Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bProtector for Windows Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.07.2012, 11:11   #1
Thomas97
 
bProtector for Windows Virus - Frage

bProtector for Windows Virus



Hallo bin neu hier
und benötige unbedingt eure Hilfe.
Mir ist ein Prozess aufgefallen "bProtect.exe" dessen Dateipfad
(Computer/ TrippleCore (C: )/ ProgramData/ bProtector for Windows/ 2.2.463.83)

Aber am meisten auffallend ist wenn ich in einen Ordner gehe wie zb. Fallout 3, Musik, .... dan kopiert es wenn ich rausgehe 2 Ordner rein bProtector for Windows und searchplugins.

In TrippleCore (C: ) sind 4 Ordner
6ddfa3b7e2adde382cba1a225ec6
ad207b7c739861e177d4f76ee093
ccd60c17528cd5482bc01848b2
cdd992103b29a979016a056da058
dessen Inhalt auch bProtectors for Windows und searchplugins sind.

Avira und MalewareBytes Anti Maleware erkennen es nicht als Virus!!

Aber das beste kommt zum Schluss ich kann nichts Löschen oder Deinstallieren weil es den Zugriff verweigert
Ps: Prozess beenden geht auch nicht.

Bitte ganz dringend um Hilfe

Alt 28.07.2012, 14:39   #2
t'john
/// Helfer-Team
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 30.07.2012, 08:38   #3
Thomas97
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus



Das hier ist die Log Datei von Malwarebytes


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.23.11

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Thomas :: TRIPLECORE [Administrator]

29.07.2012 22:37:59
mbam-log-2012-07-30 (09-35-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 614006
Laufzeit: 3 Stunde(n), 44 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> 2724 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 2
C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 21
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Daten: C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\Thomas\LOCALS~1\Temp\mswsazk.com -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 17
C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files\Uninstall Information\ib_uninst_515\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Users\Thomas\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Thomas\Downloads\SoftonicDownloader_fuer_free-screen-to-video.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Thomas\Downloads\SoftonicDownloader_fuer_nasa-world-wind.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.


Soll ich alles Löschen?

Ich werde jetzt noch OTL installieren und damit auch noch mal n scan machen

das sind jetzt die 2 Logs von OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.07.2012 09:46:33 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Thomas\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 50,23% Memory free
6,21 Gb Paging File | 4,17 Gb Available in Paging File | 67,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 583,67 Gb Total Space | 120,54 Gb Free Space | 20,65% Space Free | Partition Type: NTFS
Drive D: | 12,50 Gb Total Space | 1,82 Gb Free Space | 14,55% Space Free | Partition Type: NTFS
Drive F: | 9,52 Gb Total Space | 9,52 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: TRIPLECORE | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe (bProtector)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
PRC - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\WINDOWS\System32\atieclxx.exe (AMD)
PRC - C:\WINDOWS\System32\atiesrxx.exe (AMD)
PRC - C:\WINDOWS\System32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll ()
MOD - C:\Programme\Steam\bin\libcef.dll ()
MOD - C:\Programme\Steam\bin\avcodec-53.dll ()
MOD - C:\Programme\Steam\bin\chromehtml.dll ()
MOD - C:\Programme\Steam\bin\avformat-53.dll ()
MOD - C:\Programme\Steam\bin\avutil-51.dll ()
MOD - C:\Programme\BrowserCompanion\sqlite3.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\WINDOWS\System32\atitmpxx.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe ()
MOD - C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe (bProtector)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SearchAnonymizer) -- C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AMD External Events Utility) -- C:\WINDOWS\System32\atiesrxx.exe (AMD)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FsUsbExService) -- C:\WINDOWS\System32\FsUsbExService.Exe (Teruten)
SRV - (dgdersvc) -- C:\WINDOWS\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ezSharedSvc) -- C:\WINDOWS\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (ssadmdm) -- C:\WINDOWS\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\WINDOWS\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\WINDOWS\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\WINDOWS\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (androidusb) -- C:\WINDOWS\System32\drivers\ssadadb.sys (Google Inc)
DRV - (FlashUSB) -- C:\WINDOWS\System32\drivers\FlashUSB.sys (Danish Wireless Design A/S)
DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\WINDOWS\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athur) -- C:\WINDOWS\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\System32\FsUsbExDisk.Sys ()
DRV - (dgderdrv) -- C:\WINDOWS\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (ss_bmdm) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\WINDOWS\System32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\WINDOWS\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (LVUVC) -- C:\WINDOWS\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys ()
DRV - (hamachi) -- C:\WINDOWS\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sfdrv01) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvstor32) -- C:\WINDOWS\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\WINDOWS\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NPF) -- C:\WINDOWS\System32\drivers\npf.sys (CACE Technologies)
DRV - (sfsync02) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=84&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&barid={FE85AB08-8ECE-11E1-B160-002354600696}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{1F236687-06CF-46A3-881B-279C43777065}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1175&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={FE85AB08-8ECE-11E1-B160-002354600696}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=84&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975
IE - HKCU\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D6464726E7726733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F7765622F7B7365617263685465726D737D3F6261627372633D53505F73732661666649443D313031323431266D6E747249643D3930356330366431303030303030303030303030303032373139626231343364&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F637573746F6D2F6A6176612F72656469726563743F636C69656E743D69652674623D4F524A266F3D313030303030303236267372633D63726D26713D7B7365617263685465726D737D266C6F63616C653D2661706E5F70746E72733D55332661706E5F647469643D4F534A303030&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0
IE - HKCU\..\SearchScopes\{1F236687-06CF-46A3-881B-279C43777065}: "URL" = hxxp://slirsredirect.search.aol.com.anonymize-me.de/?anonymto=687474703A2F2F736C69727372656469726563742E7365617263682E616F6C2E636F6D2F736C6972735F687474702F7372656469723F7372656469723D313133342671756572793D7B7365617263685465726D737D26696E766F636174696F6E547970653D746235306870636E64746965372D64652D6174&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0
IE - HKCU\..\SearchScopes\{6C31A4D3-AC62-41BA-AFA4-5D8A1B0911EE}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = hxxp://search.speedbit.com/search.aspx?aff=svd_0&q={searchTerms}
IE - HKCU\..\SearchScopes\{8740438D-339F-4A0B-8A34-7F3D76FF566F}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1175&systemid=1&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}: "URL" = hxxp://de.kelkoopartners.net.anonymize-me.de/?anonymto=687474703A2F2F64652E6B656C6B6F6F706172746E6572732E6E65742F63746C2F646F2F7365617263683F7369746553656172636851756572793D7B7365617263685465726D737D2666726F6D666F726D3D7472756526783D7472756526793D7472756526706172746E65723D687026706172746E657249643D3936393133393333&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975
IE - HKCU\..\SearchScopes\{BEB9F905-3B7C-4970-8259-FE12D987E3B0}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C4EC27A4-1138-4D3F-8A55-63010655BC79}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{CB9448A5-7300-43B2-9BEE-4E772157F03E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{DF349B01-6A03-4545-B880-C7EDE8C42DFF}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D36266372673D332E3130313030303026713D7B7365617263685465726D737D2662617269643D7B46453835414230382D384543452D313145312D423136302D3030323335343630303639367D&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "appbario2 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "appbario2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "appbario2 Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "appbario2 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Speedbit Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.speedbit.com/search.aspx?aff=svd_0&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Speedbit Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.speedbit.com/?aff=svd_0"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Thomas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SPEEDbit Video Downloader\SPFireFox [2011.12.04 22:02:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox [2011.12.04 22:02:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.05 19:48:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:37:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.03 20:05:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de [2012.04.25 17:56:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net [2012.04.25 18:27:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension [2012.07.13 22:31:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:37:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.03 20:05:58 | 000,000,000 | ---D | M]
 
[2012.05.17 17:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2012.07.17 10:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions
[2012.07.17 10:59:09 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}
[2012.07.07 10:24:14 | 000,000,000 | ---D | M] (www.Freeware-download.com Community Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)
[2012.05.17 17:09:26 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012.06.26 13:51:55 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.11.03 21:16:21 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.31 20:45:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.13 22:32:18 | 000,000,000 | ---D | M] (appbario2 Community Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}
[2012.06.15 16:21:22 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldheroespatcher@ea.com
[2012.07.02 14:47:30 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldplay4free@ea.com
[2012.01.23 19:21:35 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com
[2012.01.23 21:42:27 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com
[2011.11.06 21:33:38 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@Facemoods.com
[2012.04.25 18:27:26 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net
[2012.04.25 17:56:21 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de
[2012.04.25 17:56:17 | 000,002,618 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\askcomsearch.xml
[2012.04.25 17:56:17 | 000,001,163 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\bProtect.xml
[2012.07.08 13:55:38 | 000,000,921 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\conduit.xml
[2012.06.26 13:51:39 | 000,002,520 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\SearchResults.xml
[2012.05.17 17:09:03 | 000,002,517 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\Search_Results.xml
[2012.04.25 20:18:50 | 000,002,538 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\speedbit.xml
[2012.04.25 17:56:18 | 000,004,356 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\sweetim.xml
[2012.04.25 17:56:18 | 000,002,069 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{0414432B-22A6-4EC0-8398-2ACA5886E763}.xml
[2012.04.25 17:56:18 | 000,002,180 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{41480EEB-54A9-42F1-BC08-E17B83926824}.xml
[2012.04.25 17:57:16 | 000,001,086 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{D4B855DD-57D6-4559-919E-69017E7B0909}.xml
[2012.04.25 17:56:18 | 000,001,862 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{F74C3F82-3EC4-4400-98B3-19E7459655C5}.xml
[2012.05.17 17:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.22 19:28:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.18 21:37:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.15 13:07:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.17 17:04:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.25 17:56:17 | 000,002,395 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.17 17:04:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.17 17:04:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.25 17:56:17 | 000,001,617 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.17 17:04:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 13:51:39 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.05.17 17:09:03 | 000,002,517 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.17 17:04:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 17:04:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48
CHR - homepage: hxxp://www.searchqu.com/417
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg\2.3.15.10_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_1\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg\2.3.15.10_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_1\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.02.29 15:22:15 | 000,000,794 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1				activate.adobe.com
O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.)
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Programme\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Programme\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Programme\SpeedBit Video Downloader\TBU19\tbcore3.dll ()
O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll (iMesh, Inc)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Programme\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programme\SpeedBit Video Downloader\Toolbar\Grabber.dll (SpeedBit)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Programme\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Programme\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TrayServer] C:\Windows\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe ()
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll ()
F3 - HKCU WinNT: Load - (C:\Users\Thomas\LOCALS~1\Temp\mswsazk.com) -  File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AE252D6-B3E1-4BBA-939F-8F8625AD5C2B}: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AAAC633-BE3B-4E62-960D-48DB50F79B28}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\22463~1.83\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.05 17:49:56 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{84627128-ffb8-11e0-a101-002354600696}\Shell - "" = AutoRun
O33 - MountPoints2\{84627128-ffb8-11e0-a101-002354600696}\Shell\AutoRun\command - "" = G:\FalloutLauncher.exe
O33 - MountPoints2\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\Shell - "" = AutoRun
O33 - MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\Shell\AutoRun\command - "" = L:\SETUP.EXE
O33 - MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\Shell\dinstall\command - "" = L:\DirectX\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.30 09:44:47 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.07.29 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\DirectDownloader
[2012.07.27 10:03:43 | 000,000,000 | ---D | C] -- C:\6ddfa3b7e2adde382cba1a225ec6
[2012.07.24 18:15:15 | 000,000,000 | ---D | C] -- C:\ad207b7c739861e177d4f76ee093
[2012.07.23 23:46:17 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Avira
[2012.07.23 23:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.23 23:40:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.07.23 23:40:28 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.23 23:40:28 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.23 23:40:28 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.07.23 23:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.23 22:27:36 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2012.07.23 22:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.23 22:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.23 22:27:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.23 22:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.21 08:07:36 | 000,000,000 | ---D | C] -- C:\ccd60c17528cd5482bc01848b2
[2012.07.20 21:05:45 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Fallout3
[2012.07.19 11:31:41 | 000,000,000 | -HSD | C] -- C:\found.003
[2012.07.17 10:33:08 | 000,000,000 | ---D | C] -- C:\cdd992103b29a979016a056da058
[2012.07.17 10:15:56 | 000,000,000 | -HSD | C] -- C:\found.002
[2012.07.13 22:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012.07.13 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\PerformerSoft
[2012.07.13 22:32:02 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2012.07.13 22:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\PC Performer
[2012.07.13 22:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\appbario2
[2012.07.13 22:31:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2012.07.13 22:31:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\bProtectorForWindows
[2012.07.13 22:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows
[2012.07.13 22:31:29 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\NASA
[2012.07.13 22:31:07 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA
[2012.07.13 22:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NASA
[2012.07.13 22:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\NASA
[2012.07.05 23:18:13 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Samsung
[2012.07.05 23:18:11 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\PC Suite
[2012.07.05 23:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.07.05 23:13:17 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Samsung
[2012.07.05 21:48:46 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.07.02 00:01:11 | 004,773,478 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\DragonsDogma screensaver.scr
[2012.07.02 00:01:11 | 000,000,000 | ---D | C] -- C:\Windows\DragonsDogma screensaver Uninstaller
[2012.07.01 15:28:37 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.30 09:59:11 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.30 09:47:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1001UA.job
[2012.07.30 09:47:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1001Core.job
[2012.07.30 09:44:53 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.07.30 09:33:43 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Thomas.job
[2012.07.30 09:30:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 09:30:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 09:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.30 08:26:01 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1004UA.job
[2012.07.29 23:26:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1004Core.job
[2012.07.29 19:59:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.29 11:30:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.29 11:30:27 | 3219,611,648 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.28 17:00:39 | 005,581,377 | ---- | M] () -- C:\Users\Thomas\Desktop\Dragonskin_Tactical_Vest-15408-Final.7z
[2012.07.28 14:06:32 | 000,282,239 | ---- | M] () -- C:\Users\Thomas\Desktop\Solid_Snake_Box_03-4967.rar
[2012.07.28 13:50:21 | 017,797,303 | ---- | M] () -- C:\Users\Thomas\Desktop\Military_Equipment-10453.rar
[2012.07.28 12:34:10 | 000,933,361 | R--- | M] () -- C:\Users\Thomas\Desktop\WReality_Haven_095b-2687.rar
[2012.07.28 00:53:58 | 000,052,736 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.27 19:03:08 | 068,119,300 | ---- | M] () -- C:\Users\Thomas\Desktop\F3ProjectRealityMkI-17418-v1-0beta.rar
[2012.07.27 18:38:19 | 006,474,183 | ---- | M] () -- C:\Users\Thomas\Desktop\Glock19V10-8292.zip
[2012.07.27 18:37:23 | 000,302,738 | ---- | M] () -- C:\Users\Thomas\Desktop\Northwest_Forest_Redone-_No_DLCs-17758-1-3.rar
[2012.07.27 11:15:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.27 11:15:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.26 22:06:35 | 000,252,100 | ---- | M] () -- C:\Users\Thomas\Desktop\Program_Version_-_Recommended-944.zip
[2012.07.26 20:56:11 | 019,147,558 | ---- | M] () -- C:\Users\Thomas\Desktop\Fixed_File-11273.rar
[2012.07.26 20:46:06 | 051,761,830 | ---- | M] () -- C:\Users\Thomas\Desktop\Dragonskin_Tactical_Outfit_v1_1-10183-1-1.7z
[2012.07.26 15:52:10 | 000,001,028 | ---- | M] () -- C:\Users\Thomas\Desktop\Fallout3.lnk
[2012.07.26 13:20:15 | 005,481,921 | ---- | M] () -- C:\Users\Thomas\Desktop\m1911_1-1-785.zip
[2012.07.26 13:16:25 | 039,314,191 | ---- | M] () -- C:\Users\Thomas\Desktop\USMC_Weapons_Reduced_Damage2-17581-1.zip
[2012.07.26 13:14:33 | 014,440,707 | ---- | M] () -- C:\Users\Thomas\Desktop\Mancers_Talon_Armor-16980-v1-0.7z
[2012.07.26 12:33:58 | 013,451,895 | ---- | M] () -- C:\Users\Thomas\Desktop\Steyr_AUG_A1-16252-1-1.rar
[2012.07.26 12:32:31 | 002,337,765 | ---- | M] () -- C:\Users\Thomas\Desktop\American_AR_to_M4A1_Carbine-5141.zip
[2012.07.26 12:27:02 | 025,216,866 | ---- | M] () -- C:\Users\Thomas\Desktop\Slam_M16_Pack_v1_1-12173.rar
[2012.07.24 11:22:35 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\Documents\NEWSOFT
[2012.07.23 23:40:36 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.23 22:27:22 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.22 21:06:03 | 000,000,051 | ---- | M] () -- C:\ProgramData\jeycukwaohhrwlf
[2012.07.21 13:26:58 | 000,139,424 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.21 13:26:50 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.07.21 13:26:01 | 000,234,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.07.20 19:46:20 | 000,670,708 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.20 19:46:20 | 000,631,438 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.20 19:46:20 | 000,143,876 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.20 19:46:20 | 000,118,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.13 22:32:21 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.13 22:31:08 | 000,001,878 | ---- | M] () -- C:\Users\Thomas\Desktop\World Wind 1.4.lnk
[2012.07.05 14:44:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012.07.04 09:37:29 | 000,002,609 | ---- | M] () -- C:\Users\Thomas\Desktop\Microsoft Office Word 2003.lnk
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.28 17:00:15 | 005,581,377 | ---- | C] () -- C:\Users\Thomas\Desktop\Dragonskin_Tactical_Vest-15408-Final.7z
[2012.07.28 14:06:30 | 000,282,239 | ---- | C] () -- C:\Users\Thomas\Desktop\Solid_Snake_Box_03-4967.rar
[2012.07.28 13:49:08 | 017,797,303 | ---- | C] () -- C:\Users\Thomas\Desktop\Military_Equipment-10453.rar
[2012.07.28 12:34:12 | 000,933,361 | R--- | C] () -- C:\Users\Thomas\Desktop\WReality_Haven_095b-2687.rar
[2012.07.27 18:58:57 | 068,119,300 | ---- | C] () -- C:\Users\Thomas\Desktop\F3ProjectRealityMkI-17418-v1-0beta.rar
[2012.07.27 18:37:56 | 006,474,183 | ---- | C] () -- C:\Users\Thomas\Desktop\Glock19V10-8292.zip
[2012.07.27 18:37:21 | 000,302,738 | ---- | C] () -- C:\Users\Thomas\Desktop\Northwest_Forest_Redone-_No_DLCs-17758-1-3.rar
[2012.07.26 22:06:32 | 000,252,100 | ---- | C] () -- C:\Users\Thomas\Desktop\Program_Version_-_Recommended-944.zip
[2012.07.26 20:54:08 | 019,147,558 | ---- | C] () -- C:\Users\Thomas\Desktop\Fixed_File-11273.rar
[2012.07.26 20:43:01 | 051,761,830 | ---- | C] () -- C:\Users\Thomas\Desktop\Dragonskin_Tactical_Outfit_v1_1-10183-1-1.7z
[2012.07.26 15:52:10 | 000,001,028 | ---- | C] () -- C:\Users\Thomas\Desktop\Fallout3.lnk
[2012.07.26 13:19:45 | 005,481,921 | ---- | C] () -- C:\Users\Thomas\Desktop\m1911_1-1-785.zip
[2012.07.26 13:13:06 | 014,440,707 | ---- | C] () -- C:\Users\Thomas\Desktop\Mancers_Talon_Armor-16980-v1-0.7z
[2012.07.26 13:12:50 | 039,314,191 | ---- | C] () -- C:\Users\Thomas\Desktop\USMC_Weapons_Reduced_Damage2-17581-1.zip
[2012.07.26 12:32:59 | 013,451,895 | ---- | C] () -- C:\Users\Thomas\Desktop\Steyr_AUG_A1-16252-1-1.rar
[2012.07.26 12:32:23 | 002,337,765 | ---- | C] () -- C:\Users\Thomas\Desktop\American_AR_to_M4A1_Carbine-5141.zip
[2012.07.26 12:25:28 | 025,216,866 | ---- | C] () -- C:\Users\Thomas\Desktop\Slam_M16_Pack_v1_1-12173.rar
[2012.07.23 23:40:36 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.23 22:27:22 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.22 21:05:49 | 000,000,051 | ---- | C] () -- C:\ProgramData\jeycukwaohhrwlf
[2012.07.13 22:32:21 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.13 22:31:08 | 000,001,878 | ---- | C] () -- C:\Users\Thomas\Desktop\World Wind 1.4.lnk
[2012.07.05 14:44:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012.06.29 09:13:46 | 000,000,096 | ---- | C] () -- C:\Windows\winlemm.ini
[2012.05.09 19:36:13 | 000,147,456 | ---- | C] () -- C:\Windows\Sonnensystem3DUninstaller.exe
[2012.04.25 17:56:19 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.01.28 20:37:20 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.12.04 22:02:39 | 000,102,912 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2011.12.04 22:02:39 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2011.11.12 16:32:56 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.11.12 16:32:55 | 000,138,056 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\PnkBstrK.sys
[2011.11.12 16:32:41 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.10.24 19:49:16 | 000,052,736 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.30 20:29:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.09.30 20:29:31 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.05 11:54:06 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.03.22 14:49:18 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.03.03 20:35:41 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.12.19 19:12:13 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.12.19 19:12:12 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.12.16 18:37:39 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.12.16 18:37:39 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.11.24 19:10:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.22 19:11:34 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.11.22 18:03:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.11.13 23:45:55 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2010.11.13 23:45:55 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.11.12 14:44:34 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.11.10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010.11.10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010.11.10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010.11.08 18:17:05 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2010.11.08 18:10:16 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.11.05 16:26:00 | 000,001,423 | ---- | C] () -- C:\Windows\System32\avscheck.exe.stackdump
[2010.11.05 15:52:39 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.11.05 15:52:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.08.26 03:19:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD36345D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6152D44C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:862BDB1A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66B13F37

