer@movenetworks.com:1.0.0.071303000004 removed from extensions.enabledItems
Prefs.js: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 removed from extensions.enabledItems
Prefs.js: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1 removed from extensions.enabledItems
Prefs.js: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:3.3.2.1 removed from extensions.enabledItems
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 removed from extensions.enabledItems
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 removed from extensions.enabledItems
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.2.1 removed from extensions.enabledItems
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 removed from extensions.enabledItems
Prefs.js: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2 removed from extensions.enabledItems
Prefs.js: web@veoh.com:1.4 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 removed from extensions.enabledItems
Prefs.js: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.2.1 removed from extensions.enabledItems
Prefs.js: "hxxp://isearch.avg.com/search?cid=%7B8f0224c0-83ac-4c69-a6cf-7035c61131a7%7D&mid=b3ae2bd99ba547d080d5d168c37f1de4-ee4dd4b2007062f46400c1ec3ab5bbd5f13a9e1f&ds=cv011&v=11.1.0.7&lang=de&pr=sa&d=2012-05-24%2014%3A47%3A00&sap=ku&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ not found.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\modules\skin folder moved successfully.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\modules folder moved successfully.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\locale\en-US folder moved successfully.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\locale folder moved successfully.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\components folder moved successfully.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\chrome folder moved successfully.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B12785F5-D8D0-4530-A3EA-5C4263B85BEF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B12785F5-D8D0-4530-A3EA-5C4263B85BEF}\ not found.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Guard.Mail.ru.gui deleted successfully.
File C:\Program Files\Guard-ICQ\GuardICQ.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
C:\Windows\System32\NeroCheck.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VFD_DISPLAY deleted successfully.
C:\Windows\SDDetect.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Program Files\AVG Secure Search\vprot.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\kock folder moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\blckdom.res moved successfully.
C:\USERS\DENNIS MINAEV\APPDATA\Roaming\13001.024\components folder moved successfully.
C:\USERS\DENNIS MINAEV\APPDATA\Roaming\13001.024 folder moved successfully.
Folder C:\Users\Dennis Minaev\AppData\Roaming\13001.024\ not found.
========== FILES ==========
File\Folder C:\Users\Dennis Minaev\AppData\Roaming\13* not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Dennis Minaev\Desktop\cmd.bat deleted successfully.
C:\Users\Dennis Minaev\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dennis Minaev
->Temp folder emptied: 1930132 bytes
->Temporary Internet Files folder emptied: 754566 bytes
->Java cache emptied: 560660 bytes
->FireFox cache emptied: 97422734 bytes
->Flash cache emptied: 3812 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1867612 bytes
RecycleBin emptied: 10694104 bytes

Total Files Cleaned = 108,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Dennis Minaev
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08102012_173028

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Code:
All processes killed
========== OTL ==========
Service vToolbarUpdater11.2.0 stopped successfully!
Service vToolbarUpdater11.2.0 deleted successfully!
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe moved successfully.
Service Guard.Mail.ru stopped successfully!
Service Guard.Mail.ru deleted successfully!
C:\Program Files\Guard-ICQ\GuardICQ.exe moved successfully.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File  system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File  system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File  system32\DRIVERS\ipinip.sys File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File  C:\ComboFix\catchme.sys File not found not found.
Service Afc stopped successfully!
Service Afc deleted successfully!
File  system32\drivers\Afc.sys File not found not found.
Service adxapie stopped successfully!
Service adxapie deleted successfully!
File  C:\Users\DENNIS~1\AppData\Local\Temp\adxapie.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b12785f5-d8d0-4530-a3ea-5c4263b85bef} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b12785f5-d8d0-4530-a3ea-5c4263b85bef}\ not found.
HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{45DECCAF-2323-4BF6-8321-385D451B7EEF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45DECCAF-2323-4BF6-8321-385D451B7EEF}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4D73D675-CE43-442C-97C0-BA1D347556D1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D73D675-CE43-442C-97C0-BA1D347556D1}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C3CD744D-2FAE-4640-8297-16B5DA423104}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3CD744D-2FAE-4640-8297-16B5DA423104}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
Registry key HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F3A6C1D3-BB6E-4043-987F-9DC9759D05A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3A6C1D3-BB6E-4043-987F-9DC9759D05A0}\ not found.
HKU\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Hotspot Shield Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "google.de" removed from browser.startup.homepage
Prefs.js: foxmarks@kei.com:3.9.5 removed from extensions.enabledItems
Prefs.js: moveplayer@movenetworks.com:1.0.0.071303000004 removed from extensions.enabledItems
Prefs.js: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 removed from extensions.enabledItems
Prefs.js: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1 removed from extensions.enabledItems
Prefs.js: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:3.3.2.1 removed from extensions.enabledItems
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 removed from extensions.enabledItems
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 removed from extensions.enabledItems
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.2.1 removed from extensions.enabledItems
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 removed from extensions.enabledItems
Prefs.js: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2 removed from extensions.enabledItems
Prefs.js: web@veoh.com:1.4 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 removed from extensions.enabledItems
Prefs.js: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.2.1 removed from extensions.enabledItems
Prefs.js: "hxxp://isearch.avg.com/search?cid=%7B8f0224c0-83ac-4c69-a6cf-7035c61131a7%7D&mid=b3ae2bd99ba547d080d5d168c37f1de4-ee4dd4b2007062f46400c1ec3ab5bbd5f13a9e1f&ds=cv011&v=11.1.0.7&lang=de&pr=sa&d=2012-05-24%2014%3A47%3A00&sap=ku&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ not found.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\modules\skin folder moved successfully.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\modules folder moved successfully.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\locale\en-US folder moved successfully.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\locale folder moved successfully.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\components folder moved successfully.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12\chrome folder moved successfully.
C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B12785F5-D8D0-4530-A3EA-5C4263B85BEF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B12785F5-D8D0-4530-A3EA-5C4263B85BEF}\ not found.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Guard.Mail.ru.gui deleted successfully.
File C:\Program Files\Guard-ICQ\GuardICQ.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
C:\Windows\System32\NeroCheck.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VFD_DISPLAY deleted successfully.
C:\Windows\SDDetect.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Program Files\AVG Secure Search\vprot.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2883731651-2019705986-642209600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\kock folder moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Users\Dennis Minaev\AppData\Roaming\blckdom.res moved successfully.
C:\USERS\DENNIS MINAEV\APPDATA\Roaming\13001.024\components folder moved successfully.
C:\USERS\DENNIS MINAEV\APPDATA\Roaming\13001.024 folder moved successfully.
Folder C:\Users\Dennis Minaev\AppData\Roaming\13001.024\ not found.
========== FILES ==========
File\Folder C:\Users\Dennis Minaev\AppData\Roaming\13* not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Dennis Minaev\Desktop\cmd.bat deleted successfully.
C:\Users\Dennis Minaev\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Dennis Minaev
->Temp folder emptied: 1930132 bytes
->Temporary Internet Files folder emptied: 754566 bytes
->Java cache emptied: 560660 bytes
->FireFox cache emptied: 97422734 bytes
->Flash cache emptied: 3812 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1867612 bytes
RecycleBin emptied: 10694104 bytes
 
