Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
BUNDESPOLIZEI / Ihr Computer wurde gesperrt

BUNDESPOLIZEI / Ihr Computer wurde gesperrt


Plagegeister aller Art und deren Bekämpfung: BUNDESPOLIZEI / Ihr Computer wurde gesperrt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.07.2012, 11:51   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BUNDESPOLIZEI / Ihr Computer wurde gesperrt - Standard

BUNDESPOLIZEI / Ihr Computer wurde gesperrt


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278
IE - HKLM\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2536373
IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278
IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=604962b5000000000000964ce51719e9
IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE359
IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2536373
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "ClipGrab Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2536373&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "ClipGrab Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.net"
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=604962b5000000000000964ce51719e9&q="
[2012.04.02 17:16:59 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2012.02.14 19:44:52 | 000,000,000 | ---D | M] (ClipGrab Community Toolbar) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}
[2012.05.02 17:41:57 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.05.02 17:41:51 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com
[2012.05.02 17:41:24 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com
[2012.01.31 22:13:16 | 000,000,919 | ---- | M] () -- C:\Users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\searchplugins\conduit.xml
[2012.04.02 17:16:55 | 000,002,515 | ---- | M] () -- C:\Users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\searchplugins\Search_Results.xml
[2012.04.02 17:17:07 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2012.05.02 17:41:14 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.04.02 17:16:55 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (DataMngr) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\BROWSE~1.DLL (MusicLab, LLC)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DataMngr) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL (MusicLab, LLC)
O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()
O3 - HKLM\..\Toolbar: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\Toolbar\WebBrowser: (ClipGrab Toolbar) - {E36DF325-3F4B-476F-8F89-123BC5D51A30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE (MusicLab, LLC)
O4:64bit: - HKLM..\RunOnce: [PLD_FrameworkRunOnce] C:\Windows\SysNative\OEM\_waitAndLaunch_PLD_Framework_NoWait.vbs ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll (MusicLab, LLC)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
[2009.10.24 11:17:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2012.06.09 20:55:39 | 000,000,000 | ---D | C] -- C:\xmldm
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:444C53BA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93DE1838
:Files
C:\PROGRA~2\BEARSH~1
C:\Program Files (x86)\BabylonToolbar
C:\Users\K&S\AppData\Roaming\.#
C:\Users\Sebastian\AppData\Roaming\.#
C:\Users\Sebastian\AppData\Roaming\kock
C:\Users\Kristina\AppData\Roaming\.#
C:\ProgramData\ssrahfwjarrbynh
C:\ProgramData\dolzowms.exe
C:\Users\Sebastian\AppData\Roaming\UAs
C:\Users\Sebastian\AppData\Roaming\xmldm
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.07.2012, 21:02   #2
itsme42
 
BUNDESPOLIZEI / Ihr Computer wurde gesperrt - Standard

BUNDESPOLIZEI / Ihr Computer wurde gesperrt


Hallo Arne,
ich habe den Scan mit OTL durchgeführt.
Hier der Imhalt der LOG-Datei:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e36df325-3f4b-476f-8f89-123bc5d51a30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ deleted successfully.
C:\Program Files (x86)\ClipGrab\prxtbCli0.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e36df325-3f4b-476f-8f89-123bc5d51a30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ not found.
File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.
HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "ClipGrab Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2536373&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "ClipGrab Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.bearshare.net" removed from browser.startup.homepage
Prefs.js: ffxtlbr@babylon.com:1.2.0 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=604962b5000000000000964ce51719e9&q=" removed from keyword.URL
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\components folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\searchbar folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\options folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\radio folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\modules folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\lib folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\data\search folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\data folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\searchplugin folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\modules folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\META-INF folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\defaults folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\components folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\chrome folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30} folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\skin folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\locale\en-US folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\locale folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\defaults folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\chrome\content folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\chrome folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\searchplugins\conduit.xml moved successfully.
C:\Users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\searchplugins\Search_Results.xml moved successfully.
C:\PROGRAM FILES (X86)\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION\content folder moved successfully.
C:\PROGRAM FILES (X86)\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully.
C:\PROGRAM FILES (X86)\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION folder moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.
C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\BROWSE~1.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.
C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ deleted successfully.
C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ not found.
File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found.
File C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e36df325-3f4b-476f-8f89-123bc5d51a30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ not found.
File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E36DF325-3F4B-476F-8F89-123BC5D51A30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E36DF325-3F4B-476F-8F89-123BC5D51A30}\ not found.
File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\PLD_FrameworkRunOnce deleted successfully.
C:\Windows\SysNative\OEM\_waitAndLaunch_PLD_Framework_NoWait.vbs moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll deleted successfully.
C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll deleted successfully.
C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll deleted successfully.
C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll deleted successfully.
C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
C:\xmldm folder moved successfully.
ADS C:\ProgramData\TEMP:ABE89FFE deleted successfully.
ADS C:\ProgramData\TEMP:E3C56885 deleted successfully.
ADS C:\ProgramData\TEMP:E1F04E8D deleted successfully.
ADS C:\ProgramData\TEMP:5D7E5A8F deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:444C53BA deleted successfully.
ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.
ADS C:\ProgramData\TEMP:0B9176C0 deleted successfully.
ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
ADS C:\ProgramData\TEMP:93DE1838 deleted successfully.
========== FILES ==========
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\x64 folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\components folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr folder moved successfully.
C:\PROGRA~2\BearShare Applications\MediaBar folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\Skins\Images folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\videosview\images folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\videosview folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\images folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\colorsbubble\images folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\colorsbubble folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\cdripview folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\artistsview\images folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\artistsview folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\albumsview\images folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\albumsview folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\Skins\html folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\Skins folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\HTML\Images folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare\HTML folder moved successfully.
C:\PROGRA~2\BearShare Applications\BearShare folder moved successfully.
C:\PROGRA~2\BearShare Applications folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files (x86)\BabylonToolbar folder moved successfully.
C:\Users\K&S\AppData\Roaming\.# folder moved successfully.
C:\Users\Sebastian\AppData\Roaming\.# folder moved successfully.
C:\Users\Sebastian\AppData\Roaming\kock folder moved successfully.
C:\Users\Kristina\AppData\Roaming\.# folder moved successfully.
C:\ProgramData\ssrahfwjarrbynh moved successfully.
C:\ProgramData\dolzowms.exe moved successfully.
C:\Users\Sebastian\AppData\Roaming\UAs folder moved successfully.
C:\Users\Sebastian\AppData\Roaming\xmldm folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: K&S
->Temp folder emptied: 544605 bytes
->Temporary Internet Files folder emptied: 51908802 bytes
->Java cache emptied: 3536423 bytes
->FireFox cache emptied: 44933947 bytes
->Flash cache emptied: 6684 bytes
 