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.07.2012 09:46:33 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Thomas\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 50,23% Memory free
6,21 Gb Paging File | 4,17 Gb Available in Paging File | 67,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 583,67 Gb Total Space | 120,54 Gb Free Space | 20,65% Space Free | Partition Type: NTFS
Drive D: | 12,50 Gb Total Space | 1,82 Gb Free Space | 14,55% Space Free | Partition Type: NTFS
Drive F: | 9,52 Gb Total Space | 9,52 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: TRIPLECORE | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SPEEDbitVideoConverter] -- "C:\Program Files\SPEEDbit Video Downloader\Converter.exe" -convert=%1 (SPEEDbit Ltd.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0517CB8C-0357-4334-BD10-C0879A44CC68}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0854EE40-77A6-4C74-A6B8-E56E6490EC41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{105BA90B-2242-4E55-B269-DDF1C0893C92}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{20A6BB1D-C4D4-413E-BC7B-4EE2A0D8FB91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{228CA233-1DCF-4FCF-9768-65CF3A208717}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3807E7B9-CDEA-4317-B785-37057A0D0046}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{434BE5B6-7A05-4E91-8562-6EF369FCB054}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7E991907-ACAF-4689-B0F5-89E37C67CBB2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{985DF907-8EC2-457B-A5BC-74421117FA64}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9A8D0AC8-A68B-4376-B879-47D89F29944C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9B07B608-8E1A-40DD-8087-3D4DB4002822}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A40C6F58-1CEE-461C-85C7-0FD61AE73B6D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B0280930-244A-4E9A-A3A9-2A401F2F2FA4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B41B1E97-9152-45A3-92E7-B44CB58E2844}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CC488A26-0628-4594-BDF1-BF42931F7168}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D6281EB1-9069-4019-8695-6C344A2A2A70}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E72B47FF-9BB5-464B-8F6B-E3B0FCB64937}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EC75888B-E53C-47B0-A9CE-EC74753DF361}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{FEC5A2C0-2517-4BCB-B3E9-A18E8FB9AEA6}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A3F598-4105-4E1F-99EC-D6F6975E73B4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{045BC31E-5F1C-4AE7-9A57-7A795D31FC52}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | 
"{0728BA71-E809-4C93-8718-63AF79A1FAD9}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{09481960-AB14-41E0-833C-BBB28F3646DE}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | 
"{0CCFB8E6-E90C-4A1B-9FAE-9A34C8B24A8A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{0DE838BB-27AB-4C09-8777-E941C1351BD9}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 free\arma2free.exe | 
"{0F16F81A-F788-45DE-BDE7-E954E6F2BCE8}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{144CDA72-39C6-4AA2-BD64-433FA68287B6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{1525D701-684E-40EB-9795-24D510147D41}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{15FA2C69-F223-48DB-986A-C02B4A955ED2}" = protocol=6 | dir=in | app=c:\program files\ubisoft\prince of persia\prince of persia.exe | 
"{162A138E-09AC-4BE5-A285-D38BDFCAD671}" = protocol=6 | dir=in | app=c:\program files\cyanide\game of thrones\binaries\win32\shippingpc-agotgame.exe | 
"{17806423-72B5-44F4-A29B-DC2F9A992EB9}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{178A5ABB-A3CE-40DA-B18F-B7DDA82183E5}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{17DE0BC2-62D0-49C8-98B6-99ACDA7C165D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{18AC57E8-93E1-467F-BE67-F86044938702}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 free\arma2free.exe | 
"{1A5D48C9-19ED-4A9C-BB8A-816BE455D10E}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | 
"{1D3927BA-A571-4102-8DFE-5D71A91AC97A}" = protocol=6 | dir=in | app=c:\program files\gaijin\wings of prey\launcher.exe | 
"{2127C39B-F0BB-45C8-9F84-30FB1F56D62B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{2528EB59-D2E5-4D99-8F1A-4F5CE409C9FB}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{2537AEBF-E687-48D8-A543-92CD94FE731A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2639B247-B2BC-49D3-88D6-3F84B94BE973}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\akamai\netsession_win.exe | 
"{29563E98-6656-4C40-9D15-C465922D42A8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\prince of persia\prince of persia.exe | 
"{2AF66E9A-3B68-4F58-9091-F74F4243F72B}" = protocol=17 | dir=in | app=c:\program files\gaijin\wings of prey\launcher.exe | 
"{2B9F0F86-E64E-42C9-B7DC-60DFCFFE0D51}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe | 
"{2D3FB702-E01A-4FC2-90A4-F6D592EEFF46}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D968C7A-8976-44D8-8AB0-1A09FFCC2F4A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\section 8 prejudice\s9.exe | 
"{2EC9BF47-7E56-44B9-929A-B7CFF7B74C4F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\nation red\nationred.exe | 
"{31C39ABB-D8A6-4DB7-A346-ADF9F89E80EC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\section 8 prejudice\s9.exe | 
"{34258629-F074-41B2-9FAC-51A263169FC7}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{35939746-0435-4812-B103-A133841097B1}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{378DC7B2-2A21-40EC-B653-9B420C508FEA}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | 
"{395C8760-3B6E-405F-8C43-4E8B311C92DA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\prince of persia\princeofpersia_launcher.exe | 
"{3ABFA257-FD95-4944-9121-B245068396BB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{3E8244DD-7800-47E4-8328-00A6606D4133}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{42237D9F-F32D-4ACC-9821-C4E914DC0892}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{4441A680-6E82-4359-BCFE-D9064A6596BB}" = protocol=17 | dir=in | app=c:\program files\gaijin\wings of prey\yuplay\yuplay.exe | 
"{47F79056-6787-45FD-B581-3ECA3C94694F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{49D4875B-9206-4DA7-A263-507E544D2260}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4DFF1A4D-D6AF-4816-8B5E-39B025091773}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe | 
"{4E203449-1CEA-42DB-80C1-C72D55277EAD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | 
"{56C603E6-0CCC-452D-9A24-5E146B7A5D04}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{57B0C8C4-49B7-4F09-B2F6-854E88E9FE5D}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\directdownloader\directdownloader.exe | 
"{596404BD-997B-46B6-ADA1-241658FFC0C3}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{59CD245E-3D61-40E1-8018-8EEB6C4E28B7}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{5AD5A3FE-1DCB-4CC9-B79C-7A93618B5D34}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{5E06B8FC-EC3C-4322-AEAE-78E85EBAA295}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{5EB8980A-5DE2-4C5A-BBF5-1D359E549B5C}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe | 
"{61B76272-158E-4BE0-A554-EB27A373E67C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3loader.exe | 
"{684CE7AA-DC62-4B6A-8ACC-5545990DAC80}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\directdownloader\directdownloader.exe | 
"{69C24112-F235-4120-A1D4-CF0E23E22E19}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{6DA0FCA9-7207-4465-AA19-B812E64D2B39}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{723398D5-9161-48C3-99DE-76E0109A9896}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{738EBC01-9E68-4D10-89E9-E538336DC3E5}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe | 
"{73E49447-DE8C-4D68-BFE7-77CFF174DB01}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{75887CFF-56C8-408B-A75A-9BB2CBD6A6B9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\nation red\nationred.exe | 
"{7749957A-D4D7-4668-B0DF-153CA14317A4}" = protocol=17 | dir=in | app=c:\program files\atari\aitd\alone.exe | 
"{780C7F3B-17A1-4021-B31F-35EF86729FC9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{79CA0D9F-F5EF-47FC-AC7F-2F1B9A5B7746}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{7A1F5256-9E39-4892-B42D-8A1F83D398E0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{7AC55E1F-0AC5-45BB-B8D7-35B8EBB6D6AF}" = protocol=17 | dir=in | app=c:\program files\gaijin\wings of prey\aces.exe | 
"{7EA484EA-72E3-4D64-AEFC-33971A45CC79}" = protocol=6 | dir=in | app=c:\program files\gaijin\wings of prey\aces.exe | 
"{8295C063-35E9-4756-8235-EE6A9DAE338C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | 
"{8376609C-AC1C-45D4-BD42-A4085245BB24}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{83E6BFE9-109F-4D32-852A-E2745A70999B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8743E951-9334-4431-BE87-015124FEB4EA}" = protocol=6 | dir=in | app=c:\program files\battlefield 3™\bf3.exe | 
"{886835F5-772B-4F25-86DB-9480A23B50BD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3loader.exe | 
"{8B3FE604-C4B4-46FD-A8CD-4D25A1A1F945}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{8E7E944F-1D4E-465D-BCC1-485D63FDB696}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | 
"{91BE7450-90F3-4048-937F-8C3CFEB54CF6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\prince of persia\princeofpersia_launcher.exe | 
"{92A7521C-BE9B-4BD7-BBBE-8D88B94E4A11}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{95E83FF9-16EA-402C-A82E-5AA02A3B3F52}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{96CA96F9-346C-4101-85CB-7D428D99673B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{96F36F17-E3B3-46CE-AEB1-03E9856D8257}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallen earth f2p\feupdater.exe | 
"{9D3B9FB9-5CBC-4A89-AAB6-2985EA92B662}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | 
"{9EA4CC61-20D2-4057-9A66-1C33D1487555}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{9FAFE4BA-9EA6-42FE-B115-57D94EAA3279}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{A69E1CCF-3324-4FF1-B89D-D6281A29AA7A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallen earth f2p\feupdater.exe | 
"{A773A1F1-576B-4DD9-884E-56B5054CAC9C}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{A8D145B2-3F20-4BFC-A63A-E50708FC1027}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\akamai\netsession_win.exe | 
"{ADA0F44A-3C0D-4998-83A3-658857FCD256}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{ADEBE86B-4A83-4A06-8B1F-B0B9A74C3C73}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{AFEAA39C-3530-46E6-A978-C078E52BD231}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{B042C774-942C-413D-BBEF-3691D32F16BB}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{B46B6114-99BC-40BE-BF7B-E15FD912A143}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{BA2F9C6F-BB72-468B-BDED-7DDE0FBA2689}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{BAE24641-DB1F-42E8-8B30-B9E92FAA72A9}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{BEE0C2B1-444C-4AC7-94E7-70ACF63EA771}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{BF828083-523F-4A66-8FCC-5608852A58B6}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{C0CBAB9B-6372-4E50-A4E6-77C7582888BA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{C1F4FB61-A642-4D0C-832C-90A3C1AC8B50}" = protocol=17 | dir=in | app=c:\program files\battlefield 3™\bf3.exe | 
"{C574DFFE-E307-44DD-9D0C-25C6E216B2B9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C76D166D-E330-413F-9B22-FB1EFB8D9119}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C9F301C3-7FC7-4C15-83BE-DBA36EDF5D27}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | 
"{CCE63A33-5A9B-43A2-846E-7B34A380DC9B}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{CE76BBCA-1EBD-4F63-84AD-957CE19CD039}" = protocol=17 | dir=in | app=c:\program files\cyanide\game of thrones\binaries\win32\shippingpc-agotgame.exe | 
"{CEEE6507-8047-4B05-8754-D0FB8C5CF419}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D38B7714-C5DC-45D2-9CA0-F180E1A7F607}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D5625998-5D00-4C06-A0F0-92E0695F0975}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{D92D2E76-B981-4E3C-B64D-DB57387F8E48}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{DCEA0037-0095-4D36-A722-FC1DD4ECC4FF}" = protocol=6 | dir=in | app=c:\program files\atari\aitd\alone.exe | 
"{DD815B79-1A2E-491F-87F3-77893D6E2E22}" = protocol=58 | dir=in | app=system | 
"{E21E485B-E5CE-411B-B2E8-6269D8F43D87}" = dir=in | app=c:\users\thomas\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{E2CBA599-A0A5-4A83-A7B2-E53695438838}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{E3653A21-D7F8-4346-8568-51401A3CD4CA}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{E37C7AF7-633C-4B9D-9CCE-ED61287EBB0F}" = protocol=6 | dir=in | app=c:\program files\gaijin\wings of prey\yuplay\yuplay.exe | 
"{E65A5D94-A3A4-4329-8A96-67901B916AED}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{E6F93257-E261-4132-B459-EBE1F6FE47C7}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{F8AD63DD-0724-4FA1-B6D9-615B7571E202}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{FEFD13EA-DCE7-48D1-A7EC-B89E031C9381}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{FF27F4CB-BFDD-4540-896F-2805F3A7131E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"TCP Query User{04891885-4386-4A23-A565-C709C4BAD2DC}C:\users\martin\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{0507A7A3-14E9-47E4-8AEA-545857A619BA}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{08232569-C1D8-4830-BB49-A06358230FD2}C:\users\tom0012\desktop\call of duty - world at war\codwawmp.exe" = protocol=6 | dir=in | app=c:\users\tom0012\desktop\call of duty - world at war\codwawmp.exe | 
"TCP Query User{17238A0E-F21A-4AB7-9120-FF6B7641F449}C:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwaw.exe | 
"TCP Query User{1DCADE3B-D4A6-47B9-9531-022065E2E37D}C:\program files\greedytorrent\gtor.exe" = protocol=6 | dir=in | app=c:\program files\greedytorrent\gtor.exe | 
"TCP Query User{2D4AFA55-3720-4F1C-A080-BF9F92D1A4DF}C:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | 
"TCP Query User{2E781E93-09D5-4D25-925C-3F9A493BFF2C}C:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | 
"TCP Query User{41EEA279-7F1F-4178-8909-3500CFB46363}C:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | 
"TCP Query User{4F393EDF-81E3-4018-992B-2E810DA1692A}C:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwawmp.exe" = protocol=6 | dir=in | app=c:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwawmp.exe | 
"TCP Query User{50608E14-95D4-4235-8F21-A22426F340F0}C:\program files\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=c:\program files\call of duty- modern warfare 3\iw5mp_server.exe | 
"TCP Query User{6D598505-EB04-4557-A4C7-6946F9BBC45A}C:\program files\steam\steamapps\tom0012\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\tom0012\team fortress 2\hl2.exe | 
"TCP Query User{898B25D1-B6F3-411F-8CDF-14402BADAE40}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{9F836961-FFBC-4103-9327-7F7FA65568CB}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"TCP Query User{AC4A097C-ED83-4B7A-B464-9162BDE659AF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{C3A4C04F-8A6E-4FC9-8EBF-D471F7165732}C:\program files\steam\steamapps\common\section 8 prejudice\binaries\win32\s9-win32-f.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\section 8 prejudice\binaries\win32\s9-win32-f.exe | 
"TCP Query User{C6C182E5-FF28-4E2C-887A-388074F4FBD7}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe | 
"TCP Query User{CDED9E2C-94A2-438F-A1F4-BAD29A477582}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | 
"TCP Query User{D081AC3F-272E-4C75-BA1F-01D564E182E6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{DA6C188A-29AE-4CB7-8316-DAE1D1D4E453}C:\program files\runes of magic\launcher.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\launcher.exe | 
"TCP Query User{ED547C06-F57C-48F1-90C1-B9DC92C7AE25}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{F9578273-FC65-440E-97E1-33261692198F}C:\users\tom0012\desktop\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\users\tom0012\desktop\call of duty - world at war\codwaw.exe | 
"UDP Query User{00A91455-629A-48DC-914A-807969AA2B0B}C:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | 
"UDP Query User{103139F5-0017-4C19-B8AA-148575D13A69}C:\users\tom0012\desktop\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\users\tom0012\desktop\call of duty - world at war\codwaw.exe | 
"UDP Query User{226C7231-8A99-445F-8380-A85804EB3A06}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | 
"UDP Query User{2E204C7C-A3C8-40EF-825E-C80B11E7981D}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"UDP Query User{3455CDF1-FDAE-436A-9B69-805AEF93BF2D}C:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | 
"UDP Query User{50AEFB94-8AAD-4519-ACC0-C2A5AA265265}C:\program files\steam\steamapps\tom0012\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\tom0012\team fortress 2\hl2.exe | 
"UDP Query User{63AF79E5-5BB3-44FB-A8EA-9E231F039195}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{6C8009A4-5FEC-4685-B9B0-E4E37AF9D244}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe | 
"UDP Query User{854CBBFA-CDD9-4A89-A061-4EC10D3F1045}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{8E4BA2CD-844C-4882-B50E-38A022A0C497}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{952F4E26-4A9B-4BAC-9B56-AA64AF3607F4}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{A4211F2A-98E5-42BE-BFB1-0A69B1AD570E}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{A6140DBC-D1E0-4CB4-AF26-5F0F54EE68D2}C:\program files\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=c:\program files\call of duty- modern warfare 3\iw5mp_server.exe | 
"UDP Query User{BCAE7795-BB88-4D05-A24C-F2F726B4D98F}C:\users\martin\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{CAD9468F-DD38-482E-ABC3-D4B1224E9FE2}C:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwaw.exe | 
"UDP Query User{D1186B42-E8C8-45D3-9874-1850B791ACE6}C:\users\tom0012\desktop\call of duty - world at war\codwawmp.exe" = protocol=17 | dir=in | app=c:\users\tom0012\desktop\call of duty - world at war\codwawmp.exe | 
"UDP Query User{D41D9E83-E608-4A31-8134-208F1A881EA5}C:\program files\greedytorrent\gtor.exe" = protocol=17 | dir=in | app=c:\program files\greedytorrent\gtor.exe | 
"UDP Query User{D53902FB-AFFA-4F75-80FC-30A3884A34CC}C:\program files\steam\steamapps\common\section 8 prejudice\binaries\win32\s9-win32-f.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\section 8 prejudice\binaries\win32\s9-win32-f.exe | 
"UDP Query User{DB848984-512A-4D75-926A-43490527ED67}C:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwawmp.exe" = protocol=17 | dir=in | app=c:\users\tom0012\desktop\eigene daten\games\call of duty - world at war\codwawmp.exe | 
"UDP Query User{DFC6C72B-B7DF-4829-A198-50228502AAF2}C:\program files\runes of magic\launcher.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\launcher.exe | 
"UDP Query User{F418974E-BAF0-44DA-8D88-04B7083F8756}C:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{13F59927-CFBE-44D1-8417-7203AD4F1795}" = Gothic 3
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = PC Performer Manager
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.32.0.80
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20F71B17-008C-43B4-8097-58FB62EA7AB8}" = Nero Kwik Media
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26EC9601-D617-02AE-ABE1-F68B8560C408}" = Catalyst Control Center InstallProxy
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A5FB407-4499-4514-BE05-A4BCADD87163}" = Gothic 2 Gold
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40CB0D72-3B19-9BFE-F1B9-896BC4022145}" = HydraVision
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51DC7E02-3EEE-D01E-60D1-103A0DA2C3BF}" = Catalyst Control Center Graphics Previews Common
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56AAE9D5-3D96-8D1D-C4C4-0290B21CE901}" = ccc-core-static
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59ADFE8C-AD8C-2B04-6940-2D417FBAD111}" = CCC Help English
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AF2E5BA0-759C-926D-6C3F-11A3751C286E}" = Catalyst Control Center Graphics Previews Vista
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2390904-74BD-48AA-B2CC-6612F8D46379}" = GameShadow
"{B338F364-B396-48DF-8E38-29840232CF3D}" = MAGIX Video deluxe 17 Plus Download-Version
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD56DFBF-110C-4CC2-910A-80C0759397AA}" = Gothic 
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C40FDA46-40CD-46EE-A79D-EA4AE56EA008}" = ACDSee for PENTAX 3.0
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C969744F-EB74-5868-719E-D4B1F3D0792F}" = ccc-utility
"{C9C550CB-2390-410E-883F-3BE147D64143}_is1" = ThuumicShouter version 1.3 Open Beta
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1FD3035-DD6F-4A17-BC30-784E97EFBC68}" = Gothic III - Forsaken Gods
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EE3A0915-E8E5-4F1C-A048-592B7BD374D7}" = MAGIX Video deluxe 17 Download-Version
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE)
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"AGOT_is1" = Game of Thrones Version 1.1.0.0
"Akamai" = Akamai NetSession Interface
"Alone In The Dark_is1" = Alone In The Dark
"appbario2 Toolbar" = appbario2 Toolbar
"ArmA 2" = ArmA 2 Free Uninstall
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"Avanquest_App'-Anwendungsleiste Toolbar" = Avanquest App'-Anwendungsleiste Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"Bengal Special" = Bengal Special
"Blue Byte Game Channel" = Blue Byte Game Channel
"BrowserCompanion" = BrowserCompanion
"CCleaner" = CCleaner
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Wiege Roms" = Die Wiege Roms
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Setup" = DivX-Setup
"DragonsDogma screensaver_is1" = DragonsDogma screensaver
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD-lab PRO 2.0_is1" = DVD-lab PRO 2.0
"facemoods" = Facemoods Toolbar
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"Free Audio Converter_is1" = Free Audio Converter version 2.2.19.602
"Free FLV Converter_is1" = Free FLV Converter V 6.93.0
"Free Image Convert and Resize_is1" = Free Image Convert and Resize version 2.1.14.1228
"Free Screen To Video_is1" = Free Screen To Video V 2.0
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.17.602
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.13.608
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.25.627
"GamesBar" = GamesBar 2.0.1.73
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"GreedyTorrent_is1" = GreedyTorrent v1.01 beta build 170
"Hamster Free Video Converter_is1" = HamsterFreeVideoConverter
"HomepageFIX 2012_is1" = HomepageFIX 2012
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"iMesh" = iMesh
"ImgBurn" = ImgBurn
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LogMeIn Hamachi" = LogMeIn Hamachi
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NASA World Wind 1.4" = NASA World Wind 1.4
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OpenAL" = OpenAL
"Origin" = Origin
"PC-Doctor for Windows" = Hardware Diagnose Tools
"PhotoPad" = PhotoPad Image Editor
"PhotoStage" = PhotoStage Slideshow Producer
"Picasa 3" = Picasa 3
"Power Sound Editor Free" = Power Sound Editor Free
"PunkBusterSvc" = PunkBuster Services
"S3" = Die Siedler III Gold Edition
"SearchAnonymizer" = SearchAnonymizer
"Searchqu 417 MediaBar" = Windows Searchqu Toolbar
"Sonnensystem3D" = Sonnensystem 3D
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Steam App 105600" = Terraria
"Steam App 113420" = Fallen Earth
"Steam App 1250" = Killing Floor
"Steam App 13140" = America's Army 3
"Steam App 17020" = Global Agenda
"Steam App 220" = Half-Life 2
"Steam App 39800" = Nation Red
"Steam App 400" = Portal
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 97100" = Section 8: Prejudice
"Swords and Sandals 2" = Swords and Sandals 2 2.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Walking Dead (c) 3_is1" = The Walking Dead (c) 3 version 1
"TUGZip_is1" = TUGZip 3.5
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"Weg von der Insel" = Weg von der Insel
"WildTangent hp Master Uninstall" = My HP Games
"Wincore MediaBar" = Wincore MediaBar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1 beta
"WinRAR archiver" = WinRAR archiver
"WolfTeam-DE" = WolfTeam-DE
"Xilisoft DVD Creator" = Xilisoft DVD Creator
"YouTube Converter Pro_is1" = YouTube Converter Pro
"yuPlay клиент_is1" = yuPlay client 0.7.17
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"1939085897.www.pcspeedup.com" = PCSpeedUp
"Akamai" = Akamai NetSession Interface
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.04.2012 14:21:14 | Computer Name = TripleCore | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RunDLL32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0277a8ed,  Prozess-ID 0x950, Anwendungsstartzeit
 01cd1b348a73147e.
 