Total Files Cleaned = 108,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Dennis Minaev
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.56.0 log created on 08102012_173028

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john 10.08.2012 18:26
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Raccoon 11.08.2012 11:47
Also noch wage ich nicht zu urteilen, aber so gefühlstechnisch hängt sich der PC jetzt seltener auf :) Aber er tuts leider immer noch.

Einmal Malware:

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.11.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dennis Minaev :: VISTA [Administrator]

Schutz: Aktiviert

11.08.2012 09:28:29
mbam-log-2012-08-11 (09-28-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 532736
Laufzeit: 3 Stunde(n), 4 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Dennis Minaev\Documents\Downloads\sim_city_2000_installer.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und AdwCleaner:

Code:
# AdwCleaner v1.800 - Logfile created 08/11/2012 at 12:42:22
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Dennis Minaev - VISTA
# Running from : C:\Users\Dennis Minaev\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Dennis Minaev\AppData\Local\AskToolbar
Folder Found : C:\Users\Dennis Minaev\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Dennis Minaev\AppData\Local\Babylon
Folder Found : C:\Users\Dennis Minaev\AppData\Local\Conduit
Folder Found : C:\Users\Dennis Minaev\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Dennis Minaev\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Dennis Minaev\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Dennis Minaev\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Dennis Minaev\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dennis Minaev\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Dennis Minaev\AppData\Roaming\Babylon
Folder Found : C:\Users\Dennis Minaev\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\Conduit
Folder Found : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\ConduitEngine
Folder Found : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\CT2269050
Folder Found : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\Smartbar
Folder Found : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\WinampToolbarData
Folder Found : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Folder Found : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\toolbar@ask.com
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\searchplugins\Askcom.xml
File Found : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\searchplugins\SweetIm.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKLM\SOFTWARE\Wise Solutions
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB9EE8E8-D146-4BDD-B05D-CA0C77FF31E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.qip.ru