User: Kristina
->Temp folder emptied: 24241205 bytes
->Temporary Internet Files folder emptied: 129087903 bytes
->Java cache emptied: 7140 bytes
->FireFox cache emptied: 3621680 bytes
->Flash cache emptied: 187623 bytes
 
User: Michael
 
User: Public
 
User: Rezepte
 
User: Sebastian
->Temp folder emptied: 114061758 bytes
->Temporary Internet Files folder emptied: 280590135 bytes
->Java cache emptied: 157604 bytes
->FireFox cache emptied: 76041010 bytes
->Google Chrome cache emptied: 159991035 bytes
->Flash cache emptied: 390038 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1592 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84895 bytes
RecycleBin emptied: 286104 bytes
 
Total Files Cleaned = 848,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: K&S
->Flash cache emptied: 0 bytes
 
User: Kristina
->Flash cache emptied: 0 bytes
 
User: Michael
 
User: Public
 
User: Rezepte
 
User: Sebastian
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07022012_214022

Files\Folders moved on Reboot...
C:\Users\K&S\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\K&S\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Gruß
Michael
__________________
Antwort

Themen zu BUNDESPOLIZEI / Ihr Computer wurde gesperrt
.dll, 192.168.0.2, ad-aware, alternate, avg, babylon toolbar, babylontoolbar, bho, bildschirm, bonjour, canon, clipgrab, computer, conduit, dealply, entfernen, excel, explorer, firefox, format, gesperrt, home, infizierte, infizierte dateien, launch, logfile, mp3, plug-in, realtek, registry, scan, search the web, searchscopes, software, taskmanager, trojaner bundespolizei system gesperrt, trojaner-board, version=1.0, windows


« Computer wurde gesperrt zahlen sie 100€ bei Ukash | Trojaner(?): Festplatte angeblich kaputt, Desktop ist schwarz, Startmenü leer »


Ähnliche Themen: BUNDESPOLIZEI / Ihr Computer wurde gesperrt


  1. Ihr Computer wurde automatisch gesperrt Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (2)
  2. Ihr Computer wurde gesperrt - Bundespolizei - UKASH
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (22)
  3. Bundespolizei Virus:Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (13)
  4. Bundespolizei - Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (6)
  5. Ihr Computer wurde gesperrt - Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (2)
  6. Bundespolizei- Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (6)
  7. Bundespolizei - Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 15.09.2012 (51)
  8. Computer wurde gesperrt von der Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  9. Bundespolizei- Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (7)
  10. BUNDESPOLIZEI - Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 22.08.2012 (12)
  11. Ihr Computer wurde gesperrt - Bundespolizei Trojaner
    Log-Analyse und Auswertung - 21.08.2012 (10)
  12. Bundespolizei (Österreich) - Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 20.07.2012 (9)
  13. Ihr Computer wurde gesperrt Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (5)
  14. Bundespolizei - Computer wurde gesperrt
    Log-Analyse und Auswertung - 09.07.2012 (1)
  15. Bundespolizei - Ihr Computer wurde gesperrt, Ukash
    Log-Analyse und Auswertung - 06.07.2012 (32)
  16. Ihr computer wurde gesperrt - bundespolizei - ukash
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (3)
  17. BUNDESPOLIZEI - Ihr Computer wurde gesperrt
    Anleitungen, FAQs & Links - 29.05.2012 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BUNDESPOLIZEI / Ihr Computer wurde gesperrt - Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert - BUNDESPOLIZEI / Ihr Computer wurde gesperrt...
Archiv
Du betrachtest: BUNDESPOLIZEI / Ihr Computer wurde gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131