Error - 16.04.2012 12:17:26 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.04.2012 15:20:43 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.04.2012 11:53:29 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.04.2012 07:22:09 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.04.2012 12:48:27 | Computer Name = TripleCore | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: db4  Anfangszeit: 01cd1e4aa709af87  Zeitpunkt der Beendigung:
 15
 
Error - 19.04.2012 14:00:44 | Computer Name = TripleCore | Source = VSS | ID = 8194
Description = 
 
Error - 19.04.2012 14:01:10 | Computer Name = TripleCore | Source = System Restore | ID = 8193
Description = 
 
Error - 19.04.2012 16:39:43 | Computer Name = TripleCore | Source = EventSystem | ID = 4621
Description = 
 
Error - 20.04.2012 10:05:46 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.04.2012 11:11:59 | Computer Name = TripleCore | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x02d0a8ed,  Prozess-ID 0x3d8, Anwendungsstartzeit
 01cd1f07e5978700.
 
Error - 21.04.2012 07:09:57 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2012 04:37:24 | Computer Name = TripleCore | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 27.07.2012 07:21:28 | Computer Name = TripleCore | Source = HTTP | ID = 15016
Description = 
 
Error - 27.07.2012 07:23:06 | Computer Name = TripleCore | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.07.2012 02:41:11 | Computer Name = TripleCore | Source = HTTP | ID = 15016
Description = 
 
Error - 28.07.2012 02:42:44 | Computer Name = TripleCore | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.07.2012 05:12:04 | Computer Name = TripleCore | Source = HTTP | ID = 15016
Description = 
 
Error - 28.07.2012 05:13:43 | Computer Name = TripleCore | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.07.2012 03:21:01 | Computer Name = TripleCore | Source = HTTP | ID = 15016
Description = 
 
Error - 29.07.2012 03:22:36 | Computer Name = TripleCore | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.07.2012 05:30:37 | Computer Name = TripleCore | Source = HTTP | ID = 15016
Description = 
 
Error - 29.07.2012 05:32:15 | Computer Name = TripleCore | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 30.07.2012, 11:20   #4
t'john
/// Helfer-Team
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
MOD - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll () 
SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe (bProtector) 
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll () 
SRV - (SearchAnonymizer) -- C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found 
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&barid={FE85AB08-8ECE-11E1-B160-002354600696} 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.) 
IE - HKLM\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{1F236687-06CF-46A3-881B-279C43777065}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at 
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1175&systemid=1&sr=0&q={searchTerms} 
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} 
IE - HKLM\..\SearchScopes\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975 
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={FE85AB08-8ECE-11E1-B160-002354600696} 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227975 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227975 
IE - HKCU\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.) 
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} 
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} 
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D6464726E7726733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F7765622F7B7365617263685465726D737D3F6261627372633D53505F73732661666649443D313031323431266D6E747249643D3930356330366431303030303030303030303030303032373139626231343364&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0 
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F637573746F6D2F6A6176612F72656469726563743F636C69656E743D69652674623D4F524A266F3D313030303030303236267372633D63726D26713D7B7365617263685465726D737D266C6F63616C653D2661706E5F70746E72733D55332661706E5F647469643D4F534A303030&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0 
IE - HKCU\..\SearchScopes\{1F236687-06CF-46A3-881B-279C43777065}: "URL" = http://slirsredirect.search.aol.com.anonymize-me.de/?anonymto=687474703A2F2F736C69727372656469726563742E7365617263682E616F6C2E636F6D2F736C6972735F687474702F7372656469723F7372656469723D313133342671756572793D7B7365617263685465726D737D26696E766F636174696F6E547970653D746235306870636E64746965372D64652D6174&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0 
IE - HKCU\..\SearchScopes\{6C31A4D3-AC62-41BA-AFA4-5D8A1B0911EE}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://search.speedbit.com/search.aspx?aff=svd_0&q={searchTerms} 
IE - HKCU\..\SearchScopes\{8740438D-339F-4A0B-8A34-7F3D76FF566F}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1175&systemid=1&sr=0&q={searchTerms} 
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} 
IE - HKCU\..\SearchScopes\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}: "URL" = http://de.kelkoopartners.net.anonymize-me.de/?anonymto=687474703A2F2F64652E6B656C6B6F6F706172746E6572732E6E65742F63746C2F646F2F7365617263683F7369746553656172636851756572793D7B7365617263685465726D737D2666726F6D666F726D3D7472756526783D7472756526793D7472756526706172746E65723D687026706172746E657249643D3936393133393333&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975 
IE - HKCU\..\SearchScopes\{BEB9F905-3B7C-4970-8259-FE12D987E3B0}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{C4EC27A4-1138-4D3F-8A55-63010655BC79}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{CB9448A5-7300-43B2-9BEE-4E772157F03E}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{DF349B01-6A03-4545-B880-C7EDE8C42DFF}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D36266372673D332E3130313030303026713D7B7365617263685465726D737D2662617269643D7B46453835414230382D384543452D313145312D423136302D3030323335343630303639367D&st={searchTerms}&clid=50ab3f54-525a-4f6d-996a-d1058c4beef9&pid=nc&k=0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421; 
FF - prefs.js..browser.search.defaultenginename: "appbario2 Customized Web Search" 
FF - prefs.js..browser.search.defaultthis.engineName: "appbario2 Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "appbario2 Customized Web Search" 
FF - prefs.js..browser.search.selectedEngine: "appbario2 Customized Web Search" 
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3227975&SearchSource=13" 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=2&q=" 
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Speedbit Search" 
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.speedbit.com/search.aspx?aff=svd_0&q=" 
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Speedbit Search" 
FF - prefs.js..browser.startup.homepage: "http://search.speedbit.com/?aff=svd_0" 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de [2012.04.25 17:56:21 | 000,000,000 | ---D | M] 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net [2012.04.25 18:27:26 | 000,000,000 | ---D | M] 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension [2012.07.13 22:31:38 | 000,000,000 | ---D | M] 
[2012.07.17 10:59:09 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} 
[2012.07.07 10:24:14 | 000,000,000 | ---D | M] (www.Freeware-download.com Community Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40) 
[2012.05.17 17:09:26 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} 
[2012.06.26 13:51:55 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} 
[2011.11.03 21:16:21 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} 
[2012.03.31 20:45:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} 
[2012.07.13 22:32:18 | 000,000,000 | ---D | M] (appbario2 Community Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5} 
[2012.06.15 16:21:22 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldheroespatcher@ea.com 
[2012.07.02 14:47:30 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldplay4free@ea.com 
[2012.01.23 19:21:35 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com 
[2012.01.23 21:42:27 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com 
[2011.11.06 21:33:38 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@Facemoods.com 
[2012.04.25 18:27:26 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net 
[2012.04.25 17:56:21 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de 
CHR - homepage: http://search.conduit.com/?ctid=CT3227975&SearchSource=48 
CHR - homepage: http://www.searchqu.com/417 
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\ 
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_1\ 
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\ 
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ 
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\ 
CHR - Extension: No name found = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ 
O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\BrowserCompanion\jsloader.dll ( ) 
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) 
O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.) 
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll File not found 
O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\BrowserCompanion\updatebhoWin32.dll ( ) 
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () 
O2 - BHO: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.) 
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found 
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () 
O3 - HKLM\..\Toolbar: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Programme\appbario2\prxtbappb.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found 
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll File not found 
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No CLSID value found. 
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I File not found 
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () 
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) 
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) 
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) 
O4 - HKCU..\Run: [AdobeBridge] File not found 
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found 
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll () 
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll () 
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll () 
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll () 
F3 - HKCU WinNT: Load - (C:\Users\Thomas\LOCALS~1\Temp\mswsazk.com) - File not found 
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found 
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) 
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) 
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) 
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\22463~1.83\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll () 
O24 - Desktop WallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg 
O24 - Desktop BackupWallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2008.09.05 17:49:56 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{84627128-ffb8-11e0-a101-002354600696}\Shell - "" = AutoRun 
O33 - MountPoints2\{84627128-ffb8-11e0-a101-002354600696}\Shell\AutoRun\command - "" = G:\FalloutLauncher.exe 
O33 - MountPoints2\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\Shell - "" = AutoRun 
O33 - MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\Shell\AutoRun\command - "" = L:\SETUP.EXE 

[2012.07.13 22:32:02 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe 
[2012.07.13 22:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows 
[2012.07.22 21:06:03 | 000,000,051 | ---- | M] () -- C:\ProgramData\jeycukwaohhrwlf 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD36345D 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6152D44C 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:862BDB1A 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66B13F37 

[2012.07.13 22:32:21 | 000,000,009 | ---- | M] () -- C:\END 
[2012.04.25 17:56:17 | 000,002,618 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\askcomsearch.xml 
[2012.04.25 17:56:17 | 000,001,163 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\bProtect.xml 
[2012.04.25 17:56:18 | 000,004,356 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\sweetim.xml 
[2012.04.25 17:56:18 | 000,002,069 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{0414432B-22A6-4EC0-8398-2ACA5886E763}.xml 
[2012.04.25 17:56:18 | 000,002,180 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{41480EEB-54A9-42F1-BC08-E17B83926824}.xml 
[2012.04.25 17:56:18 | 000,001,862 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{F74C3F82-3EC4-4400-98B3-19E7459655C5}.xml 
[2012.04.25 17:56:17 | 000,002,395 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml 
[2012.04.25 17:56:17 | 000,001,617 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml 
[2012.04.25 17:56:19 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll 
[2012.04.25 17:57:16 | 000,001,086 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{D4B855DD-57D6-4559-919E-69017E7B0909}.xml 
[2012.07.08 13:55:38 | 000,000,921 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\conduit.xml 
[2012.04.25 20:18:50 | 000,002,538 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\speedbit.xml 
[2012.06.17 17:04:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.06.17 17:04:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml 
[2012.06.17 17:04:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml 
[2012.06.17 17:04:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.06.17 17:04:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.06.17 17:04:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml 
 

[2012.07.13 22:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\PC Performer 
[2012.07.13 22:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\appbario2 
[2012.07.13 22:31:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins 
[2012.07.13 22:31:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\bProtectorForWindows 


[2012.07.30 09:59:11 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.30 09:47:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1001UA.job 
[2012.07.30 09:47:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1001Core.job 
[2012.07.30 09:33:43 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Thomas.job 
[2012.07.30 09:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.30 08:26:01 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1004UA.job 
[2012.07.29 23:26:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1004Core.job 
[2012.07.29 19:59:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.07.2012, 15:48   #5
Thomas97
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus



All processes killed

========== OTL ==========
Service bProtector stopped successfully!
Service bProtector deleted successfully!
C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe moved successfully.
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files\common files\akamai/netsession_win_4f7fccd.dll moved successfully.
Service SearchAnonymizer stopped successfully!
Service SearchAnonymizer deleted successfully!
C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe moved successfully.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
Service IntcAzAudAddService stopped successfully!
Service IntcAzAudAddService deleted successfully!
File system32\drivers\RTKVHDA.sys File not found not found.
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File C:\Windows\system32\drivers\EagleNT.sys File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\ deleted successfully.
C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cdf97ee2-ded0-4369-835e-99dd08225fa5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\ deleted successfully.
C:\Programme\appbario2\prxtbappb.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F236687-06CF-46A3-881B-279C43777065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F236687-06CF-46A3-881B-279C43777065}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cdf97ee2-ded0-4369-835e-99dd08225fa5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\ not found.
File C:\Programme\appbario2\prxtbappb.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F236687-06CF-46A3-881B-279C43777065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F236687-06CF-46A3-881B-279C43777065}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6C31A4D3-AC62-41BA-AFA4-5D8A1B0911EE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C31A4D3-AC62-41BA-AFA4-5D8A1B0911EE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8740438D-339F-4A0B-8A34-7F3D76FF566F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8740438D-339F-4A0B-8A34-7F3D76FF566F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9756F9-370F-425A-AD0E-6C69E519F6E5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BEB9F905-3B7C-4970-8259-FE12D987E3B0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB9F905-3B7C-4970-8259-FE12D987E3B0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4EC27A4-1138-4D3F-8A55-63010655BC79}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4EC27A4-1138-4D3F-8A55-63010655BC79}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB9448A5-7300-43B2-9BEE-4E772157F03E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB9448A5-7300-43B2-9BEE-4E772157F03E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DF349B01-6A03-4545-B880-C7EDE8C42DFF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF349B01-6A03-4545-B880-C7EDE8C42DFF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "appbario2 Customized Web Search" removed from browser.search.defaultenginename
Prefs.js: "appbario2 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "appbario2 Customized Web Search" removed from browser.search.order.1
Prefs.js: "appbario2 Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=2&q=" removed from keyword.URL
Prefs.js: "Speedbit Search" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "hxxp://search.speedbit.com/search.aspx?aff=svd_0&q=" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "Speedbit Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "hxxp://search.speedbit.com/?aff=svd_0" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\ deleted successfully.
C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll moved successfully.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension not found.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\searchplugin folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\Plugins folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\modules folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\META-INF folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\defaults folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\components folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\chrome folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)\searchplugin folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)\modules folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)\META-INF folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)\defaults folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)\components folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40)\chrome folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}(40) folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\searchbar folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\options folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\modules folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\data\search folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\data folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local\modules folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults\preferences folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\components folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\searchplugin folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\Plugins folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\modules folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\META-INF folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\defaults folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\components folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\chrome folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5} folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldheroespatcher@ea.com\plugins folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldheroespatcher@ea.com\META-INF folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldheroespatcher@ea.com folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldplay4free@ea.com\plugins folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldplay4free@ea.com\META-INF folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\battlefieldplay4free@ea.com folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com\components folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com\chrome\content\cache folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com\chrome\content folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com\chrome folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\bbrs_002@blabbers.com folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net\defaults\preferences folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net\defaults folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net\chrome\skin folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net\chrome\content\lists folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net\chrome\content folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net\chrome folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\firejump@firejump.net folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de\chrome\content\skin folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de\chrome\content folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de\chrome folder moved successfully.
C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\7hm8a812.default\extensions\mail@shopping-preise.de folder moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\cache folder moved successfully.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0 folder moved successfully.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_1\cache folder moved successfully.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_1 folder moved successfully.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\res folder moved successfully.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\lib folder moved successfully.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\js folder moved successfully.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0 folder moved successfully.
File C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of not found.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0 folder moved successfully.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\res folder moved successfully.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\js folder moved successfully.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0 folder moved successfully.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ deleted successfully.
C:\Programme\BrowserCompanion\jsloader.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\ not found.
File C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}\ deleted successfully.
C:\Programme\BrowserCompanion\updatebhoWin32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\ not found.
File C:\Programme\appbario2\prxtbappb.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}\ not found.
File Anwendungsleiste\prxtbAvan.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cdf97ee2-ded0-4369-835e-99dd08225fa5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\ not found.
File C:\Programme\appbario2\prxtbappb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Browser companion helper deleted successfully.
C:\Programme\BrowserCompanion\BCHelper.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KBD deleted successfully.
C:\hp\KBD\KbdStub.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
C:\WINDOWS\System32\NeroCheck.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ocs_SM deleted successfully.
C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Programme\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LightScribe Control Panel deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll deleted successfully.
C:\Programme\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll deleted successfully.
C:\Programme\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll deleted successfully.
C:\Programme\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll deleted successfully.
C:\Programme\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Thomas\LOCALS~1\Temp\mswsazk.com deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4c3a-B38E-9654A7003239}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A93C934-025B-4c3a-B38E-9654A7003239}\ not found.
C:\Programme\BrowserCompanion\tdataprotocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\base64\ deleted successfully.
Invalid CLSID key: C:\Programme\BrowserCompanion\tdataprotocol.dll
File C:\Programme\BrowserCompanion\tdataprotocol.dll not found.
File C:\Programme\BrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\chrome\ deleted successfully.
File C:\Programme\BrowserCompanion\tdataprotocol.dll not found.
File C:\Programme\BrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\prox\ deleted successfully.
File C:\Programme\BrowserCompanion\tdataprotocol.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\bprote~1\22463~1.83\protec~1.dll deleted successfully.
File move failed. c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\WallPaper deleted successfully.
C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\BackupWallPaper deleted successfully.
File C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84627128-ffb8-11e0-a101-002354600696}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84627128-ffb8-11e0-a101-002354600696}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84627128-ffb8-11e0-a101-002354600696}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84627128-ffb8-11e0-a101-002354600696}\ not found.
File G:\FalloutLauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{962eb7eb-e789-11df-bc9f-806e6f6e6963}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c40c6126-0dd8-11e1-9ee0-002354600696}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c40c6126-0dd8-11e1-9ee0-002354600696}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c40c6126-0dd8-11e1-9ee0-002354600696}\ not found.
File L:\SETUP.EXE not found.
C:\WINDOWS\System32\roboot.exe moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\traking_settings folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\searchplugins folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension\content folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension\components folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\crashReports folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtectorForWindows\2.2.463.83 folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtectorForWindows folder moved successfully.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.463.83 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot.
C:\ProgramData\jeycukwaohhrwlf moved successfully.
ADS C:\ProgramData\TEMP:BD36345D deleted successfully.
ADS C:\ProgramData\TEMP:6152D44C deleted successfully.
ADS C:\ProgramData\TEMP:862BDB1A deleted successfully.
ADS C:\ProgramData\TEMP:66B13F37 deleted successfully.
C:\END moved successfully.
C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\askcomsearch.xml moved successfully.
C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\bProtect.xml moved successfully.
C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\sweetim.xml moved successfully.
C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{0414432B-22A6-4EC0-8398-2ACA5886E763}.xml moved successfully.
C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{41480EEB-54A9-42F1-BC08-E17B83926824}.xml moved successfully.
C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{F74C3F82-3EC4-4400-98B3-19E7459655C5}.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
C:\WINDOWS\System32\sqlite36_engine.dll moved successfully.
C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\{D4B855DD-57D6-4559-919E-69017E7B0909}.xml moved successfully.
C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\conduit.xml moved successfully.
C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\speedbit.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Program Files\PC Performer\searchplugins folder moved successfully.
C:\Program Files\PC Performer\bProtectorForWindows\2.2.463.83 folder moved successfully.
C:\Program Files\PC Performer\bProtectorForWindows folder moved successfully.
C:\Program Files\PC Performer folder moved successfully.
C:\Program Files\appbario2\searchplugins folder moved successfully.
C:\Program Files\appbario2\bProtectorForWindows\2.2.463.83 folder moved successfully.
C:\Program Files\appbario2\bProtectorForWindows folder moved successfully.
C:\Program Files\appbario2 folder moved successfully.
C:\Windows\System32\searchplugins folder moved successfully.
C:\Windows\System32\bProtectorForWindows\2.2.463.83 folder moved successfully.
C:\Windows\System32\bProtectorForWindows folder moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1001UA.job moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1001Core.job moved successfully.
C:\WINDOWS\Tasks\Norton Security Scan for Thomas.job moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1004UA.job moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2149149403-927846059-3199926685-1004Core.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Thomas\Desktop\cmd.bat deleted successfully.
C:\Users\Thomas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Josef
->Temp folder emptied: 4769856 bytes
->Temporary Internet Files folder emptied: 13208499 bytes
->Java cache emptied: 125246 bytes
->FireFox cache emptied: 575703233 bytes
->Flash cache emptied: 20837 bytes

User: Martin
->Temp folder emptied: 271235254 bytes
->Temporary Internet Files folder emptied: 148278813 bytes
->Java cache emptied: 37215614 bytes
->FireFox cache emptied: 1241038783 bytes
->Google Chrome cache emptied: 356321213 bytes
->Flash cache emptied: 239203 bytes

User: Public

User: Thomas
->Temp folder emptied: 1985937017 bytes
->Temporary Internet Files folder emptied: 33307376 bytes
->Java cache emptied: 19671997 bytes
->FireFox cache emptied: 117819890 bytes
->Google Chrome cache emptied: 332144973 bytes
->Flash cache emptied: 350318 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 149345276 bytes
RecycleBin emptied: 77236 bytes

Total Files Cleaned = 5.042,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Josef
->Flash cache emptied: 0 bytes

User: Martin
->Flash cache emptied: 0 bytes

User: Public

User: Thomas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07302012_134946

Files\Folders moved on Reboot...
File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
File move failed. c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll scheduled to be moved on reboot.
C:\ProgramData\bProtectorForWindows\2.2.463.83\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.463.83 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.463.83 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot.
File\Folder C:\Windows\temp\logishrd\LVPrcInj0a.dll not found!