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\prefs.js

Found : user_pref("CT1561552..clientLogIsEnabled", true);
Found : user_pref("CT1561552..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1561552..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1561552.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1561552.CT1561552", "CT1561552");
Found : user_pref("CT1561552.Chat.Meebo.ServerLastCheckTime", "Wed Mar 23 2011 17:42:52 GMT+0100");
Found : user_pref("CT1561552.Chat.Meebo.ServerLastResponseTime", "Wed Mar 23 2011 17:42:52 GMT+0100");
Found : user_pref("CT1561552.Chat.Meebo.rooms.2030dff2c5edb1", 5);
Found : user_pref("CT1561552.Chat.Meebo.rooms.30plusa87dca4f", 7);
Found : user_pref("CT1561552.Chat.Meebo.rooms.entertainmentc0ed09fb", 3);
Found : user_pref("CT1561552.Chat.Meebo.rooms.health3693b665", 1);
Found : user_pref("CT1561552.Chat.Meebo.rooms.hotspotshieldcommunitychat381c94b5", 17);
Found : user_pref("CT1561552.Chat.Meebo.rooms.musicj375cf270", 15);
Found : user_pref("CT1561552.Chat.Meebo.rooms.newsxu117b840d", 16);
Found : user_pref("CT1561552.Chat.Meebo.rooms.recreationab17d1f9", 3);
Found : user_pref("CT1561552.Chat.Meebo.rooms.spirituality39155c53", 1);
Found : user_pref("CT1561552.Chat.Meebo.rooms.sports522528d3", 0);
Found : user_pref("CT1561552.Chat.Meebo.rooms.technology8bb9fd5b", 0);
Found : user_pref("CT1561552.Chat.Meebo.rooms.teenagers833b8249", 1);
Found : user_pref("CT1561552.Chat.Meebo.rooms.travel8c2e48db", 0);
Found : user_pref("CT1561552.Chat.Meebo.rooms.videogames2fe066e0", 1);
Found : user_pref("CT1561552.Chat.ServerLastCheckTime", "Wed Mar 23 2011 17:42:51 GMT+0100");
Found : user_pref("CT1561552.CurrentServerDate", "23-3-2011");
Found : user_pref("CT1561552.DialogsAlignMode", "LTR");
Found : user_pref("CT1561552.DialogsGetterLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Found : user_pref("CT1561552.DownloadReferralCookieData", "");
Found : user_pref("CT1561552.EMailNotifierPollDate", "Wed Mar 23 2011 17:42:57 GMT+0100");
Found : user_pref("CT1561552.FirstServerDate", "23-3-2011");
Found : user_pref("CT1561552.FirstTime", true);
Found : user_pref("CT1561552.FirstTimeFF3", true);
Found : user_pref("CT1561552.FixPageNotFoundErrors", true);
Found : user_pref("CT1561552.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1561552.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1561552.HasUserGlobalKeys", true);
Found : user_pref("CT1561552.Initialize", true);
Found : user_pref("CT1561552.InitializeCommonPrefs", true);
Found : user_pref("CT1561552.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT1561552.InstalledDate", "Wed Mar 23 2011 17:42:52 GMT+0100");
Found : user_pref("CT1561552.InvalidateCache", false);
Found : user_pref("CT1561552.IsGrouping", false);
Found : user_pref("CT1561552.IsMulticommunity", false);
Found : user_pref("CT1561552.IsOpenThankYouPage", true);
Found : user_pref("CT1561552.IsOpenUninstallPage", true);
Found : user_pref("CT1561552.LanguagePackLastCheckTime", "Wed Mar 23 2011 17:42:52 GMT+0100");
Found : user_pref("CT1561552.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1561552.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1561552.LastLogin_3.3.3.2", "Wed Mar 23 2011 17:42:50 GMT+0100");
Found : user_pref("CT1561552.LatestVersion", "3.2.5.2");
Found : user_pref("CT1561552.Locale", "en-us");
Found : user_pref("CT1561552.MCDetectTooltipHeight", "83");
Found : user_pref("CT1561552.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT1561552.MCDetectTooltipWidth", "295");
Found : user_pref("CT1561552.RadioIsPodcast", false);
Found : user_pref("CT1561552.RadioLastCheckTime", "Wed Mar 23 2011 17:42:52 GMT+0100");
Found : user_pref("CT1561552.RadioLastUpdateIPServer", "3");
Found : user_pref("CT1561552.RadioLastUpdateServer", "129100288951200000");
Found : user_pref("CT1561552.RadioMediaID", "13448970");
Found : user_pref("CT1561552.RadioMediaType", "Media Player");
Found : user_pref("CT1561552.RadioMenuSelectedID", "EBRadioMenu_CT156155213448970");
Found : user_pref("CT1561552.RadioStationName", "Danceradio");
Found : user_pref("CT1561552.RadioStationURL", "hxxp://101danceradio.com/wmx/classicrockjukebox64k.wmx");
Found : user_pref("CT1561552.SavedHomepage", "google.de");
Found : user_pref("CT1561552.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1561552.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT156[...]
Found : user_pref("CT1561552.SearchInNewTabEnabled", true);
Found : user_pref("CT1561552.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1561552.SearchInNewTabLastCheckTime", "Wed Mar 23 2011 17:42:51 GMT+0100");
Found : user_pref("CT1561552.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1561552.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT1561552.ServiceMapLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Found : user_pref("CT1561552.SettingsLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Found : user_pref("CT1561552.SettingsLastUpdate", "1299113779");
Found : user_pref("CT1561552.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1561552.ThirdPartyComponentsLastCheck", "Wed Mar 23 2011 17:42:50 GMT+0100");
Found : user_pref("CT1561552.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT1561552.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1561552");
Found : user_pref("CT1561552.UserID", "UN49215637553842766");
Found : user_pref("CT1561552.WeatherNetwork", "");
Found : user_pref("CT1561552.WeatherPollDate", "Wed Mar 23 2011 17:42:58 GMT+0100");
Found : user_pref("CT1561552.WeatherUnit", "F");
Found : user_pref("CT1561552.alertChannelId", "15257");
Found : user_pref("CT1561552.approveUntrustedApps", true);
Found : user_pref("CT1561552.backendstorage._fb_dailyactivity", "31333030383938353732393736");
Found : user_pref("CT1561552.backendstorage._fb_lifetimesent", "54525545");
Found : user_pref("CT1561552.backendstorage.facebook_ctid_connect_send", "73656E646564");
Found : user_pref("CT1561552.components.1000034", true);
Found : user_pref("CT1561552.components.1000234", true);
Found : user_pref("CT1561552.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Found : user_pref("CT1561552.globalFirstTimeInfoLastCheckTime", "Wed Mar 23 2011 21:42:50 GMT+0100");
Found : user_pref("CT1561552.isAppTrackingManagerOn", true);
Found : user_pref("CT1561552.myStuffEnabled", true);
Found : user_pref("CT1561552.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1561552.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1561552.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1561552.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1561552.testingCtid", "");
Found : user_pref("CT1561552.toolbarAppMetaDataLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Found : user_pref("CT1561552.toolbarContextMenuLastCheckTime", "Wed Mar 23 2011 17:42:52 GMT+0100");
Found : user_pref("CT1561552.usagesFlag", 1);
Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "19-9-2010");
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Sun Sep 19 2010 21:51:52 GMT+0200");
Found : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2269050.FirstServerDate", "19-9-2010");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FirstTimeSettingsDone", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Found : user_pref("CT2269050.InstalledDate", "Sun Sep 19 2010 21:51:52 GMT+0200");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Sun Sep 19 2010 21:51:55 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_2.7.0.14", "Sun Sep 19 2010 21:51:54 GMT+0200");
Found : user_pref("CT2269050.LatestVersion", "2.7.2.0");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.LoginCache", 4);
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Sun Sep 19 2010 21:51:54 GMT+0200");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SavedHomepage", "google.de");
Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Sep 19 2010 21:51:54 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2269050.SettingsLastCheckTime", "Sun Sep 19 2010 21:51:50 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1284635599");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Sep 19 2010 21:51:50 GMT+0200");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2269050.UserID", "UN46398294904368864");
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Sun Sep 19 2010 21:51:54 GMT+0200");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.autoDisableScopes", -1);
Found : user_pref("CT2269050.clientLogIsEnabled", false);
Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2269050.defaultSearch", "FALSE");
Found : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT2269050.firstTimeDialogOpened", true);
Found : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT2269050.fixUrls", true);
Found : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2269050.isNewTabEnabled", true);
Found : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Found : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.google.de%2F[...]
Found : user_pref("CT2269050.openThankYouPage", "FALSE");
Found : user_pref("CT2269050.openUninstallPage", "FALSE");
Found : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT2269050.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344670008273");
Found : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1344635120436");
Found : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1344679411558");
Found : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1344670008254");
Found : user_pref("CT2269050.settingsINI", true);
Found : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
Found : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Found : user_pref("CT2269050.smartbar.Uninstall", "0");
Found : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Found : user_pref("CT2269050.startPage", "userChanged");
Found : user_pref("CT2269050.toolbarBornServerTime", "19-9-2010");
Found : user_pref("CT2269050.toolbarCurrentServerTime", "11-8-2012");
Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2405280.CTID", "CT2405280");
Found : user_pref("CT2405280.CurrentServerDate", "29-3-2010");
Found : user_pref("CT2405280.DialogsAlignMode", "LTR");
Found : user_pref("CT2405280.EMailNotifierPollDate", "Mon Mar 29 2010 22:46:02 GMT+0200");
Found : user_pref("CT2405280.FeedLastCount1783261708582779529", 443);
Found : user_pref("CT2405280.FeedPollDate1783261706866434151", "Mon Mar 29 2010 22:46:02 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261707012811589", "Mon Mar 29 2010 22:46:02 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261707384123612", "Mon Mar 29 2010 22:46:02 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261707412150447", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261707418280754", "Mon Mar 29 2010 22:46:00 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261707599928299", "Mon Mar 29 2010 22:46:04 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261707617263572", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261707752362117", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261707795264368", "Mon Mar 29 2010 22:46:00 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261707808925892", "Mon Mar 29 2010 22:46:01 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261707869626670", "Mon Mar 29 2010 22:46:00 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261707927596866", "Mon Mar 29 2010 22:46:02 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261707979233386", "Mon Mar 29 2010 22:46:02 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708034493544", "Mon Mar 29 2010 22:46:02 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708039069553", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708204445100", "Mon Mar 29 2010 22:46:00 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708227524777", "Mon Mar 29 2010 22:46:04 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708292165278", "Mon Mar 29 2010 22:46:04 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708353935180", "Mon Mar 29 2010 22:46:04 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708439778168", "Mon Mar 29 2010 22:46:00 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708441073195", "Mon Mar 29 2010 22:46:01 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708501569511", "Mon Mar 29 2010 22:46:04 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708831214041", "Mon Mar 29 2010 22:46:04 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708861663992", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708872995288", "Mon Mar 29 2010 22:46:04 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708956613188", "Mon Mar 29 2010 22:46:01 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261708999019736", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261709029944985", "Mon Mar 29 2010 22:46:05 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261709040316547", "Mon Mar 29 2010 22:46:01 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261709118321128", "Mon Mar 29 2010 22:46:05 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261709147189875", "Mon Mar 29 2010 22:46:01 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261709273103006", "Mon Mar 29 2010 22:46:04 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261709334228118", "Mon Mar 29 2010 22:46:04 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261709396042055", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261709489005996", "Mon Mar 29 2010 22:46:01 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261709505836033", "Mon Mar 29 2010 22:46:02 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261709733509620", "Mon Mar 29 2010 22:46:04 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261709917159621", "Mon Mar 29 2010 22:46:02 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261709924030613", "Mon Mar 29 2010 22:46:00 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261709992975824", "Mon Mar 29 2010 22:46:00 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261710020959596", "Mon Mar 29 2010 22:46:02 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261710022683544", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261710146768558", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261710237979418", "Mon Mar 29 2010 22:46:00 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261710281192798", "Mon Mar 29 2010 22:46:01 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261710293301155", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261710367954069", "Mon Mar 29 2010 22:46:00 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261710537116573", "Mon Mar 29 2010 22:46:01 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261710539360442", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261710710752156", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261710876567422", "Mon Mar 29 2010 22:46:02 GMT+0200");
Found : user_pref("CT2405280.FeedPollDate1783261710898547036", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.FeedTTL1783261707418280754", 60);
Found : user_pref("CT2405280.FeedTTL1783261707927596866", 30);
Found : user_pref("CT2405280.FeedTTL1783261707979233386", 5);
Found : user_pref("CT2405280.FeedTTL1783261708439778168", 15);
Found : user_pref("CT2405280.FeedTTL1783261708441073195", 15);
Found : user_pref("CT2405280.FeedTTL1783261709040316547", 1);
Found : user_pref("CT2405280.FeedTTL1783261709147189875", 60);
Found : user_pref("CT2405280.FeedTTL1783261709505836033", 5);
Found : user_pref("CT2405280.FeedTTL1783261709917159621", 5);
Found : user_pref("CT2405280.FeedTTL1783261710281192798", 2);
Found : user_pref("CT2405280.FeedTTL1783261710537116573", 15);
Found : user_pref("CT2405280.FirstServerDate", "29-3-2010");
Found : user_pref("CT2405280.FirstTime", true);
Found : user_pref("CT2405280.FirstTimeFF3", true);
Found : user_pref("CT2405280.FixPageNotFoundErrors", true);
Found : user_pref("CT2405280.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2405280.Initialize", true);
Found : user_pref("CT2405280.InitializeCommonPrefs", true);
Found : user_pref("CT2405280.InstalledDate", "Mon Mar 29 2010 22:45:59 GMT+0200");
Found : user_pref("CT2405280.InvalidateCache", false);
Found : user_pref("CT2405280.IsGrouping", false);
Found : user_pref("CT2405280.IsMulticommunity", false);
Found : user_pref("CT2405280.IsOpenThankYouPage", false);
Found : user_pref("CT2405280.IsOpenUninstallPage", true);
Found : user_pref("CT2405280.LanguagePackLastCheckTime", "Mon Mar 29 2010 22:46:01 GMT+0200");
Found : user_pref("CT2405280.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2405280.LastLogin_2.5.8.6", "Mon Mar 29 2010 22:46:00 GMT+0200");
Found : user_pref("CT2405280.LatestVersion", "2.1.0.18");
Found : user_pref("CT2405280.Locale", "en-us");
Found : user_pref("CT2405280.LoginCache", 4);
Found : user_pref("CT2405280.MCDetectTooltipHeight", "83");
Found : user_pref("CT2405280.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2405280.MCDetectTooltipWidth", "295");
Found : user_pref("CT2405280.RadioIsPodcast", false);
Found : user_pref("CT2405280.RadioLastCheckTime", "Mon Mar 29 2010 22:46:00 GMT+0200");
Found : user_pref("CT2405280.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2405280.RadioLastUpdateServer", "3");
Found : user_pref("CT2405280.RadioMediaID", "9962");
Found : user_pref("CT2405280.RadioMediaType", "Media Player");
Found : user_pref("CT2405280.RadioMenuSelectedID", "EBRadioMenu_CT24052809962");
Found : user_pref("CT2405280.RadioStationName", "California%20Rock");
Found : user_pref("CT2405280.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT2405280.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2405280.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2405280.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240[...]
Found : user_pref("CT2405280.SearchInNewTabEnabled", true);
Found : user_pref("CT2405280.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2405280.SearchInNewTabLastCheckTime", "Mon Mar 29 2010 22:46:00 GMT+0200");
Found : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2405280.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2405280.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2405280.SettingsLastCheckTime", "Mon Mar 29 2010 22:45:57 GMT+0200");
Found : user_pref("CT2405280.SettingsLastUpdate", "1268306629");
Found : user_pref("CT2405280.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2405280.ThirdPartyComponentsLastCheck", "Mon Mar 29 2010 22:45:57 GMT+0200");
Found : user_pref("CT2405280.ThirdPartyComponentsLastUpdate", "1268306629");
Found : user_pref("CT2405280.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2405280.UserID", "UN46313421364816243");
Found : user_pref("CT2405280.WeatherNetwork", "");
Found : user_pref("CT2405280.WeatherPollDate", "Mon Mar 29 2010 22:46:03 GMT+0200");
Found : user_pref("CT2405280.WeatherUnit", "C");
Found : user_pref("CT2405280.alertChannelId", "799768");
Found : user_pref("CT2405280.clientLogIsEnabled", false);
Found : user_pref("CT2405280.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2405280.myStuffEnabled", true);
Found : user_pref("CT2405280.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2405280.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2405280.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT1561552");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15257/14923/DE", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1561552", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1561552",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1561552/CT1561552[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2405280,CT2269050,ConduitEngine,CT1561552");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2405280,CT2269050,CT1561552");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jul 03 2011 13:09:25 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertEnabled", true);
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jul 04 2011 19:23:19 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jul 04 2011 19:18:23 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "d327d534-96ca-4b28-905b-d9b8566baed2");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Sep 19 2010 21:51:53 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "f7426b11-309c-4352-973b-98321cf8c790");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1561552");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 07 2011 11:27:23 GMT+0200");
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Mar 21 2011 21:30:30 GMT+0100");
Found : user_pref("ConduitEngine.FirstServerDate", "03/03/2011 20");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Thu Mar 03 2011 18:27:09 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.3.2.1", "Tue Mar 22 2011 18:22:04 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Mar 23 2011 17:42:50 GMT+0100");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Found : user_pref("ConduitEngine.UserID", "UN21668593915890155");
Found : user_pref("ConduitEngine.componentAlertEnabled", false);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Mar 23 2011 21:42:50 GMT+0100");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 2);
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT1561552");
Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");
Found : user_pref("avg.install.userSPSettings", "Ask.com");
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100474");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 2);
Found : user_pref("extensions.BabylonToolbar.cntry", "DE");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Found : user_pref("extensions.BabylonToolbar.firstRun", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "B87A958939DCF3B61CD9E6E99E93E8F0");
Found : user_pref("extensions.BabylonToolbar.hmpg", true);
Found : user_pref("extensions.BabylonToolbar.id", "a4a83ccf0000000000000021859bf417");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15289");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]
Found : user_pref("extensions.BabylonToolbar.lastActv", "15");
Found : user_pref("extensions.BabylonToolbar.lastDP", 2);
Found : user_pref("extensions.BabylonToolbar.lastVrsn", "1.1.5");
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1018:39:44");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 66769261);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1018:39:44");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100482");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "a4a83ccf0000000000000021859bf417");
Found : user_pref("extensions.BabylonToolbar_i.id", "a4a83ccf0000000000000021859bf417");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15376");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:22:32");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.icq.com/search/afe_results.php?[...]