PendingFileRenameOperations files...
[2011.05.27 08:24:06 | 000,061,888 | ---- | M] (Adobe Systems Incorporated) C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll : MD5=48345BD51975E9883DD2DA45D7D1B294
[2012.07.13 22:31:37 | 002,008,096 | ---- | M] () c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll : Unable to obtain MD5
File C:\ProgramData\bProtectorForWindows\2.2.463.83 not found!
File C:\ProgramData\bProtectorForWindows not found!
File C:\Windows\temp\logishrd\LVPrcInj0a.dll not found!

Registry entries deleted on Reboot...


Alt 30.07.2012, 15:54   #6
t'john
/// Helfer-Team
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> bProtector for Windows Virus

Alt 30.07.2012, 19:30   #7
Thomas97
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus



der Rechner läuft schon viel besser, der Prozess hat ja 1-2 CPU gebraucht

Die Log Datei von Malwarebytes, was soll ich mit den infizierten Daten machen kann ich die ohne bedenken löschen?

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.30.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Thomas :: TRIPLECORE [Administrator]

30.07.2012 17:36:42
mbam-log-2012-07-30 (20-25-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 583276
Laufzeit: 2 Stunde(n), 40 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 37
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Interface\{3718D0AF-A3B8-4F5E-86F3-FAD8D02043BE} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 6
C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22 (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\bh (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\bProtectorForWindows (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\bProtectorForWindows\2.2.463.83 (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\searchplugins (PUP.Funmoods) -> Keine Aktion durchgeführt.

Infizierte Dateien: 24
C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files\Uninstall Information\ib_uninst_515\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Users\Thomas\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Thomas\Downloads\SoftonicDownloader_fuer_free-screen-to-video.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Thomas\Downloads\SoftonicDownloader_fuer_nasa-world-wind.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\07302012_134946\C_Programme\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Thomas\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\escortShld.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\1.5.23.22\FavIcon.ico (PUP.Funmoods) -> Keine Aktion durchgeführt.

(Ende)



Und die Log von AdwCleaner

# AdwCleaner v1.703 - Logfile created 07/30/2012 at 20:36:12
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Thomas - TRIPLECORE
# Running from : C:\Users\Thomas\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg
Folder Found : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Found : C:\Users\Thomas\AppData\Local\Babylon
Folder Found : C:\Users\Thomas\AppData\Local\Conduit
Folder Found : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Found : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg
Folder Found : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Found : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}
Folder Found : C:\Users\Martin\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Martin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Martin\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Martin\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Martin\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Josef\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Josef\AppData\LocalLow\Conduit
Folder Found : C:\Users\Josef\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Josef\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Josef\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Josef\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Thomas\AppData\LocalLow\Avanquest_App'-Anwendungsleiste
Folder Found : C:\Users\Thomas\AppData\LocalLow\bbrs_002.tb
Folder Found : C:\Users\Thomas\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Thomas\AppData\LocalLow\Conduit
Folder Found : C:\Users\Thomas\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Thomas\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Thomas\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Thomas\AppData\Roaming\Babylon
Folder Found : C:\Users\Thomas\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\Searchqutoolbar
Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Found : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\Searchqutoolbar
Folder Found : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Folder Found : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Folder Found : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\ConduitCommon
Folder Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\Searchqutoolbar
Folder Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@funmoods.com
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\IBUpdaterService
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\Program Files\Avanquest_App'-Anwendungsleiste
Folder Found : C:\Program Files\BrowserCompanion
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Funmoods
Folder Found : C:\Program Files\SweetIM
Folder Found : C:\Program Files\Windows Searchqu Toolbar
Folder Found : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Found : C:\Windows\Installer\{5B58EF61-85F2-4977-97A5-84C19F926579}
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Found : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
File Found : C:\Users\Thomas\AppData\Local\funmoods.crx
File Found : C:\Users\Thomas\AppData\Local\funmoods-speeddial.crx
File Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\SearchResults.xml
File Found : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\Search_Results.xml
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2325506[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2529008[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227975
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\bProtector
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\facemoods.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\Avanquest_App'-Anwendungsleiste
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BrowserCompanion
Key Found : HKLM\SOFTWARE\Canneverbe Limited\OpenCandy
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Found : HKLM\SOFTWARE\Classes\f
Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\facemoods.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B58EF61-85F2-4977-97A5-84C19F926579}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avanquest App'-Anwendungsleiste Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avanquest_App'-Anwendungsleiste Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Key Found : HKLM\SOFTWARE\SearchquMediabarTb
Key Found : HKLM\SOFTWARE\SweetIM
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2E449EBA-CCDD-4117-866D-D27ABA3B2490}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2D817A1-029F-4C67-BEEA-AC51C6800B2D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E449EBA-CCDD-4117-866D-D27ABA3B2490}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDyEtA0DtDtCtCtDyC0DtCtN0D0Tzu0CtBtCtCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=346159204

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\prefs.js

Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=1175&systemid=1&sr=0&q=");

Profile name : default
File : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "appbario2 Customized Web Search");
Found : user_pref("browser.search.order.1", "appbario2 Customized Web Search");
Found : user_pref("browser.search.selectedEngine", "appbario2 Customized Web Search");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=2&q=[...]
Found : user_pref("somoto.dnscatch", "hxxp://www.bigseekpro.com/search/toolbar/bigseekpro/{69724877-A711-B82[...]
Found : user_pref("somoto.homepage", "hxxp://www.bigseekpro.com/bigseekpro/{69724877-A711-B821-0824-4A8AC5EE[...]
Found : user_pref("speedbitvideodownloader.bubble_src", "hxxp%3A//www.bigseekpro.com/widget/0f083e05edf0c73b[...]

Profile name : default
File : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\prefs.js