*************************

AdwCleaner[R1].txt - [48643 octets] - [11/08/2012 12:42:22]

########## EOF - C:\AdwCleaner[R1].txt - [48772 octets] ##########

t'john 11.08.2012 14:42
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Raccoon 12.08.2012 18:30
So:

Code:
# AdwCleaner v1.800 - Logfile created 08/12/2012 at 14:51:58
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Dennis Minaev - VISTA
# Running from : C:\Users\Dennis Minaev\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Dennis Minaev\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Dennis Minaev\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Dennis Minaev\AppData\Local\Babylon
Folder Deleted : C:\Users\Dennis Minaev\AppData\Local\Conduit
Folder Deleted : C:\Users\Dennis Minaev\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Dennis Minaev\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Dennis Minaev\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Dennis Minaev\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Dennis Minaev\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dennis Minaev\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Dennis Minaev\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Dennis Minaev\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\Conduit
Folder Deleted : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\ConduitEngine
Folder Deleted : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\CT2269050
Folder Deleted : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\Smartbar
Folder Deleted : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\WinampToolbarData
Folder Deleted : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Folder Deleted : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\extensions\toolbar@ask.com
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\searchplugins\SweetIm.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Wise Solutions
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB9EE8E8-D146-4BDD-B05D-CA0C77FF31E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.qip.ru --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\prefs.js

C:\Users\Dennis Minaev\AppData\Roaming\Mozilla\Firefox\Profiles\5tpjs8dc.default\user.js ... Deleted !

Deleted : user_pref("CT1561552..clientLogIsEnabled", true);
Deleted : user_pref("CT1561552..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1561552..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1561552.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1561552.CT1561552", "CT1561552");
Deleted : user_pref("CT1561552.Chat.Meebo.ServerLastCheckTime", "Wed Mar 23 2011 17:42:52 GMT+0100");
Deleted : user_pref("CT1561552.Chat.Meebo.ServerLastResponseTime", "Wed Mar 23 2011 17:42:52 GMT+0100");
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.2030dff2c5edb1", 5);
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.30plusa87dca4f", 7);
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.entertainmentc0ed09fb", 3);
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.health3693b665", 1);
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.hotspotshieldcommunitychat381c94b5", 17);
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.musicj375cf270", 15);
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.newsxu117b840d", 16);
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.recreationab17d1f9", 3);
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.spirituality39155c53", 1);
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.sports522528d3", 0);
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.technology8bb9fd5b", 0);
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.teenagers833b8249", 1);
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.travel8c2e48db", 0);
Deleted : user_pref("CT1561552.Chat.Meebo.rooms.videogames2fe066e0", 1);
Deleted : user_pref("CT1561552.Chat.ServerLastCheckTime", "Wed Mar 23 2011 17:42:51 GMT+0100");
Deleted : user_pref("CT1561552.CurrentServerDate", "23-3-2011");
Deleted : user_pref("CT1561552.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1561552.DialogsGetterLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Deleted : user_pref("CT1561552.DownloadReferralCookieData", "");
Deleted : user_pref("CT1561552.EMailNotifierPollDate", "Wed Mar 23 2011 17:42:57 GMT+0100");
Deleted : user_pref("CT1561552.FirstServerDate", "23-3-2011");
Deleted : user_pref("CT1561552.FirstTime", true);
Deleted : user_pref("CT1561552.FirstTimeFF3", true);
Deleted : user_pref("CT1561552.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1561552.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1561552.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1561552.HasUserGlobalKeys", true);
Deleted : user_pref("CT1561552.Initialize", true);
Deleted : user_pref("CT1561552.InitializeCommonPrefs", true);
Deleted : user_pref("CT1561552.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT1561552.InstalledDate", "Wed Mar 23 2011 17:42:52 GMT+0100");
Deleted : user_pref("CT1561552.InvalidateCache", false);
Deleted : user_pref("CT1561552.IsGrouping", false);
Deleted : user_pref("CT1561552.IsMulticommunity", false);
Deleted : user_pref("CT1561552.IsOpenThankYouPage", true);
Deleted : user_pref("CT1561552.IsOpenUninstallPage", true);
Deleted : user_pref("CT1561552.LanguagePackLastCheckTime", "Wed Mar 23 2011 17:42:52 GMT+0100");
Deleted : user_pref("CT1561552.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1561552.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1561552.LastLogin_3.3.3.2", "Wed Mar 23 2011 17:42:50 GMT+0100");
Deleted : user_pref("CT1561552.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT1561552.Locale", "en-us");
Deleted : user_pref("CT1561552.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1561552.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1561552.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1561552.RadioIsPodcast", false);
Deleted : user_pref("CT1561552.RadioLastCheckTime", "Wed Mar 23 2011 17:42:52 GMT+0100");
Deleted : user_pref("CT1561552.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT1561552.RadioLastUpdateServer", "129100288951200000");
Deleted : user_pref("CT1561552.RadioMediaID", "13448970");
Deleted : user_pref("CT1561552.RadioMediaType", "Media Player");
Deleted : user_pref("CT1561552.RadioMenuSelectedID", "EBRadioMenu_CT156155213448970");
Deleted : user_pref("CT1561552.RadioStationName", "Danceradio");
Deleted : user_pref("CT1561552.RadioStationURL", "hxxp://101danceradio.com/wmx/classicrockjukebox64k.wmx");
Deleted : user_pref("CT1561552.SavedHomepage", "google.de");
Deleted : user_pref("CT1561552.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1561552.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT156[...]
Deleted : user_pref("CT1561552.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1561552.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1561552.SearchInNewTabLastCheckTime", "Wed Mar 23 2011 17:42:51 GMT+0100");
Deleted : user_pref("CT1561552.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1561552.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT1561552.ServiceMapLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Deleted : user_pref("CT1561552.SettingsLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Deleted : user_pref("CT1561552.SettingsLastUpdate", "1299113779");
Deleted : user_pref("CT1561552.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1561552.ThirdPartyComponentsLastCheck", "Wed Mar 23 2011 17:42:50 GMT+0100");
Deleted : user_pref("CT1561552.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT1561552.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1561552");
Deleted : user_pref("CT1561552.UserID", "UN49215637553842766");
Deleted : user_pref("CT1561552.WeatherNetwork", "");
Deleted : user_pref("CT1561552.WeatherPollDate", "Wed Mar 23 2011 17:42:58 GMT+0100");
Deleted : user_pref("CT1561552.WeatherUnit", "F");
Deleted : user_pref("CT1561552.alertChannelId", "15257");
Deleted : user_pref("CT1561552.approveUntrustedApps", true);
Deleted : user_pref("CT1561552.backendstorage._fb_dailyactivity", "31333030383938353732393736");
Deleted : user_pref("CT1561552.backendstorage._fb_lifetimesent", "54525545");
Deleted : user_pref("CT1561552.backendstorage.facebook_ctid_connect_send", "73656E646564");
Deleted : user_pref("CT1561552.components.1000034", true);
Deleted : user_pref("CT1561552.components.1000234", true);
Deleted : user_pref("CT1561552.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT1561552.globalFirstTimeInfoLastCheckTime", "Wed Mar 23 2011 21:42:50 GMT+0100");
Deleted : user_pref("CT1561552.isAppTrackingManagerOn", true);
Deleted : user_pref("CT1561552.myStuffEnabled", true);
Deleted : user_pref("CT1561552.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1561552.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1561552.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1561552.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1561552.testingCtid", "");
Deleted : user_pref("CT1561552.toolbarAppMetaDataLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Deleted : user_pref("CT1561552.toolbarContextMenuLastCheckTime", "Wed Mar 23 2011 17:42:52 GMT+0100");
Deleted : user_pref("CT1561552.usagesFlag", 1);
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "19-9-2010");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Sun Sep 19 2010 21:51:52 GMT+0200");
Deleted : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2269050.FirstServerDate", "19-9-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Sun Sep 19 2010 21:51:52 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Sun Sep 19 2010 21:51:55 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Sun Sep 19 2010 21:51:54 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Sun Sep 19 2010 21:51:54 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SavedHomepage", "google.de");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Sep 19 2010 21:51:54 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Sun Sep 19 2010 21:51:50 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1284635599");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Sep 19 2010 21:51:50 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2269050.UserID", "UN46398294904368864");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Sun Sep 19 2010 21:51:54 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.autoDisableScopes", -1);
Deleted : user_pref("CT2269050.clientLogIsEnabled", false);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.defaultSearch", "FALSE");
Deleted : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2269050.firstTimeDialogOpened", true);
Deleted : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2269050.fixUrls", true);
Deleted : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2269050.isNewTabEnabled", true);
Deleted : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.trojaner-boa[...]
Deleted : user_pref("CT2269050.openThankYouPage", "FALSE");
Deleted : user_pref("CT2269050.openUninstallPage", "FALSE");
Deleted : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2269050.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344772110894");
Deleted : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1344772110192");
Deleted : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1344772110533");
Deleted : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1344772110330");
Deleted : user_pref("CT2269050.settingsINI", true);
Deleted : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
Deleted : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Deleted : user_pref("CT2269050.smartbar.Uninstall", "0");
Deleted : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Deleted : user_pref("CT2269050.startPage", "userChanged");
Deleted : user_pref("CT2269050.toolbarBornServerTime", "19-9-2010");
Deleted : user_pref("CT2269050.toolbarCurrentServerTime", "12-8-2012");
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2405280.CTID", "CT2405280");
Deleted : user_pref("CT2405280.CurrentServerDate", "29-3-2010");
Deleted : user_pref("CT2405280.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2405280.EMailNotifierPollDate", "Mon Mar 29 2010 22:46:02 GMT+0200");
Deleted : user_pref("CT2405280.FeedLastCount1783261708582779529", 443);