Found : user_pref("CT2325506..clientLogIsEnabled", false);
Found : user_pref("CT2325506..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2325506..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2325506.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2325506.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2325506.BrowserCompStateIsOpen_129665092953814947", true);
Found : user_pref("CT2325506.BrowserCompStateIsOpen_129665093155197448", true);
Found : user_pref("CT2325506.CT2325506", "CT2325506");
Found : user_pref("CT2325506.CurrentServerDate", "5-7-2012");
Found : user_pref("CT2325506.DSInstall", true);
Found : user_pref("CT2325506.DialogsAlignMode", "LTR");
Found : user_pref("CT2325506.DialogsGetterLastCheckTime", "Fri Jul 06 2012 21:09:19 GMT+0200");
Found : user_pref("CT2325506.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Found : user_pref("CT2325506.EMailNotifierPollDate", "Sat Jan 14 2012 14:12:28 GMT+0100");
Found : user_pref("CT2325506.FirstServerDate", "14-1-2012");
Found : user_pref("CT2325506.FirstTime", true);
Found : user_pref("CT2325506.FirstTimeFF3", true);
Found : user_pref("CT2325506.FixPageNotFoundErrors", true);
Found : user_pref("CT2325506.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2325506.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2325506.HPInstall", true);
Found : user_pref("CT2325506.HasUserGlobalKeys", true);
Found : user_pref("CT2325506.HomePageProtectorEnabled", true);
Found : user_pref("CT2325506.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2325506&SearchSource=[...]
Found : user_pref("CT2325506.Initialize", true);
Found : user_pref("CT2325506.InitializeCommonPrefs", true);
Found : user_pref("CT2325506.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2325506.InstallationType", "DirectDownload");
Found : user_pref("CT2325506.InstalledDate", "Sat Jan 14 2012 13:57:17 GMT+0100");
Found : user_pref("CT2325506.InvalidateCache", false);
Found : user_pref("CT2325506.IsGrouping", false);
Found : user_pref("CT2325506.IsInitSetupIni", true);
Found : user_pref("CT2325506.IsMulticommunity", false);
Found : user_pref("CT2325506.IsOpenThankYouPage", true);
Found : user_pref("CT2325506.IsOpenUninstallPage", true);
Found : user_pref("CT2325506.IsProtectorsInit", true);
Found : user_pref("CT2325506.LanguagePackLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200");
Found : user_pref("CT2325506.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2325506.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2325506.LastLogin_3.12.2.3", "Sun May 20 2012 20:35:53 GMT+0200");
Found : user_pref("CT2325506.LastLogin_3.13.0.6", "Fri Jul 06 2012 21:09:19 GMT+0200");
Found : user_pref("CT2325506.LastLogin_3.9.0.3", "Sat Jan 14 2012 13:57:28 GMT+0100");
Found : user_pref("CT2325506.LatestVersion", "3.13.0.6");
Found : user_pref("CT2325506.Locale", "de");
Found : user_pref("CT2325506.MCDetectTooltipHeight", "83");
Found : user_pref("CT2325506.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2325506.MCDetectTooltipWidth", "295");
Found : user_pref("CT2325506.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2325506.OriginalFirstVersion", "3.9.0.3");
Found : user_pref("CT2325506.RadioIsPodcast", false);
Found : user_pref("CT2325506.RadioLastCheckTime", "Sat Jan 14 2012 13:57:17 GMT+0100");
Found : user_pref("CT2325506.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2325506.RadioLastUpdateServer", "3");
Found : user_pref("CT2325506.RadioMediaID", "9962");
Found : user_pref("CT2325506.RadioMediaType", "Media Player");
Found : user_pref("CT2325506.RadioMenuSelectedID", "EBRadioMenu_CT23255069962");
Found : user_pref("CT2325506.RadioShrinkedFromSetup", false);
Found : user_pref("CT2325506.RadioStationName", "California%20Rock");
Found : user_pref("CT2325506.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT2325506.SavedHomepage", "hxxp://search.speedbit.com/?aff=svd_0");
Found : user_pref("CT2325506.SearchCaption", "www.Freeware-download.com Customized Web Search");
Found : user_pref("CT2325506.SearchEngineBeforeUnload", "www.Freeware-download.com Customized Web Search");
Found : user_pref("CT2325506.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2325506.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT232[...]
Found : user_pref("CT2325506.SearchInNewTabEnabled", true);
Found : user_pref("CT2325506.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2325506.SearchInNewTabLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200");
Found : user_pref("CT2325506.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2325506.SearchProtectorEnabled", true);
Found : user_pref("CT2325506.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2325506.SendProtectorDataViaLogin", true);
Found : user_pref("CT2325506.ServiceMapLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200");
Found : user_pref("CT2325506.SettingsLastCheckTime", "Fri Jul 06 2012 21:09:19 GMT+0200");
Found : user_pref("CT2325506.SettingsLastUpdate", "1337169810");
Found : user_pref("CT2325506.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2325506&SearchSource=13");
Found : user_pref("CT2325506.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2325506.ThirdPartyComponentsLastCheck", "Sat Jan 14 2012 13:57:13 GMT+0100");
Found : user_pref("CT2325506.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2325506.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2325506.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2325506");
Found : user_pref("CT2325506.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2325506.UserID", "UN89571293570935501");
Found : user_pref("CT2325506.WeatherNetwork", "");
Found : user_pref("CT2325506.WeatherPollDate", "Sat Jan 14 2012 13:57:28 GMT+0100");
Found : user_pref("CT2325506.WeatherUnit", "C");
Found : user_pref("CT2325506.alertChannelId", "721521");
Found : user_pref("CT2325506.backendstorage.appbuttondisablenull", "30");
Found : user_pref("CT2325506.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Found : user_pref("CT2325506.components.1000234", true);
Found : user_pref("CT2325506.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2325506.globalFirstTimeInfoLastCheckTime", "Sat Jan 14 2012 13:57:14 GMT+0100");
Found : user_pref("CT2325506.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2325506.initDone", true);
Found : user_pref("CT2325506.isAppTrackingManagerOn", true);
Found : user_pref("CT2325506.isFirstRadioInstallation", false);
Found : user_pref("CT2325506.myStuffEnabled", true);
Found : user_pref("CT2325506.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2325506.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2325506.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2325506.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2325506.revertSettingsEnabled", true);
Found : user_pref("CT2325506.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2325506.searchProtectorEnableByLogin", true);
Found : user_pref("CT2325506.testingCtid", "");
Found : user_pref("CT2325506.toolbarAppMetaDataLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200");
Found : user_pref("CT2325506.toolbarContextMenuLastCheckTime", "Sat Jan 14 2012 13:57:17 GMT+0100");
Found : user_pref("CT2325506.usagesFlag", 2);
Found : user_pref("CT2529008..clientLogIsEnabled", false);
Found : user_pref("CT2529008..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2529008..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2529008.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2529008.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2529008.BrowserCompStateIsOpen_129466649857206449", true);
Found : user_pref("CT2529008.BrowserCompStateIsOpen_129466655526582105", true);
Found : user_pref("CT2529008.BrowserCompStateIsOpen_129795774021372572", true);
Found : user_pref("CT2529008.BrowserCompStateIsOpen_129851688744881277", true);
Found : user_pref("CT2529008.CTID", "CT2529008");
Found : user_pref("CT2529008.CurrentServerDate", "30-7-2012");
Found : user_pref("CT2529008.DSInstall", true);
Found : user_pref("CT2529008.DialogsAlignMode", "LTR");
Found : user_pref("CT2529008.DialogsGetterLastCheckTime", "Sun Jul 29 2012 22:13:51 GMT+0200");
Found : user_pref("CT2529008.DownloadReferralCookieData", "");
Found : user_pref("CT2529008.EMailNotifierPollDate", "Tue Apr 24 2012 11:45:59 GMT+0200");
Found : user_pref("CT2529008.FirstServerDate", "24-4-2012");
Found : user_pref("CT2529008.FirstTime", true);
Found : user_pref("CT2529008.FirstTimeFF3", true);
Found : user_pref("CT2529008.FixPageNotFoundErrors", true);
Found : user_pref("CT2529008.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2529008.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2529008.HPInstall", true);
Found : user_pref("CT2529008.HasUserGlobalKeys", true);
Found : user_pref("CT2529008.HomePageProtectorEnabled", true);
Found : user_pref("CT2529008.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2529008&SearchSource=[...]
Found : user_pref("CT2529008.Initialize", true);
Found : user_pref("CT2529008.InitializeCommonPrefs", true);
Found : user_pref("CT2529008.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2529008.InstallationId", "drivergenius11professional_de_ppc_content_ct2529008");
Found : user_pref("CT2529008.InstallationType", "ConduitNSISIntegration");
Found : user_pref("CT2529008.InstalledDate", "Tue Apr 24 2012 11:11:26 GMT+0200");
Found : user_pref("CT2529008.InvalidateCache", false);
Found : user_pref("CT2529008.IsAlertDBUpdated", true);
Found : user_pref("CT2529008.IsGrouping", false);
Found : user_pref("CT2529008.IsInitSetupIni", true);
Found : user_pref("CT2529008.IsMulticommunity", false);
Found : user_pref("CT2529008.IsOpenThankYouPage", false);
Found : user_pref("CT2529008.IsOpenUninstallPage", true);
Found : user_pref("CT2529008.IsProtectorsInit", true);
Found : user_pref("CT2529008.LanguagePackLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200");
Found : user_pref("CT2529008.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2529008.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2529008.LastLogin_3.12.0.8", "Wed Apr 25 2012 20:19:54 GMT+0200");
Found : user_pref("CT2529008.LastLogin_3.12.2.3", "Tue May 29 2012 19:30:42 GMT+0200");
Found : user_pref("CT2529008.LastLogin_3.13.0.6", "Tue Jul 17 2012 10:29:11 GMT+0200");
Found : user_pref("CT2529008.LastLogin_3.14.1.0", "Mon Jul 30 2012 13:35:46 GMT+0200");
Found : user_pref("CT2529008.LatestVersion", "3.14.1.0");
Found : user_pref("CT2529008.Locale", "de");
Found : user_pref("CT2529008.MCDetectTooltipHeight", "83");
Found : user_pref("CT2529008.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2529008.MCDetectTooltipWidth", "295");
Found : user_pref("CT2529008.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2529008.OriginalFirstVersion", "3.12.0.8");
Found : user_pref("CT2529008.RadioIsPodcast", false);
Found : user_pref("CT2529008.RadioLastCheckTime", "Tue Apr 24 2012 11:11:31 GMT+0200");
Found : user_pref("CT2529008.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2529008.RadioLastUpdateServer", "129217682650600000");
Found : user_pref("CT2529008.RadioMediaID", "20661013");
Found : user_pref("CT2529008.RadioMediaType", "Media Player");
Found : user_pref("CT2529008.RadioMenuSelectedID", "EBRadioMenu_CT252900820661013");
Found : user_pref("CT2529008.RadioShrinkedFromSetup", false);
Found : user_pref("CT2529008.RadioStationName", "Einslive");
Found : user_pref("CT2529008.RadioStationURL", "hxxp://www.wdr.de/wdrlive/media/einslive-wm32.asx");
Found : user_pref("CT2529008.SavedHomepage", "hxxp://search.speedbit.com/?aff=svd_0");
Found : user_pref("CT2529008.SearchCaption", "Avanquest App'-Anwendungsleiste Customized Web Search");
Found : user_pref("CT2529008.SearchEngineBeforeUnload", "Avanquest App'-Anwendungsleiste Customized Web Sear[...]
Found : user_pref("CT2529008.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2529008.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT252[...]
Found : user_pref("CT2529008.SearchInNewTabEnabled", true);
Found : user_pref("CT2529008.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2529008.SearchInNewTabLastCheckTime", "Mon Jul 30 2012 13:25:38 GMT+0200");
Found : user_pref("CT2529008.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2529008.SearchProtectorEnabled", true);
Found : user_pref("CT2529008.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2529008.SendProtectorDataViaLogin", true);
Found : user_pref("CT2529008.ServiceMapLastCheckTime", "Mon Jul 30 2012 13:25:39 GMT+0200");
Found : user_pref("CT2529008.SettingsLastCheckTime", "Mon Jul 30 2012 13:42:07 GMT+0200");
Found : user_pref("CT2529008.SettingsLastUpdate", "1343051001");
Found : user_pref("CT2529008.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2529008&SearchSource=13");
Found : user_pref("CT2529008.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2529008.ThirdPartyComponentsLastCheck", "Tue Apr 24 2012 11:11:23 GMT+0200");
Found : user_pref("CT2529008.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2529008.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2529008.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2529008");
Found : user_pref("CT2529008.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2529008.UserID", "UN22645025072808023");
Found : user_pref("CT2529008.WeatherNetwork", "");
Found : user_pref("CT2529008.WeatherPollDate", "Tue Apr 24 2012 11:46:00 GMT+0200");
Found : user_pref("CT2529008.WeatherUnit", "C");
Found : user_pref("CT2529008.alertChannelId", "922015");
Found : user_pref("CT2529008.autoDisableScopes", -1);
Found : user_pref("CT2529008.backendstorage.cbcountry_000", "4154");
Found : user_pref("CT2529008.backendstorage.cbfirsttime", "5475652041707220323420323031322031313A31313A34332[...]
Found : user_pref("CT2529008.backendstorage.shoppingapp.gk.exipres", "53756E2041707220323920323031322031313A[...]
Found : user_pref("CT2529008.backendstorage.shoppingapp.gk.geolocation", "61757374726961");
Found : user_pref("CT2529008.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365");
Found : user_pref("CT2529008.backendstorage.url_history0001", "687474703A2F2F7777772E677265656479746F7272656[...]
Found : user_pref("CT2529008.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2529008.globalFirstTimeInfoLastCheckTime", "Tue Apr 24 2012 11:11:25 GMT+0200");
Found : user_pref("CT2529008.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2529008.initDone", true);
Found : user_pref("CT2529008.isAppTrackingManagerOn", true);
Found : user_pref("CT2529008.isFirstRadioInstallation", false);
Found : user_pref("CT2529008.myStuffEnabled", true);
Found : user_pref("CT2529008.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2529008.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2529008.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2529008.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2529008.navigateToUrlOnSearch", false);
Found : user_pref("CT2529008.revertSettingsEnabled", true);
Found : user_pref("CT2529008.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2529008.searchProtectorEnableByLogin", true);
Found : user_pref("CT2529008.testingCtid", "");
Found : user_pref("CT2529008.toolbarAppMetaDataLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200");
Found : user_pref("CT2529008.toolbarContextMenuLastCheckTime", "Tue Apr 24 2012 11:11:31 GMT+0200");
Found : user_pref("CT2529008.usagesFlag", 2);
Found : user_pref("CT3227975..clientLogIsEnabled", false);
Found : user_pref("CT3227975..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3227975..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3227975.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3227975.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3227975.BrowserCompStateIsOpen_129837869372071867", true);
Found : user_pref("CT3227975.BrowserCompStateIsOpen_8835725162801969040", true);
Found : user_pref("CT3227975.CTID", "CT3227975");
Found : user_pref("CT3227975.CurrentServerDate", "30-7-2012");
Found : user_pref("CT3227975.DSInstall", true);
Found : user_pref("CT3227975.DialogsAlignMode", "LTR");
Found : user_pref("CT3227975.DialogsGetterLastCheckTime", "Sun Jul 29 2012 22:13:51 GMT+0200");
Found : user_pref("CT3227975.DownloadReferralCookieData", "");
Found : user_pref("CT3227975.FirstServerDate", "13-7-2012");
Found : user_pref("CT3227975.FirstTime", true);
Found : user_pref("CT3227975.FirstTimeFF3", true);
Found : user_pref("CT3227975.FirstTimeHiddenVer", true);
Found : user_pref("CT3227975.FixPageNotFoundErrors", true);
Found : user_pref("CT3227975.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3227975.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3227975.HPInstall", true);
Found : user_pref("CT3227975.HasUserGlobalKeys", true);
Found : user_pref("CT3227975.HomePageProtectorEnabled", true);
Found : user_pref("CT3227975.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=[...]
Found : user_pref("CT3227975.Initialize", true);
Found : user_pref("CT3227975.InitializeCommonPrefs", true);
Found : user_pref("CT3227975.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3227975.InstallationId", "installbrain");
Found : user_pref("CT3227975.InstallationType", "ConduitNSISIntegration");
Found : user_pref("CT3227975.InstalledDate", "Fri Jul 13 2012 22:32:47 GMT+0200");
Found : user_pref("CT3227975.InvalidateCache", false);
Found : user_pref("CT3227975.IsGrouping", false);
Found : user_pref("CT3227975.IsInitSetupIni", true);
Found : user_pref("CT3227975.IsMulticommunity", false);
Found : user_pref("CT3227975.IsOpenThankYouPage", false);
Found : user_pref("CT3227975.IsOpenUninstallPage", true);
Found : user_pref("CT3227975.IsProtectorsInit", true);
Found : user_pref("CT3227975.LanguagePackLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200");
Found : user_pref("CT3227975.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3227975.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3227975.LastLogin_3.14.1.0", "Mon Jul 30 2012 13:35:46 GMT+0200");
Found : user_pref("CT3227975.LatestVersion", "3.14.1.0");
Found : user_pref("CT3227975.Locale", "en");
Found : user_pref("CT3227975.MCDetectTooltipHeight", "83");
Found : user_pref("CT3227975.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3227975.MCDetectTooltipWidth", "295");
Found : user_pref("CT3227975.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3227975.OriginalFirstVersion", "3.14.1.0");
Found : user_pref("CT3227975.RadioIsPodcast", false);
Found : user_pref("CT3227975.RadioLastCheckTime", "Fri Jul 13 2012 22:32:50 GMT+0200");
Found : user_pref("CT3227975.RadioLastUpdateIPServer", "3");
Found : user_pref("CT3227975.RadioLastUpdateServer", "3");
Found : user_pref("CT3227975.RadioMediaID", "9962");
Found : user_pref("CT3227975.RadioMediaType", "Media Player");
Found : user_pref("CT3227975.RadioMenuSelectedID", "EBRadioMenu_CT32279759962");
Found : user_pref("CT3227975.RadioShrinkedFromSetup", false);
Found : user_pref("CT3227975.RadioStationName", "California%20Rock");
Found : user_pref("CT3227975.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT3227975.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13");
Found : user_pref("CT3227975.SearchCaption", "appbario2 Customized Web Search");
Found : user_pref("CT3227975.SearchEngineBeforeUnload", "appbario2 Customized Web Search");
Found : user_pref("CT3227975.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3227975.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Found : user_pref("CT3227975.SearchInNewTabEnabled", true);
Found : user_pref("CT3227975.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3227975.SearchInNewTabLastCheckTime", "Mon Jul 30 2012 13:25:39 GMT+0200");
Found : user_pref("CT3227975.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3227975.SearchProtectorEnabled", true);
Found : user_pref("CT3227975.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3227975.SendProtectorDataViaLogin", true);
Found : user_pref("CT3227975.ServiceMapLastCheckTime", "Mon Jul 30 2012 13:25:39 GMT+0200");
Found : user_pref("CT3227975.SettingsLastCheckTime", "Mon Jul 30 2012 13:42:07 GMT+0200");
Found : user_pref("CT3227975.SettingsLastUpdate", "1343552276");
Found : user_pref("CT3227975.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13");
Found : user_pref("CT3227975.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3227975.ThirdPartyComponentsLastCheck", "Fri Jul 13 2012 22:32:45 GMT+0200");
Found : user_pref("CT3227975.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT3227975.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3227975.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3227975");
Found : user_pref("CT3227975.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3227975.UserID", "UN44926301802381934");
Found : user_pref("CT3227975.alertChannelId", "1663741");
Found : user_pref("CT3227975.autoDisableScopes", -1);
Found : user_pref("CT3227975.backendstorage.bday_installdate", "31332D36");
Found : user_pref("CT3227975.backendstorage.bday_installfromtoolbar", "796573");
Found : user_pref("CT3227975.backendstorage.cbcountry_001", "4154");
Found : user_pref("CT3227975.backendstorage.cbfirsttime", "467269204A756C20313320323031322032323A33333A31332[...]
Found : user_pref("CT3227975.backendstorage.ct3227975ads1", "25374225323261647325323225334125354225374225323[...]
Found : user_pref("CT3227975.backendstorage.ct3227975current_term", "");
Found : user_pref("CT3227975.backendstorage.ct3227975sdate", "3133");
Found : user_pref("CT3227975.backendstorage.shoppingapp.gk.exipres", "576564204A756C20313820323031322032323A[...]
Found : user_pref("CT3227975.backendstorage.shoppingapp.gk.geolocation", "61757374726961");
Found : user_pref("CT3227975.backendstorage.url_history0001", "68747470733A2F2F7777772E66616365626F6F6B2E636[...]
Found : user_pref("CT3227975.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3227975.globalFirstTimeInfoLastCheckTime", "Fri Jul 13 2012 22:32:48 GMT+0200");
Found : user_pref("CT3227975.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3227975.initDone", true);
Found : user_pref("CT3227975.isAppTrackingManagerOn", true);
Found : user_pref("CT3227975.isFirstRadioInstallation", false);
Found : user_pref("CT3227975.myStuffEnabled", true);
Found : user_pref("CT3227975.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3227975.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3227975.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3227975.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3227975.navigateToUrlOnSearch", false);
Found : user_pref("CT3227975.revertSettingsEnabled", true);
Found : user_pref("CT3227975.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3227975.searchProtectorEnableByLogin", true);
Found : user_pref("CT3227975.testingCtid", "");
Found : user_pref("CT3227975.toolbarAppMetaDataLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200");
Found : user_pref("CT3227975.toolbarContextMenuLastCheckTime", "Fri Jul 13 2012 22:32:53 GMT+0200");
Found : user_pref("CT3227975.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2325506&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "www.Freeware-download.com Customized Web Search,Ava[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2325506/CT2325506[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2529008/CT2529008[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3227975/CT3227975[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1663741/1656268/AT", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/721521/717372/AT", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/922015/917806/AT", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2325506", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2529008", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3227975", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2325506",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2529008",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3227975",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Thomas\\AppData\\Roaming\\Mozilla\\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.speedbit.com/search.aspx?a[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2325506,CT2529008,CT3227975");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2325506,CT2529008,CT3227975");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2325506,CT2529008,CT3227975");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Jan 14 2012 13:57:18 GMT+0100");
Found : user_pref("CommunityToolbar.globalUserId", "18e26391-d766-4c5f-aef0-5bdb4dafb70d");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3227975");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 13 2012 22:32:4[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jul 13 2012 23:32:49 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 13 2012 22:32:45 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "bf8b8c4a-ed00-45ac-9848-660f4e420b6e");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.speedbit.com/?aff=svd_0");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Speedbit Search");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=101241");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 30);
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.instlDay", "15362");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastDP", 30);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "14.0");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 82198022);
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101241");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15362");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,{972ce4c6-7e08-4474-a285-3208198ce[...]
Found : user_pref("extensions.facemoods._xpiupdate", true);
Found : user_pref("extensions.facemoods.aflt", "_#wbst");
Found : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Found : user_pref("extensions.facemoods.first_time", false);
Found : user_pref("extensions.facemoods.id", "_#c587a747742e472f942c915f1fb1bbba");
Found : user_pref("extensions.facemoods.instlDay", "_#15286");
Found : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Found : user_pref("extensions.facemoods.sid", "_#c587a747742e472f942c915f1fb1bbba");
Found : user_pref("extensions.facemoods.update", "_#v1.4.0");
Found : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");
Found : user_pref("extensions.funmoods.aflt", "nv1");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.cntry", "AT");
Found : user_pref("extensions.funmoods.cv", "cv5");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "7C92FC1582C118269E524006BF730C44");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...]
Found : user_pref("extensions.funmoods.id", "7A790543D01106D1");
Found : user_pref("extensions.funmoods.instlDay", "15551");
Found : user_pref("extensions.funmoods.instlRef", "nv1");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2210:33:48");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2210:33:48");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2210:33:48");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.speedbit.com/?aff=svd_[...]
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&barid={FE85AB08-8[...]

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT252900[...]
Found : "description": "SweetIm for Facebook",
Found : "name": "SweetIM for Facebook",
Found : "description": "Receive automatic search suggestions while you type into any web sear[...]

File : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "update_url": "hxxp://update.funmoods.com/speeddial/update.xml?bu=st",
Found : "baseUrl":"hxxp://start.funmoods.com/results.php?"
Found : "homepage": "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48",
Found : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48"[...]
Found : "icon_url": "hxxp://search.conduit.com/fav.ico",
Found : "keyword": "search.conduit.com",
Found : "name": "Conduit",
Found : "search_url": "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...]
Found : "suggest_url": "hxxp://search.conduit.com/"
Found : "update_url": "hxxp://update.funmoods.com/speeddial/update.xml?bu=st",
Found : "baseUrl":"hxxp://start.funmoods.com/results.php?"
Found : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...]
Found : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...]
Found : "path": "plugins/ConduitChromeApiPlugin.dll",
Found : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT252900[...]
Found : "description": "SweetIm for Facebook",
Found : "name": "SweetIM for Facebook",
Found : "description": "Receive automatic search suggestions while you type into any web sear[...]
Found : "homepage": "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48",
Found : "path": "C:\\Users\\Thomas\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",
Found : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [70526 octets] - [30/07/2012 20:36:12]

########## EOF - C:\AdwCleaner[R1].txt - [70655 octets] ##########

Geändert von Thomas97 (30.07.2012 um 19:38 Uhr)

Alt 30.07.2012, 20:02   #8
t'john
/// Helfer-Team
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus



  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.07.2012, 21:00   #9
Thomas97
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus



# AdwCleaner v1.703 - Logfile created 07/30/2012 at 21:52:35
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Thomas - TRIPLECORE
# Running from : C:\Users\Thomas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg
Folder Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\Thomas\AppData\Local\Babylon
Folder Deleted : C:\Users\Thomas\AppData\Local\Conduit
Folder Deleted : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg
Folder Deleted : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}
Folder Deleted : C:\Users\Martin\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Martin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Martin\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Martin\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Martin\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Josef\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Josef\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Josef\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Josef\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Josef\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Josef\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Thomas\AppData\LocalLow\Avanquest_App'-Anwendungsleiste
Folder Deleted : C:\Users\Thomas\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Users\Thomas\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Thomas\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Thomas\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Thomas\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Thomas\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Thomas\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Thomas\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\Searchqutoolbar
Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Deleted : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\Searchqutoolbar
Folder Deleted : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Folder Deleted : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Folder Deleted : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\ConduitCommon
Folder Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\Searchqutoolbar
Folder Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Program Files\Avanquest_App'-Anwendungsleiste
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Funmoods
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Windows Searchqu Toolbar
Folder Deleted : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Deleted : C:\Windows\Installer\{5B58EF61-85F2-4977-97A5-84C19F926579}
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
File Deleted : C:\Users\Thomas\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\SearchResults.xml
File Deleted : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2325506[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2529008[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227975
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\bProtector
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Avanquest_App'-Anwendungsleiste
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Canneverbe Limited\OpenCandy
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\facemoods.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ckjhoplcbnkhgnnahfbcdmganjhpcceg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B58EF61-85F2-4977-97A5-84C19F926579}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avanquest App'-Anwendungsleiste Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avanquest_App'-Anwendungsleiste Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Key Deleted : HKLM\SOFTWARE\SearchquMediabarTb
Key Deleted : HKLM\SOFTWARE\SweetIM
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2E449EBA-CCDD-4117-866D-D27ABA3B2490}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2D817A1-029F-4C67-BEEA-AC51C6800B2D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E449EBA-CCDD-4117-866D-D27ABA3B2490}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDyEtA0DtDtCtCtDyC0DtCtN0D0Tzu0CtBtCtCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=346159204 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\wx5llp0c.default\prefs.js

Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=1175&systemid=1&sr=0&q=");

Profile name : default
File : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\5oqry940.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "appbario2 Customized Web Search");
Deleted : user_pref("browser.search.order.1", "appbario2 Customized Web Search");
Deleted : user_pref("browser.search.selectedEngine", "appbario2 Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=2&q=[...]
Deleted : user_pref("somoto.dnscatch", "hxxp://www.bigseekpro.com/search/toolbar/bigseekpro/{69724877-A711-B82[...]
Deleted : user_pref("somoto.homepage", "hxxp://www.bigseekpro.com/bigseekpro/{69724877-A711-B821-0824-4A8AC5EE[...]
Deleted : user_pref("speedbitvideodownloader.bubble_src", "hxxp%3A//www.bigseekpro.com/widget/0f083e05edf0c73b[...]

Profile name : default
File : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\prefs.js

C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7hm8a812.default\user.js ... Deleted !

Deleted : user_pref("CT2325506..clientLogIsEnabled", false);
Deleted : user_pref("CT2325506..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2325506..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2325506.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2325506.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2325506.BrowserCompStateIsOpen_129665092953814947", true);
Deleted : user_pref("CT2325506.BrowserCompStateIsOpen_129665093155197448", true);
Deleted : user_pref("CT2325506.CT2325506", "CT2325506");
Deleted : user_pref("CT2325506.CurrentServerDate", "5-7-2012");
Deleted : user_pref("CT2325506.DSInstall", true);
Deleted : user_pref("CT2325506.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2325506.DialogsGetterLastCheckTime", "Fri Jul 06 2012 21:09:19 GMT+0200");
Deleted : user_pref("CT2325506.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2325506.EMailNotifierPollDate", "Sat Jan 14 2012 14:12:28 GMT+0100");
Deleted : user_pref("CT2325506.FirstServerDate", "14-1-2012");
Deleted : user_pref("CT2325506.FirstTime", true);
Deleted : user_pref("CT2325506.FirstTimeFF3", true);
Deleted : user_pref("CT2325506.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2325506.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2325506.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2325506.HPInstall", true);
Deleted : user_pref("CT2325506.HasUserGlobalKeys", true);
Deleted : user_pref("CT2325506.HomePageProtectorEnabled", true);
Deleted : user_pref("CT2325506.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2325506&SearchSource=[...]
Deleted : user_pref("CT2325506.Initialize", true);
Deleted : user_pref("CT2325506.InitializeCommonPrefs", true);
Deleted : user_pref("CT2325506.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2325506.InstallationType", "DirectDownload");
Deleted : user_pref("CT2325506.InstalledDate", "Sat Jan 14 2012 13:57:17 GMT+0100");
Deleted : user_pref("CT2325506.InvalidateCache", false);
Deleted : user_pref("CT2325506.IsGrouping", false);
Deleted : user_pref("CT2325506.IsInitSetupIni", true);
Deleted : user_pref("CT2325506.IsMulticommunity", false);
Deleted : user_pref("CT2325506.IsOpenThankYouPage", true);
Deleted : user_pref("CT2325506.IsOpenUninstallPage", true);
Deleted : user_pref("CT2325506.IsProtectorsInit", true);
Deleted : user_pref("CT2325506.LanguagePackLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200");
Deleted : user_pref("CT2325506.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2325506.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2325506.LastLogin_3.12.2.3", "Sun May 20 2012 20:35:53 GMT+0200");
Deleted : user_pref("CT2325506.LastLogin_3.13.0.6", "Fri Jul 06 2012 21:09:19 GMT+0200");
Deleted : user_pref("CT2325506.LastLogin_3.9.0.3", "Sat Jan 14 2012 13:57:28 GMT+0100");
Deleted : user_pref("CT2325506.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT2325506.Locale", "de");
Deleted : user_pref("CT2325506.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2325506.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2325506.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2325506.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2325506.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT2325506.RadioIsPodcast", false);
Deleted : user_pref("CT2325506.RadioLastCheckTime", "Sat Jan 14 2012 13:57:17 GMT+0100");
Deleted : user_pref("CT2325506.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2325506.RadioLastUpdateServer", "3");
Deleted : user_pref("CT2325506.RadioMediaID", "9962");
Deleted : user_pref("CT2325506.RadioMediaType", "Media Player");
Deleted : user_pref("CT2325506.RadioMenuSelectedID", "EBRadioMenu_CT23255069962");
Deleted : user_pref("CT2325506.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2325506.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2325506.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2325506.SavedHomepage", "hxxp://search.speedbit.com/?aff=svd_0");
Deleted : user_pref("CT2325506.SearchCaption", "www.Freeware-download.com Customized Web Search");
Deleted : user_pref("CT2325506.SearchEngineBeforeUnload", "www.Freeware-download.com Customized Web Search");
Deleted : user_pref("CT2325506.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2325506.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT232[...]
Deleted : user_pref("CT2325506.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2325506.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2325506.SearchInNewTabLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200");
Deleted : user_pref("CT2325506.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2325506.SearchProtectorEnabled", true);
Deleted : user_pref("CT2325506.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2325506.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2325506.ServiceMapLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200");
Deleted : user_pref("CT2325506.SettingsLastCheckTime", "Fri Jul 06 2012 21:09:19 GMT+0200");
Deleted : user_pref("CT2325506.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT2325506.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2325506&SearchSource=13");
Deleted : user_pref("CT2325506.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2325506.ThirdPartyComponentsLastCheck", "Sat Jan 14 2012 13:57:13 GMT+0100");
Deleted : user_pref("CT2325506.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2325506.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2325506.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2325506");
Deleted : user_pref("CT2325506.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2325506.UserID", "UN89571293570935501");
Deleted : user_pref("CT2325506.WeatherNetwork", "");
Deleted : user_pref("CT2325506.WeatherPollDate", "Sat Jan 14 2012 13:57:28 GMT+0100");
Deleted : user_pref("CT2325506.WeatherUnit", "C");
Deleted : user_pref("CT2325506.alertChannelId", "721521");
Deleted : user_pref("CT2325506.backendstorage.appbuttondisablenull", "30");
Deleted : user_pref("CT2325506.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Deleted : user_pref("CT2325506.components.1000234", true);
Deleted : user_pref("CT2325506.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2325506.globalFirstTimeInfoLastCheckTime", "Sat Jan 14 2012 13:57:14 GMT+0100");
Deleted : user_pref("CT2325506.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2325506.initDone", true);
Deleted : user_pref("CT2325506.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2325506.isFirstRadioInstallation", false);
Deleted : user_pref("CT2325506.myStuffEnabled", true);
Deleted : user_pref("CT2325506.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2325506.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2325506.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2325506.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2325506.revertSettingsEnabled", true);
Deleted : user_pref("CT2325506.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2325506.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2325506.testingCtid", "");
Deleted : user_pref("CT2325506.toolbarAppMetaDataLastCheckTime", "Fri Jul 06 2012 23:03:32 GMT+0200");
Deleted : user_pref("CT2325506.toolbarContextMenuLastCheckTime", "Sat Jan 14 2012 13:57:17 GMT+0100");
Deleted : user_pref("CT2325506.usagesFlag", 2);
Deleted : user_pref("CT2529008..clientLogIsEnabled", false);
Deleted : user_pref("CT2529008..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2529008..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2529008.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2529008.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2529008.BrowserCompStateIsOpen_129466649857206449", true);
Deleted : user_pref("CT2529008.BrowserCompStateIsOpen_129466655526582105", true);
Deleted : user_pref("CT2529008.BrowserCompStateIsOpen_129795774021372572", true);
Deleted : user_pref("CT2529008.BrowserCompStateIsOpen_129851688744881277", true);
Deleted : user_pref("CT2529008.CTID", "CT2529008");
Deleted : user_pref("CT2529008.CurrentServerDate", "30-7-2012");
Deleted : user_pref("CT2529008.DSInstall", true);
Deleted : user_pref("CT2529008.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2529008.DialogsGetterLastCheckTime", "Sun Jul 29 2012 22:13:51 GMT+0200");
Deleted : user_pref("CT2529008.DownloadReferralCookieData", "");
Deleted : user_pref("CT2529008.EMailNotifierPollDate", "Tue Apr 24 2012 11:45:59 GMT+0200");
Deleted : user_pref("CT2529008.FirstServerDate", "24-4-2012");
Deleted : user_pref("CT2529008.FirstTime", true);
Deleted : user_pref("CT2529008.FirstTimeFF3", true);
Deleted : user_pref("CT2529008.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2529008.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2529008.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2529008.HPInstall", true);
Deleted : user_pref("CT2529008.HasUserGlobalKeys", true);
Deleted : user_pref("CT2529008.HomePageProtectorEnabled", true);
Deleted : user_pref("CT2529008.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2529008&SearchSource=[...]
Deleted : user_pref("CT2529008.Initialize", true);
Deleted : user_pref("CT2529008.InitializeCommonPrefs", true);
Deleted : user_pref("CT2529008.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2529008.InstallationId", "drivergenius11professional_de_ppc_content_ct2529008");
Deleted : user_pref("CT2529008.InstallationType", "ConduitNSISIntegration");
Deleted : user_pref("CT2529008.InstalledDate", "Tue Apr 24 2012 11:11:26 GMT+0200");
Deleted : user_pref("CT2529008.InvalidateCache", false);
Deleted : user_pref("CT2529008.IsAlertDBUpdated", true);
Deleted : user_pref("CT2529008.IsGrouping", false);
Deleted : user_pref("CT2529008.IsInitSetupIni", true);
Deleted : user_pref("CT2529008.IsMulticommunity", false);
Deleted : user_pref("CT2529008.IsOpenThankYouPage", false);
Deleted : user_pref("CT2529008.IsOpenUninstallPage", true);
Deleted : user_pref("CT2529008.IsProtectorsInit", true);
Deleted : user_pref("CT2529008.LanguagePackLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200");
Deleted : user_pref("CT2529008.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2529008.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2529008.LastLogin_3.12.0.8", "Wed Apr 25 2012 20:19:54 GMT+0200");