Deleted : user_pref("CT2405280.FeedPollDate1783261706866434151", "Mon Mar 29 2010 22:46:02 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261707012811589", "Mon Mar 29 2010 22:46:02 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261707384123612", "Mon Mar 29 2010 22:46:02 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261707412150447", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261707418280754", "Mon Mar 29 2010 22:46:00 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261707599928299", "Mon Mar 29 2010 22:46:04 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261707617263572", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261707752362117", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261707795264368", "Mon Mar 29 2010 22:46:00 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261707808925892", "Mon Mar 29 2010 22:46:01 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261707869626670", "Mon Mar 29 2010 22:46:00 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261707927596866", "Mon Mar 29 2010 22:46:02 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261707979233386", "Mon Mar 29 2010 22:46:02 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708034493544", "Mon Mar 29 2010 22:46:02 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708039069553", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708204445100", "Mon Mar 29 2010 22:46:00 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708227524777", "Mon Mar 29 2010 22:46:04 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708292165278", "Mon Mar 29 2010 22:46:04 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708353935180", "Mon Mar 29 2010 22:46:04 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708439778168", "Mon Mar 29 2010 22:46:00 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708441073195", "Mon Mar 29 2010 22:46:01 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708501569511", "Mon Mar 29 2010 22:46:04 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708831214041", "Mon Mar 29 2010 22:46:04 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708861663992", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708872995288", "Mon Mar 29 2010 22:46:04 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708956613188", "Mon Mar 29 2010 22:46:01 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261708999019736", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261709029944985", "Mon Mar 29 2010 22:46:05 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261709040316547", "Mon Mar 29 2010 22:46:01 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261709118321128", "Mon Mar 29 2010 22:46:05 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261709147189875", "Mon Mar 29 2010 22:46:01 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261709273103006", "Mon Mar 29 2010 22:46:04 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261709334228118", "Mon Mar 29 2010 22:46:04 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261709396042055", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261709489005996", "Mon Mar 29 2010 22:46:01 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261709505836033", "Mon Mar 29 2010 22:46:02 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261709733509620", "Mon Mar 29 2010 22:46:04 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261709917159621", "Mon Mar 29 2010 22:46:02 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261709924030613", "Mon Mar 29 2010 22:46:00 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261709992975824", "Mon Mar 29 2010 22:46:00 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261710020959596", "Mon Mar 29 2010 22:46:02 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261710022683544", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261710146768558", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261710237979418", "Mon Mar 29 2010 22:46:00 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261710281192798", "Mon Mar 29 2010 22:46:01 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261710293301155", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261710367954069", "Mon Mar 29 2010 22:46:00 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261710537116573", "Mon Mar 29 2010 22:46:01 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261710539360442", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261710710752156", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261710876567422", "Mon Mar 29 2010 22:46:02 GMT+0200");
Deleted : user_pref("CT2405280.FeedPollDate1783261710898547036", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.FeedTTL1783261707418280754", 60);
Deleted : user_pref("CT2405280.FeedTTL1783261707927596866", 30);
Deleted : user_pref("CT2405280.FeedTTL1783261707979233386", 5);
Deleted : user_pref("CT2405280.FeedTTL1783261708439778168", 15);
Deleted : user_pref("CT2405280.FeedTTL1783261708441073195", 15);
Deleted : user_pref("CT2405280.FeedTTL1783261709040316547", 1);
Deleted : user_pref("CT2405280.FeedTTL1783261709147189875", 60);
Deleted : user_pref("CT2405280.FeedTTL1783261709505836033", 5);
Deleted : user_pref("CT2405280.FeedTTL1783261709917159621", 5);
Deleted : user_pref("CT2405280.FeedTTL1783261710281192798", 2);
Deleted : user_pref("CT2405280.FeedTTL1783261710537116573", 15);
Deleted : user_pref("CT2405280.FirstServerDate", "29-3-2010");
Deleted : user_pref("CT2405280.FirstTime", true);
Deleted : user_pref("CT2405280.FirstTimeFF3", true);
Deleted : user_pref("CT2405280.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2405280.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2405280.Initialize", true);
Deleted : user_pref("CT2405280.InitializeCommonPrefs", true);
Deleted : user_pref("CT2405280.InstalledDate", "Mon Mar 29 2010 22:45:59 GMT+0200");
Deleted : user_pref("CT2405280.InvalidateCache", false);
Deleted : user_pref("CT2405280.IsGrouping", false);
Deleted : user_pref("CT2405280.IsMulticommunity", false);
Deleted : user_pref("CT2405280.IsOpenThankYouPage", false);
Deleted : user_pref("CT2405280.IsOpenUninstallPage", true);
Deleted : user_pref("CT2405280.LanguagePackLastCheckTime", "Mon Mar 29 2010 22:46:01 GMT+0200");
Deleted : user_pref("CT2405280.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2405280.LastLogin_2.5.8.6", "Mon Mar 29 2010 22:46:00 GMT+0200");
Deleted : user_pref("CT2405280.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2405280.Locale", "en-us");
Deleted : user_pref("CT2405280.LoginCache", 4);
Deleted : user_pref("CT2405280.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2405280.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2405280.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2405280.RadioIsPodcast", false);
Deleted : user_pref("CT2405280.RadioLastCheckTime", "Mon Mar 29 2010 22:46:00 GMT+0200");
Deleted : user_pref("CT2405280.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2405280.RadioLastUpdateServer", "3");
Deleted : user_pref("CT2405280.RadioMediaID", "9962");
Deleted : user_pref("CT2405280.RadioMediaType", "Media Player");
Deleted : user_pref("CT2405280.RadioMenuSelectedID", "EBRadioMenu_CT24052809962");
Deleted : user_pref("CT2405280.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2405280.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2405280.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2405280.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2405280.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240[...]
Deleted : user_pref("CT2405280.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2405280.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2405280.SearchInNewTabLastCheckTime", "Mon Mar 29 2010 22:46:00 GMT+0200");
Deleted : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2405280.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2405280.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2405280.SettingsLastCheckTime", "Mon Mar 29 2010 22:45:57 GMT+0200");
Deleted : user_pref("CT2405280.SettingsLastUpdate", "1268306629");
Deleted : user_pref("CT2405280.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2405280.ThirdPartyComponentsLastCheck", "Mon Mar 29 2010 22:45:57 GMT+0200");
Deleted : user_pref("CT2405280.ThirdPartyComponentsLastUpdate", "1268306629");
Deleted : user_pref("CT2405280.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2405280.UserID", "UN46313421364816243");
Deleted : user_pref("CT2405280.WeatherNetwork", "");
Deleted : user_pref("CT2405280.WeatherPollDate", "Mon Mar 29 2010 22:46:03 GMT+0200");
Deleted : user_pref("CT2405280.WeatherUnit", "C");
Deleted : user_pref("CT2405280.alertChannelId", "799768");
Deleted : user_pref("CT2405280.clientLogIsEnabled", false);
Deleted : user_pref("CT2405280.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2405280.myStuffEnabled", true);
Deleted : user_pref("CT2405280.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2405280.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2405280.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT1561552");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15257/14923/DE", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1561552", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1561552",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1561552/CT1561552[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2405280,CT2269050,ConduitEngine,CT1561552");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2405280,CT2269050,CT1561552");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jul 03 2011 13:09:25 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jul 04 2011 19:23:19 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jul 04 2011 19:18:23 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "d327d534-96ca-4b28-905b-d9b8566baed2");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Sep 19 2010 21:51:53 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "f7426b11-309c-4352-973b-98321cf8c790");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1561552");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 07 2011 11:27:23 GMT+0200");
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Mar 21 2011 21:30:30 GMT+0100");
Deleted : user_pref("ConduitEngine.FirstServerDate", "03/03/2011 20");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Thu Mar 03 2011 18:27:09 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.2.1", "Tue Mar 22 2011 18:22:04 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Mar 23 2011 17:42:50 GMT+0100");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Deleted : user_pref("ConduitEngine.UserID", "UN21668593915890155");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Mar 23 2011 17:42:50 GMT+0100");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Mar 23 2011 21:42:50 GMT+0100");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT1561552");
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");
Deleted : user_pref("avg.install.userSPSettings", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100474");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 2);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "DE");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "B87A958939DCF3B61CD9E6E99E93E8F0");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "a4a83ccf0000000000000021859bf417");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15289");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "15");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 2);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsn", "1.1.5");
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1018:39:44");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 66769261);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1018:39:44");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100482");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "a4a83ccf0000000000000021859bf417");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "a4a83ccf0000000000000021859bf417");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15376");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:22:32");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.icq.com/search/afe_results.php?[...]