Deleted : user_pref("CT2529008.LastLogin_3.12.2.3", "Tue May 29 2012 19:30:42 GMT+0200");
Deleted : user_pref("CT2529008.LastLogin_3.13.0.6", "Tue Jul 17 2012 10:29:11 GMT+0200");
Deleted : user_pref("CT2529008.LastLogin_3.14.1.0", "Mon Jul 30 2012 13:35:46 GMT+0200");
Deleted : user_pref("CT2529008.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2529008.Locale", "de");
Deleted : user_pref("CT2529008.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2529008.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2529008.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2529008.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2529008.OriginalFirstVersion", "3.12.0.8");
Deleted : user_pref("CT2529008.RadioIsPodcast", false);
Deleted : user_pref("CT2529008.RadioLastCheckTime", "Tue Apr 24 2012 11:11:31 GMT+0200");
Deleted : user_pref("CT2529008.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2529008.RadioLastUpdateServer", "129217682650600000");
Deleted : user_pref("CT2529008.RadioMediaID", "20661013");
Deleted : user_pref("CT2529008.RadioMediaType", "Media Player");
Deleted : user_pref("CT2529008.RadioMenuSelectedID", "EBRadioMenu_CT252900820661013");
Deleted : user_pref("CT2529008.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2529008.RadioStationName", "Einslive");
Deleted : user_pref("CT2529008.RadioStationURL", "hxxp://www.wdr.de/wdrlive/media/einslive-wm32.asx");
Deleted : user_pref("CT2529008.SavedHomepage", "hxxp://search.speedbit.com/?aff=svd_0");
Deleted : user_pref("CT2529008.SearchCaption", "Avanquest App'-Anwendungsleiste Customized Web Search");
Deleted : user_pref("CT2529008.SearchEngineBeforeUnload", "Avanquest App'-Anwendungsleiste Customized Web Sear[...]
Deleted : user_pref("CT2529008.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2529008.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT252[...]
Deleted : user_pref("CT2529008.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2529008.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2529008.SearchInNewTabLastCheckTime", "Mon Jul 30 2012 13:25:38 GMT+0200");
Deleted : user_pref("CT2529008.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2529008.SearchProtectorEnabled", true);
Deleted : user_pref("CT2529008.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2529008.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2529008.ServiceMapLastCheckTime", "Mon Jul 30 2012 13:25:39 GMT+0200");
Deleted : user_pref("CT2529008.SettingsLastCheckTime", "Mon Jul 30 2012 13:42:07 GMT+0200");
Deleted : user_pref("CT2529008.SettingsLastUpdate", "1343051001");
Deleted : user_pref("CT2529008.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2529008&SearchSource=13");
Deleted : user_pref("CT2529008.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2529008.ThirdPartyComponentsLastCheck", "Tue Apr 24 2012 11:11:23 GMT+0200");
Deleted : user_pref("CT2529008.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2529008.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2529008.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2529008");
Deleted : user_pref("CT2529008.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2529008.UserID", "UN22645025072808023");
Deleted : user_pref("CT2529008.WeatherNetwork", "");
Deleted : user_pref("CT2529008.WeatherPollDate", "Tue Apr 24 2012 11:46:00 GMT+0200");
Deleted : user_pref("CT2529008.WeatherUnit", "C");
Deleted : user_pref("CT2529008.alertChannelId", "922015");
Deleted : user_pref("CT2529008.autoDisableScopes", -1);
Deleted : user_pref("CT2529008.backendstorage.cbcountry_000", "4154");
Deleted : user_pref("CT2529008.backendstorage.cbfirsttime", "5475652041707220323420323031322031313A31313A34332[...]
Deleted : user_pref("CT2529008.backendstorage.shoppingapp.gk.exipres", "53756E2041707220323920323031322031313A[...]
Deleted : user_pref("CT2529008.backendstorage.shoppingapp.gk.geolocation", "61757374726961");
Deleted : user_pref("CT2529008.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365");
Deleted : user_pref("CT2529008.backendstorage.url_history0001", "687474703A2F2F7777772E677265656479746F7272656[...]
Deleted : user_pref("CT2529008.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2529008.globalFirstTimeInfoLastCheckTime", "Tue Apr 24 2012 11:11:25 GMT+0200");
Deleted : user_pref("CT2529008.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2529008.initDone", true);
Deleted : user_pref("CT2529008.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2529008.isFirstRadioInstallation", false);
Deleted : user_pref("CT2529008.myStuffEnabled", true);
Deleted : user_pref("CT2529008.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2529008.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2529008.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2529008.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2529008.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2529008.revertSettingsEnabled", true);
Deleted : user_pref("CT2529008.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2529008.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2529008.testingCtid", "");
Deleted : user_pref("CT2529008.toolbarAppMetaDataLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200");
Deleted : user_pref("CT2529008.toolbarContextMenuLastCheckTime", "Tue Apr 24 2012 11:11:31 GMT+0200");
Deleted : user_pref("CT2529008.usagesFlag", 2);
Deleted : user_pref("CT3227975..clientLogIsEnabled", false);
Deleted : user_pref("CT3227975..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3227975..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3227975.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3227975.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3227975.BrowserCompStateIsOpen_129837869372071867", true);
Deleted : user_pref("CT3227975.BrowserCompStateIsOpen_8835725162801969040", true);
Deleted : user_pref("CT3227975.CTID", "CT3227975");
Deleted : user_pref("CT3227975.CurrentServerDate", "30-7-2012");
Deleted : user_pref("CT3227975.DSInstall", true);
Deleted : user_pref("CT3227975.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3227975.DialogsGetterLastCheckTime", "Sun Jul 29 2012 22:13:51 GMT+0200");
Deleted : user_pref("CT3227975.DownloadReferralCookieData", "");
Deleted : user_pref("CT3227975.FirstServerDate", "13-7-2012");
Deleted : user_pref("CT3227975.FirstTime", true);
Deleted : user_pref("CT3227975.FirstTimeFF3", true);
Deleted : user_pref("CT3227975.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3227975.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3227975.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3227975.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3227975.HPInstall", true);
Deleted : user_pref("CT3227975.HasUserGlobalKeys", true);
Deleted : user_pref("CT3227975.HomePageProtectorEnabled", true);
Deleted : user_pref("CT3227975.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=[...]
Deleted : user_pref("CT3227975.Initialize", true);
Deleted : user_pref("CT3227975.InitializeCommonPrefs", true);
Deleted : user_pref("CT3227975.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3227975.InstallationId", "installbrain");
Deleted : user_pref("CT3227975.InstallationType", "ConduitNSISIntegration");
Deleted : user_pref("CT3227975.InstalledDate", "Fri Jul 13 2012 22:32:47 GMT+0200");
Deleted : user_pref("CT3227975.InvalidateCache", false);
Deleted : user_pref("CT3227975.IsGrouping", false);
Deleted : user_pref("CT3227975.IsInitSetupIni", true);
Deleted : user_pref("CT3227975.IsMulticommunity", false);
Deleted : user_pref("CT3227975.IsOpenThankYouPage", false);
Deleted : user_pref("CT3227975.IsOpenUninstallPage", true);
Deleted : user_pref("CT3227975.IsProtectorsInit", true);
Deleted : user_pref("CT3227975.LanguagePackLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200");
Deleted : user_pref("CT3227975.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3227975.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3227975.LastLogin_3.14.1.0", "Mon Jul 30 2012 13:35:46 GMT+0200");
Deleted : user_pref("CT3227975.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3227975.Locale", "en");
Deleted : user_pref("CT3227975.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3227975.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3227975.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3227975.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3227975.OriginalFirstVersion", "3.14.1.0");
Deleted : user_pref("CT3227975.RadioIsPodcast", false);
Deleted : user_pref("CT3227975.RadioLastCheckTime", "Fri Jul 13 2012 22:32:50 GMT+0200");
Deleted : user_pref("CT3227975.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3227975.RadioLastUpdateServer", "3");
Deleted : user_pref("CT3227975.RadioMediaID", "9962");
Deleted : user_pref("CT3227975.RadioMediaType", "Media Player");
Deleted : user_pref("CT3227975.RadioMenuSelectedID", "EBRadioMenu_CT32279759962");
Deleted : user_pref("CT3227975.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3227975.RadioStationName", "California%20Rock");
Deleted : user_pref("CT3227975.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT3227975.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13");
Deleted : user_pref("CT3227975.SearchCaption", "appbario2 Customized Web Search");
Deleted : user_pref("CT3227975.SearchEngineBeforeUnload", "appbario2 Customized Web Search");
Deleted : user_pref("CT3227975.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3227975.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Deleted : user_pref("CT3227975.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3227975.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3227975.SearchInNewTabLastCheckTime", "Mon Jul 30 2012 13:25:39 GMT+0200");
Deleted : user_pref("CT3227975.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3227975.SearchProtectorEnabled", true);
Deleted : user_pref("CT3227975.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3227975.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3227975.ServiceMapLastCheckTime", "Mon Jul 30 2012 13:25:39 GMT+0200");
Deleted : user_pref("CT3227975.SettingsLastCheckTime", "Mon Jul 30 2012 13:42:07 GMT+0200");
Deleted : user_pref("CT3227975.SettingsLastUpdate", "1343552276");
Deleted : user_pref("CT3227975.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=13");
Deleted : user_pref("CT3227975.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3227975.ThirdPartyComponentsLastCheck", "Fri Jul 13 2012 22:32:45 GMT+0200");
Deleted : user_pref("CT3227975.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3227975.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3227975.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3227975");
Deleted : user_pref("CT3227975.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3227975.UserID", "UN44926301802381934");
Deleted : user_pref("CT3227975.alertChannelId", "1663741");
Deleted : user_pref("CT3227975.autoDisableScopes", -1);
Deleted : user_pref("CT3227975.backendstorage.bday_installdate", "31332D36");
Deleted : user_pref("CT3227975.backendstorage.bday_installfromtoolbar", "796573");
Deleted : user_pref("CT3227975.backendstorage.cbcountry_001", "4154");
Deleted : user_pref("CT3227975.backendstorage.cbfirsttime", "467269204A756C20313320323031322032323A33333A31332[...]
Deleted : user_pref("CT3227975.backendstorage.ct3227975ads1", "25374225323261647325323225334125354225374225323[...]
Deleted : user_pref("CT3227975.backendstorage.ct3227975current_term", "");
Deleted : user_pref("CT3227975.backendstorage.ct3227975sdate", "3133");
Deleted : user_pref("CT3227975.backendstorage.shoppingapp.gk.exipres", "576564204A756C20313820323031322032323A[...]
Deleted : user_pref("CT3227975.backendstorage.shoppingapp.gk.geolocation", "61757374726961");
Deleted : user_pref("CT3227975.backendstorage.url_history0001", "68747470733A2F2F7777772E66616365626F6F6B2E636[...]
Deleted : user_pref("CT3227975.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3227975.globalFirstTimeInfoLastCheckTime", "Fri Jul 13 2012 22:32:48 GMT+0200");
Deleted : user_pref("CT3227975.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3227975.initDone", true);
Deleted : user_pref("CT3227975.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3227975.isFirstRadioInstallation", false);
Deleted : user_pref("CT3227975.myStuffEnabled", true);
Deleted : user_pref("CT3227975.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3227975.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3227975.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3227975.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3227975.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3227975.revertSettingsEnabled", true);
Deleted : user_pref("CT3227975.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3227975.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3227975.testingCtid", "");
Deleted : user_pref("CT3227975.toolbarAppMetaDataLastCheckTime", "Mon Jul 30 2012 13:25:43 GMT+0200");
Deleted : user_pref("CT3227975.toolbarContextMenuLastCheckTime", "Fri Jul 13 2012 22:32:53 GMT+0200");
Deleted : user_pref("CT3227975.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2325506&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "www.Freeware-download.com Customized Web Search,Ava[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2325506/CT2325506[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2529008/CT2529008[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3227975/CT3227975[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1663741/1656268/AT", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/721521/717372/AT", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/922015/917806/AT", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2325506", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2529008", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3227975", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2325506",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2529008",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3227975",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Thomas\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.speedbit.com/search.aspx?a[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2325506,CT2529008,CT3227975");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2325506,CT2529008,CT3227975");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2325506,CT2529008,CT3227975");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Jan 14 2012 13:57:18 GMT+0100");
Deleted : user_pref("CommunityToolbar.globalUserId", "18e26391-d766-4c5f-aef0-5bdb4dafb70d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3227975");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 13 2012 22:32:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jul 13 2012 23:32:49 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 13 2012 22:32:45 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "bf8b8c4a-ed00-45ac-9848-660f4e420b6e");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.speedbit.com/?aff=svd_0");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Speedbit Search");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=101241");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 30);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15362");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 30);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "14.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 82198022);
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101241");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15362");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,{972ce4c6-7e08-4474-a285-3208198ce[...]
Deleted : user_pref("extensions.facemoods._xpiupdate", true);
Deleted : user_pref("extensions.facemoods.aflt", "_#wbst");
Deleted : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Deleted : user_pref("extensions.facemoods.first_time", false);
Deleted : user_pref("extensions.facemoods.id", "_#c587a747742e472f942c915f1fb1bbba");
Deleted : user_pref("extensions.facemoods.instlDay", "_#15286");
Deleted : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Deleted : user_pref("extensions.facemoods.sid", "_#c587a747742e472f942c915f1fb1bbba");
Deleted : user_pref("extensions.facemoods.update", "_#v1.4.0");
Deleted : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");
Deleted : user_pref("extensions.funmoods.aflt", "nv1");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "AT");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "7C92FC1582C118269E524006BF730C44");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.id", "7A790543D01106D1");
Deleted : user_pref("extensions.funmoods.instlDay", "15551");
Deleted : user_pref("extensions.funmoods.instlRef", "nv1");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2210:33:48");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2210:33:48");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2210:33:48");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.speedbit.com/?aff=svd_[...]
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&barid={FE85AB08-8[...]