*************************

AdwCleaner[R1].txt - [48774 octets] - [11/08/2012 12:42:22]
AdwCleaner[S1].txt - [49925 octets] - [12/08/2012 14:51:58]

########## EOF - C:\AdwCleaner[S1].txt - [50054 octets] ##########
Und:

Code:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 12.08.2012 15:16:31

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:        12.08.2012 15:19:08


Gescannt        782192
Gefunden        0

Scan Ende:        12.08.2012 19:25:59
Scan Zeit:        4:06:51

t'john 12.08.2012 19:45
Sehr gut! :daumenhoc



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Raccoon 13.08.2012 19:57
OK:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=e753b80c8134234293d95fe224027244
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-24 09:30:06
# local_time=2011-09-24 11:30:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 98813 53436594 101285 0
# compatibility_mode=5892 16776573 100 100 4469 154432466 0 0
# compatibility_mode=8192 67108863 100 0 109 109 0 0
# scanned=119
# found=0
# cleaned=0
# scan_time=68
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=e753b80c8134234293d95fe224027244
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-25 12:09:51
# local_time=2011-09-25 02:09:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 143705 53481486 146177 0
# compatibility_mode=5892 16776573 100 100 1062 154477358 0 0
# compatibility_mode=8192 67108863 100 0 45001 45001 0 0
# scanned=347759
# found=3
# cleaned=0
# scan_time=7961
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe        a variant of Win32/1AntiVirus application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Dennis Minaev\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\2de1bacb-335aac92        Java/Agent.DO trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\mmcico32.dll        a variant of Win32/Spy.Agent.NTN trojan (unable to clean)        00000000000000000000000000000000        I
PS: Scheint nun alles wieder rund zu laufen. Die o. g. Symptome zeigen sich schon seit 2 Tagen nicht mehr!

t'john 13.08.2012 20:40
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Raccoon 13.08.2012 21:11
Sieht gut aus:



PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 13.0.1 ist aktuell

Flash (11,3,300,270) ist aktuell.

Java (1,7,0,5) ist aktuell.

Adobe Reader 10,1,3,23 ist aktuell.



Zurück

Tools:

StartSeite
PluginCheck
Secunia Online Scan

Weiterführendes:

Java Updaten und Einstellen

Secunia Personal Software Inspector (PSI)

Family:

TR/Agent


Anmerkung:
Das bei "Benachrichtigung ausgeben" setzt sich immer automatisch auf "Vor dem Download" zurück, wenn ich wieder auf das Java-Symbol klicke. Genauso wie das monatliche Update.

t'john 13.08.2012 22:04
OK, isr nicht so wichtig.

Sehr gut! :daumenhoc

damit bist Du sauber und entlassen! :)

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?

Raccoon 14.08.2012 17:32
Super! Wie bereits gesagt, alles funktioniert nun wieder einwandfrei! Der PC hängt sich überhaupt nicht mehr auf! Habe deine Tipps und Anweisungen bis zum Schluss ausgeführt. Auch der Tipp mit "PC wird immer langsamer - was tun?" finde ich sehr gut. Werde ich in nächster Zeit mal machen, damit alles NOCH besser wird :)

Jedenfalls vielen lieben Dank für deine Zeit und Hilfe!!! Bin so froh, dass es doch kein Hard- oder Softwarefehler ist. Ich hatte schon befürchtet, ich muss den PC neuinstallieren. Das wäre wegen der Datenrettung sehr aufwendig und nervig gewesen...

Finde ich echt toll, dass es so eine Seite gibt, wo man kostenfrei professionelle Hilfe bekommt! Somit wurde mir nun schon zum zweiten Mal von euch geholfen! Ich werde wohl aber nie verstehen, wie ihr das so "einfach" macht. Da hört mein Verständnis für die PC-Technik/Programmierung/"was-auch-immer" auf :zunge:

Also nochmals vielen Dank!!
Bei neu anfallenden Problemen beehre ich euch wider ;)

:dankeschoen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:43 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131