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT252900[...]
Deleted : "description": "SweetIm for Facebook",
Deleted : "name": "SweetIM for Facebook",
Deleted : "description": "Receive automatic search suggestions while you type into any web sear[...]

File : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "update_url": "hxxp://update.funmoods.com/speeddial/update.xml?bu=st",
Deleted : "baseUrl":"hxxp://start.funmoods.com/results.php?"
Deleted : "homepage": "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48",
Deleted : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48"[...]
Deleted : "icon_url": "hxxp://search.conduit.com/fav.ico",
Deleted : "keyword": "search.conduit.com",
Deleted : "name": "Conduit",
Deleted : "search_url": "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...]
Deleted : "suggest_url": "hxxp://search.conduit.com/"
Deleted : "update_url": "hxxp://update.funmoods.com/speeddial/update.xml?bu=st",
Deleted : "baseUrl":"hxxp://start.funmoods.com/results.php?"
Deleted : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...]
Deleted : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...]
Deleted : "path": "plugins/ConduitChromeApiPlugin.dll",
Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT252900[...]
Deleted : "description": "SweetIm for Facebook",
Deleted : "name": "SweetIM for Facebook",
Deleted : "description": "Receive automatic search suggestions while you type into any web sear[...]
Deleted : "homepage": "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48",
Deleted : "path": "C:\\Users\\Thomas\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",
Deleted : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3227975&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [70657 octets] - [30/07/2012 20:36:12]
AdwCleaner[S1].txt - [69582 octets] - [30/07/2012 21:52:35]

########## EOF - C:\AdwCleaner[S1].txt - [69711 octets] ##########

Alt 30.07.2012, 21:18   #10
t'john
/// Helfer-Team
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus



Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.07.2012, 21:25   #11
Thomas97
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus



Die Funde hab ich schon gelöscht aber erst nach dem ich den log gepostet hab machs aber nochmal

Alt 30.07.2012, 22:41   #12
t'john
/// Helfer-Team
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus



Gut melde dich mit einem neuen Log.
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 00:38   #13
Thomas97
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.30.10

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Thomas :: TRIPLECORE [Administrator]

30.07.2012 22:24:31
mbam-log-2012-07-30 (22-24-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 580879
Laufzeit: 3 Stunde(n), 13 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 31.07.2012, 08:50   #14
t'john
/// Helfer-Team
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus



Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 10:57   #15
Thomas97
 
bProtector for Windows Virus - Standard

bProtector for Windows Virus



Hm ich habs mir jetzt 5 mal Gedownloadet immer von verschiedenen Seiten,
aber wenn ich installiere dan wähle ich die Sprache aus und auf einmal steht für den Betrieb auf Windows Vista oder Windows Server 2008 ist das Service Pack 2 erforderlich. Kann es aber nirgens finden.

Antwort

Themen zu bProtector for Windows Virus
anti, anti maleware, bedingt, beenden, benötige, beste, compu, deinstalliere, deinstallieren, dringend, erkenne, erkennen, fallout, inhalt, kopiert, löschen, malewarebytes, musik, neu, nichts, ordner, prozess, unbedingt, virus, windows, zugriff



Ähnliche Themen: bProtector for Windows Virus


  1. Windows 7: Habe Virus TR/BProtector.Gen auf meinem Laptop
    Log-Analyse und Auswertung - 11.07.2014 (7)
  2. TR/BProtector.Gen auf Windows 7
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (21)
  3. TR/BProtector.Gen mehrfach auf Windows /
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (7)
  4. Windows 7 TR/BProtector.Gen
    Log-Analyse und Auswertung - 02.04.2014 (9)
  5. Windows 7: TR/BProtector.Gen
    Log-Analyse und Auswertung - 30.03.2014 (5)
  6. Virus erkannt TR/BProtector.Gen und ADWARE/InstallBrain.F
    Plagegeister aller Art und deren Bekämpfung - 03.02.2014 (7)
  7. Win7 x64 | Bitguard-Trojaner? - BProtector.F , BProtector.E , BHO.Bprotector.1.4
    Log-Analyse und Auswertung - 15.12.2013 (11)
  8. Windows 7 - ADWARE/BPROTECTOR.E
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (7)
  9. Windows 7, 64 bit: Virus oder unerwünschtes Programm ADWARE/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 04.12.2013 (3)
  10. Virus: Adware.BHO.Bprotector.1.2
    Plagegeister aller Art und deren Bekämpfung - 13.09.2013 (1)
  11. Virus: Gen:Variant.Adware.BHO.Bprotector.1
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (15)
  12. bProtector for Windows
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (11)
  13. bProtector for Windows
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (13)
  14. Habe " bprotector for windows " als Programm auf meinem Rechner gefunden - ist das ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (19)
  15. bProtector for windows in C:\ProgrammData\
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (5)
  16. bProtector for Windows und Searchplugins
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (4)
  17. (2x) bProtector for Windows Virus
    Mülltonne - 28.07.2012 (1)

Zum Thema bProtector for Windows Virus - Hallo bin neu hier und benötige unbedingt eure Hilfe. Mir ist ein Prozess aufgefallen "bProtect.exe" dessen Dateipfad (Computer/ TrippleCore (C: )/ ProgramData/ bProtector for Windows/ 2.2.463.83) Aber am meisten auffallend - bProtector for Windows Virus...
Archiv
Du betrachtest: bProtector for Windows Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.